The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.
On Windows, a request to the hosts file takes precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.
Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?
They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown an advertisement, and at worst, a fake page of a popular resource will be opened (social network, email service window, online banking service, etc.), asking him to enter data from his account.
Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.
Where is the hosts file located?
The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.
The path to the hosts file will be like this:
C:\Windows\System32\drivers\etc\hosts
You can manually go through this path, or immediately open the folder with the host file using a special command.
To quickly access a file, press the “Windows” + “R” key combination on your keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:
%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc
This file has no extension, but can be opened and edited in any text editor.
Standard contents of the hosts file
In the Windows operating system, the "hosts" file has the following standard contents:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
This file is similar in content to the operating systems Windows 7, Windows 8, Windows 10.
All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.
It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.
These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.
You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.
What to pay attention to
If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malicious programs.
Pay special attention to the contents of the file, which are located after these lines:
# 127.0.0.1 localhost # ::1 localhost
Additional entries can be inserted into the host file, which are added here by some programs.
For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility would cut off unwanted software.
There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype, or block access to a site.
If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.
Why do they change the hosts file?
The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.
Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.
To block a site (for example, the VKontakte site), lines of this type are entered:
127.0.0.1 vk.com
For some sites, two versions of the site name may be entered with “www” or without this abbreviation.
You yourself can block unwanted sites on your computer by adding a similar entry to the host file:
127.0.0.1 site_name
In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).
As a result, after entering the site name, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.
When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.
To redirect to another site, entries of the following type are added to the host file:
157.15.215.69 site_name
First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.
The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.
As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake social network page that is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.
How to edit the hosts file
You can change the contents of the host file yourself by editing it using a text editor. One of the easiest ways to be able to change a file is to open the hosts file in Notepad, opening the program as administrator.
To do this, create a shortcut for the Notepad utility on the Desktop, or launch the application in standard programs that are located in the Start menu. To run, first click on the program shortcut with the right mouse button, and then select “Run as administrator” from the context menu. After this, the Notepad text editor window will open.
C:\Windows\System32\drivers\etc
After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.
After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.
Conclusions of the article
If the malicious program has changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.
How to change the hosts file (video)
The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.
Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.
Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.
As for the file structure, the hosts file is a regular text file without an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.
The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.
Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.
Fraud with the hosts file
There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.
For example, having infected a computer, the virus addsin the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads to Access to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.
In addition, virus developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.
For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.
So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.
The malware disguises modification of the hosts file as follows:
To make it difficult to detect lines added by a virus, they are written to the end of the file
After a large empty area formed as a result of repeated line feeds;
After this, the original hosts file is assigned the Hidden attribute (by default, hidden files and folders are not visible);
A false hosts file is created, which, unlike the real hosts file (which has no extension), has the extension .txt (by default, extensions are not displayed for registered file types):
Where is the hosts file located?
Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the folderWINDOWS\system32\drivers\etc\
In the Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT\system32\drivers\etc\
Editing the hosts file
You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to launch Notepad in Administrator mode, and then open the file C:\Windows\System32\drivers\etc\hosts in it.
How to clean the hosts file
So, point by point.
Click "Start".
Choose "All programs".
Then select the item "Standard".
On "Notepad" click right click the mouse and select the item "Run as administrator."
In the notepad window that opens, select the File menu, then "Open..."
In the window that opens, select “Computer” on the left side of the window. 
Then open the disk WITH:.
Windows directory. 
System32 directory. 
Drivers directory. 
Catalog etc. 
When you open the etc directory, you will see an empty directory. In the lower right corner of the window, select "All files".
Select the hosts file and click the button "Open".
Check for the necessary content: at the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then there are several examples of how to enter various commands. All this is just plain text and does not carry any functions! We skip it and reach the end. Next should come the teams themselves. Unlike comments (i.e. plain text), they must begin not from the "#" sign, and from specific numbers, indicating the IP address.
Any commands in your hosts file after the following lines can be malicious:
- On Windows XP: 127.0.0.1 localhost
- On Windows Vista: ::1 localhost
- On Windows 7/8: # ::1 localhost
As you can see, host files are slightly different in different operating systems.
In order not to clean up anything unnecessary, you need to know how the commands are deciphered. There is nothing complicated here. At the beginning of each command there is digital ip address, then (separated by a space) the letter associated with it Domain name, and after it there may be a small a comment after the "#" sign.
Remember!
All commands starting from numbers 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various sites and Internet services. Which ones exactly, look in the next column following these numbers.
Teams having at the beginning any other numbers ip addresses, redirect(redirect) to fraudulent sites instead of official ones. Which sites have been replaced with fraudulent ones, also look in each column following these numbers.
Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear, look at the screenshot below.
Please keep this point in mind. Many virus commands can be hidden far at the very bottom of the file by cunning Internet attackers, so take the time to scroll the slider all the way down!
After you do the cleanup, don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad, instead of saving in the hosts file, will only make it text copy of hosts.txt, which is not a system file and does not perform any functions!
After a successful save, do not forget to restart your computer.
How to block sites in hosts
So, the hosts file is already open and you see that it is built in the form of a regular text document.
At the beginning you will see comments (plain text that does not provide any functionality) starting with the symbol "#" . They may be followed by some functional commands prescribed by the system.
But we don't need them. We skip them and get to the very end of the document. Let's make a retreat. And now, here, we can already write the commands we need!
When finished working with the file, open the File menu, select "Save".
To understand how to correctly enter commands for blocking web resources, you need to know that each PC has its own so-called. loopback address, which sends any request back to itself. For any computer running Windows, Linux or Mac, this address is always the same - 127.0.0.1 . Now, with the help of just this IP address, you can block any request to an unwanted site so that it is sent not to the requested resource, but to brotherly to the local computer.
This command in hosts is written as follows: " 127.0.0.1 domain name to block "Here are real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.
That's all. Now access to all unwanted sites is securely blocked. The main thing is to resave the hosts file after making changes! See detailed instructions above.
Restoring the hosts file after a virus infection
As already mentioned, today a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources (social networks, email services, etc.), where an inattentive user enters credentials, which thus get to the attackers.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts
Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.
Let's take a closer look at the process of restoring the hosts file:
1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows+R to open the menu "Run". In the window that opens, enter the command "%systemroot%\system32\drivers\etc"and click OK.
2. After this, a folder will open in front of you in which the hosts file is located.
3. Next, you need to make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
4.Create a new empty hosts file. To do this, right-click in the etc folder and select"Create a text document"
5. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
6. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
7. Depending on the version of the operating system, the contents of the standard hosts file may differ.
This is what all, without exception, “clean” hosts files should look like. 
Note!
- For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost"
- Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost"
If you ever find missing or, conversely, unnecessary entries in such a file, it is better to delete them quickly. Especially if they were not made by you or without your consent. Most likely, this is the result of viruses!
Restoring the default hosts file in Windows 7: Copy the text below into a file.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Save and close the file.
Editing the hosts file is often used to protect children from visiting unwanted sites, eliminating the effects of viruses, etc. Despite the simplicity of the technique, many users encounter a number of problems, among which the most prominent is the computer’s stubborn reluctance to save the changes made to the hosts. There are several reasons for this behavior, which we will discuss below. The first thing worth remembering is that only a user with administrator rights can change the hosts file; owners of a “simple” account are doomed to failure. But sometimes even the “administrator” gets a refusal.
File attributes
Open the folder with the file. Let us remind you that it is usually located at C:\Windows\system32\drivers\etc. Don’t rush to open it and make changes, first right-click on the file and select “Properties”.
At the bottom of the “general” tab there is a “Read Only” option.
If it is checked, you will not be able to save the changes. Windows will offer to save hosts as a text file. Even if you specify the correct option “all files,” the computer will ignore the user’s wishes and a useless text file will appear in the folder. Therefore, be sure to uncheck the box, and only then edit the file.
Changing the Read Only attribute is a required step. Unfortunately, this solution is sometimes not enough.
Admin Notepad
If there is no Notepad application icon on the desktop, open the Start menu and write the word “notepad” in the bottom line.
Right-click on it and select “run as administrator” from the drop-down list.
Using the Ctrl+O key combination, we call up the file opening window and go to a familiar address. Make sure the bottom right line says “all files” and select hosts. Make changes and save.
Security questions
If the previous method does not help, you will have to explain your rights to Windows. Right-click on the hosts file and select “properties”. This time you will have to go to the “security” tab. Uncheck the “Deny” column and check the next “Allow” column.
If other people use the computer besides you, try to remember or write down the changes so that after editing you can return everything to its place. Click OK, the system will warn you about the consequences. We agree.
Viruses and antiviruses
Did not help? A vigilant antivirus may be the culprit. Many of them have the function of blocking the hosts file to prevent malicious programs from making their edits. Even if you disable the defender for a while, there is every chance that the antivirus will remove the lines you entered. In this case, add hosts to the exclusion list, which is included in every serious antivirus program. Each program has a slightly different procedure, so you'll have to check the appropriate help section for help.
You already understand that a problem with access can arise due to a virus that makes its changes to the hosts and then takes care of their safety. In this case, you can download Dr.Web CureIt! or a similar product Kaspersky Virus Removal Tool. Both utilities are free and are excellent at removing pests that have settled on your hard drive.
Editing the hosts file in safe mode
The procedure differs little from the method where the file was opened through Notepad, but the entire operation is performed in safe mode.
First, reboot the computer. As soon as it turns on, before the OS starts loading, press the F8 key several times. The computer will prompt you to select a source from which to boot, select the hard drive. Next, press F8 again and select the “Safe Mode” option from the list. Lines will run across the screen, then a low-resolution black window will appear.
Through “Start” we launch “Notepad” and follow the algorithm described above. After saving the file, you can restart your computer.
Hosts (domain database) is a small document located in the Windows system folders. When you go online and or simply navigate to a website through your browser bookmarks, Windows accesses it first. The main purpose is to compare website names (domains) and their IP addresses, written in numbers. You can go to the site by entering the domain or IP.
It is vulnerable to viruses and other malware that seek to overwrite it
This is done so that you are automatically taken to advertising and virus sites or to block the ability to download certain Internet services. But fortunately, the contents of Hosts are under the control of the user. A notepad program is enough to enter data into a text book or rid it of unnecessary things. Read on to learn how to change hosts in Windows.
How to open Hosts
There is a host database in any OS that can connect to the Internet. And in Windows, and in MacOS, and in LInux distributions. But the location is very different. In XP, Vista, 7 and 8, 8.1 and 10, the hosts file is located at C:\Windows\System32\drivers\etc. You can open it directly in Explorer. The system32 folder is located directly in Windows.
But it’s easier to open the command line from the list of standard programs and enter this in the window: notepad C:\windows\system32\drivers\etc\hosts and press Enter.
Run the command line with administrative rights, otherwise only viewing will open and changes will be blocked.
It will launch in the usual notepad. If the command line was initiated from the admin, then the notepad will open in the same way and you can make edits.
There is a third way to open the hosts file in Windows 7, 8, 10 - for the curious:
- in Explorer go to C:\Windows\system32;
- you need notepad.exe;
- right click on it and click on run as administrator.
Next, in a simple way: “File” -> “Open” and look for the one you need. For Notepad to see it, you will need to enable the “All files” option in the lower right corner of the window. So, we figured out how to open hosts as an administrator, it’s time to understand how to edit it and why it is needed.
How to change hosts in Windows 8 or 8.1
The contents of hosts in Windows 7, 8 and 8.1 are the same and look something like thisIf you know English well, then at the top you can read a small text about the purpose of the file, but you will probably have it in Russian. We will edit the lower part, adding or deleting addresses.
Line 127.0.0.1 localhost is the local machine you are working on. If your computer does not have an http server running, you can use the address 127.0.0.1 to block unwanted sites. Add the line 127.0.01 site.ru (address of the blocked resource). You can add as many such lines as you like.
The sites included in the list will not open in any web browser on the local machineThe method is suitable for blocking access to sites that are dangerous for children. For the changes to take effect, you need to save the hosts file. The computer needs to be restarted. If you succeed in changing the hosts file in Windows 7, the added sites will not work until you delete entries about them and save them. On the contrary, if a malicious program has added its own entries, you can delete them, thereby opening access to the desired sites or erasing entries about redirection to resources that steal passwords, extort money, or infect your computer.
Editing hosts in Windows 7
Changing hosts in Windows 7 is no different. It is located at the same address and can be edited with notepad using administrator rights. Sometimes it is not possible to change the hosts file. The reason is viruses: some rewrite and do not allow you to change the hosts. Therefore, before you try to rewrite and save, check your computer for viruses. It is advisable to use several programs in turn for an accurate result. There is a large selection of anti-virus scanners on the Internet that do not require installation on your hard drive.
Creating a shortcut for editing hosts
- To quickly open the domain database, you can place a launch shortcut on your desktop.
- Right-click on an empty desktop.
- Next, you need to select “Create” -> “Shortcut”.
It means that the file at the specified address will be opened by Notepad.
- Click “Next” and give the shortcut a name so that it opens the desired file with administrator rights.
Now you manage domains and IP addresses on your computer.
WATCH THE VIDEO
Now you know how to change the hosts file in Windows. Ask questions to the experts.
Very often, installing programs downloaded from torrents requires editing the system hosts file. With grief, the user finds it, opens it with notepad or another text editor and makes the necessary changes. But then the most interesting part begins - Windows 10 does not allow you to save the hosts file after changing it, citing the user’s lack of permission to save files in this location. Why is this happening?! The fact is that the account by default has the rights of a regular user, which are not enough to change a system file. So what should we do then? How to save the hosts file after changes?! In fact, everything is quite easy and simple!
I know two ways to do this without activating the Administrator account and without using third-party programs.
I myself prefer the first option and highly recommend it to you!
Method 1
1. First, in the taskbar, click on the search button. It is located next to Start.
2. Enter the word “notepad” into the search bar. Search results will appear, namely a link to the Notepad application. Right-click on it and select “Run as administrator” from the menu. This will launch your text editor with elevated privileges.
3. Open the hosts file through the menu item “File >> Open”:
Let me remind you that it is located in the directory:
4. Now you have full access to change the hosts file and you can add any entry there:
5. Save the file after changing through the menu item “File >> Save” or by pressing the key combination Ctrl+S. Saving should go without problems!
Method 2.
1. As usual, you open the system folder in Explorer:
C:\Windows\system32\drivers\etc
and just copy the file to your desktop.
2. Enter the necessary lines and save the hosts file after changes.
3. Copy the file and paste it back into the system folder:
Windows 10 will of course start complaining that there is already a hosts file in the destination folder. In response to this, click on the “Replace” button.
4. The system will again complain that the user does not have enough rights and will offer to do everything with administrator rights:
This is what we need - click on the “Continue” button. The file will be successfully copied and will contain all the changes you made. Profit!
