home-Work with text-What should be in the hosts folder. Original hosts for Windows operating systems

What should be in the hosts folder. Original hosts for Windows operating systems

The Windows operating system (OS) (like other OSes) has the ability to speed up the transition to the IP address you typed into the site without accessing the DNS domain name system - DomainNameSystem. To do this, a special operating system file called hosts is used (used without any extension). The question arises: "The hosts file - what should be there?"

What is the hosts file for and what does it contain?

If this file contains a correspondence between the site name and its actual IP address, then redirection occurs without contacting DNS service your provider. Hosts file is normal text file, which can be opened by anyone, such as Notepad (but requires administrator rights). By default, the file contains several lines of explanations (comments) in English or Russian and a single executable line that provides redirection to the IP address of the computer itself for calls to the localhost name.

Where is the hosts file located?

Usually hosts file can be found:

  • in Windows OS versions 95/98/ME - in the WINDOWS directory;
  • in Windows OS versions NT/2000 - at WINNT\system32\drivers\etc;
  • Windows 7 hosts file (and Windows versions XP/2003/Vista/8) - in the WINDOWS\system32\drivers\etc directory.

Other operating systems also have a hosts file with similar functions. Where the hosts file is located in these OSes needs to be considered separately.

Why is the virus protection file important?

The importance of resolving the issue of hosts, what should be there, is that some people use the special properties of this file to protect against antivirus programs and to block calls to some files. After all, if you write in the hosts file to redirect anti-virus programs to a false IP address, then the computer will not be able to carry out the work of these programs, and, for example, antivirus databases They just won't update.

Therefore, if your computer has problems with the operation of antivirus programs, one of the reasons may be unauthorized modification of the hosts file of your computer.

What can the hosts file be used for?

Some users use it to prevent the use of certain sites, such as pornographic or annoying social networking sites. To implement this task, you can simply enter one line like: 127.0.0.1 “site name” at the end of the file for each site. At the same time, the sites by whose name users are trying to navigate to this computer, they simply won't be called.
You can do the following trick: redirect those trying to call an unwanted site to a site, for example, the Mashkov library, by entering the line: 81.176.66.163 “site name”.

Excluding advertisements

Also, the question about hosts, what should be there, is important because by making some additions to it, you can avoid the display of annoying contextual and/or banner advertising, which on some sites is added not only around the perimeter of the information content of the pages, but also interspersed in the middle of the texts articles. To do this, you need to redirect sites that host these types of advertising to 127.0.0.1, as indicated above. And these are sites such as, for example, “Google” contextual advertising AdSense. To exclude its display, enter the following lines into the hosts file:

  • 127.0.0.1 pagead.googlesyndication.com;
  • 127.0.0.1 pagead2.googlesyndication.com.

On the Internet you can find ready-made texts for inserting into the hosts file, containing many such lines that exclude the display of unnecessary ones. In addition, there are ready-made texts for setting up faster work with some search engines, for example, Google hosts. However, such materials must be used carefully. It is not advisable for the hosts file to exceed 10 KB in size. Otherwise, it itself will slow down the system. Although many similar redirect lines can fit into these 10 KB.

Possible difficulties

First you need to make sure whether the file you want to edit is correct. The fact is that some cunning creators of virus programs disguise the hosts file used by the system, placing it in a place other than where it is registered by default. The system accesses the Windows 7 hosts file, the path of which is registered in the registry in the DataBasePath parameter, located at the address: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\.

The correct path value looks like: %SystemRoot%\system32\drivers\etc\hosts. You can check this by calling the registry editor regedit.exe from the START menu - run.

If the specified variable contains a different value, you must restore the value to what it should be.

Another trick of malware is to place another file with a similar name, for example host, in the etc directory along with the hosts file. Be careful to make sure that you are checking and editing the exact file that is being used by the system.

The third trick is to hide the file from view. They simply state that it is hidden. In this case, it is simply not visible in the catalog, although it is present there. To be able to view it, you must first set the item "Show hidden files". In Windows XP, this option is set in the "View" tab of the "Properties" panel of the "Control Panel" menu folder. After this, viewing hidden files will be possible, and it will be possible in the properties of this file reset the “hidden” flag. At the same time, check whether the “Read Only” flag is set for this file. If installed, you will not be able to edit it. You need to uncheck the corresponding box in the file properties panel.

The next trick might be to use a proxy. If manual proxy settings are installed, then the hosts file does not work. To resolve this issue, check your browser settings. For example, for Firefox you need to open “Settings”, then “Advanced”, then in the “Network” tab select “Customize”. In the menu that appears, if you selected the “Use system proxy settings” option, you should select the “Without proxy” option and save the settings. But if the item “ Manual setting proxy service”, and you have not installed this, then you need to do more work. First, you need to remember the set proxy server address, set the “No proxy” option, and save the settings. Then you need to open the registry editor, call the search, insert the remembered address and perform the search, deleting the value of your address assigned to them in the found keys.

Simple protection

By the way, to prevent malware from changing the settings of your computer’s hosts file, it is useful to set the “Read Only” attribute in its properties (after all your changes to it).

Thus, in this article we dealt with the question of Hosts, what should be there, and found out what kind of file it is, where it is located, what functions it performs, how it can harm a computer under the influence of malware, and how to use it in your purposes.

Hosts - a text file containing a database of domain names and used when broadcasting them to network addresses nodes A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator. All of the above means that with the help of this file you can very easily and simply set up access to any of the existing Internet resources. Let's say you wanted to block access to one of the popular social networks, for example. To do this, you will have to write just a few lines in hosts and save the changes. After this, any user who uses your computer will simply not be able to get into VK, since access will be denied. Of course, with a set of minimal knowledge, this prohibition is easily circumvented.

An ordinary user should theoretically know nothing about the hosts file, since it simply has no use for him. Alas, modern realities are such that we have to learn a lot of new things. The fact is that in the last few years a lot of fraudulent organizations have appeared that use hosts to steal personal information, as well as to take money from a person by redirecting him to other sites for the purpose of extortion. So that you understand what I'm talking about, I'll give you an example. Let's say you decide to go to the same VK. Only instead of your page you see a warning asking you to send an SMS to short number in order to make sure that you are a real person and not a robot. There may be other reasons, in this case it does not matter. You send a message, after which money begins to be debited from your account. This is the fraud of which you have become a participant. You must immediately call your telecom operator, explain the situation and ask for a refund to your account. Most likely, you will have to write a written statement, after which the funds will be returned to you, since they were withdrawn from the account illegally.

How could this happen? Using the hosts file, you are automatically redirected to a fraudulent site that only appearance resembles the usual VKontakte, while the address in the line can be real (that is, vk.com). However, this is not VK. To verify this, you can open hosts and see extra lines like 111.222.333.333 vk.com, with the help of which the redirection occurs.

Another question arises - how can the hosts change? Yes, it’s very simple: to do this, you just need to install a Trojan on your PC, which will perform the entire operation without your knowledge. And you can pick it up on almost any website.

So, now let's move on to the main question, namely: what does the file look like? Let me say right away that it varies slightly depending on the operating system.

Windows XP

# Copyright (c) 1993-1999 Microsoft Corp.
#

#




#space.
#


#
# For example:
#

127.0.0.1 localhost

Windows Vista


#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

Windows 7 and 8

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
#127.0.0.1 localhost

As you can see, the files are practically no different from each other, with some differences. However, I recommend using your own hosts for each operating system. Just copy the specified data.

By the way, the files are located in the following sections:

  • In Windows XP/2003/Vista/7/8 C:\WINDOWS\system32\drivers\etc\hosts
  • On Windows NT/2000: C:\WINNT\system32\drivers\etc\hosts

If you do not have the opportunity or desire to change this file yourself, you can use a utility called, which I recently talked about - it automatically changes contents of hosts, if it contains extra characters.

The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.

On Windows, a request to the hosts file takes precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.

Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?

They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown advertising, and at worst, a fake page of a popular resource will be opened (social network, service window Email, online banking service, etc.), asking you to enter your account information to log into the fake site.

Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.

Where is the hosts file located?

The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.

The path to the hosts file will be like this:

C:\Windows\System32\drivers\etc\hosts

You can manually go through this path, or immediately open the folder with the host file using a special command.

For quick access to the file, press the keyboard shortcut “Windows” + “R”. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:

%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc

This file has no extension, but can be opened and edited in any text editor.

Standard contents of the hosts file

In the Windows operating system, the "hosts" file has the following standard contents:

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost

This file is similar in content to operating systems ah Windows 7, Windows 8, Windows 10.

All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.

It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.

These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.

You can download the standard hosts file from here to install on your computer. It can be used to replace a modified file if you don't want to edit it yourself hosts file on your computer.

What to pay attention to

If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malicious programs.

Pay special attention to the contents of the file, which are located after these lines:

# 127.0.0.1 localhost # ::1 localhost

Additional entries can be inserted into the host file, which are added here by some programs.

For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility would cut off unwanted software.

There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype program, or block access to a site.

If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.

Why do they change the hosts file?

The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.

Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.

To block a site (for example, the VKontakte site), lines of this type are entered:

127.0.0.1 vk.com

For some sites, two versions of the site name may be entered with “www” or without this abbreviation.

You yourself can block unwanted sites on your computer by adding a similar entry to the host file:

127.0.0.1 site_name

In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).

As a result, after entering the site name, you will see a blank page from your computer, although address bar browser will display the name of this web page. This site will be blocked on your computer.

When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.

To redirect to another site, entries of the following type are added to the host file:

157.15.215.69 site_name

First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, with Latin letters the name of the site will be written, for example, vk.com or ok.ru.

The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.

As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake page social network, which is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.

How to edit the hosts file

You can change the contents of the host file yourself by editing it using text editor. One of the most simple ways To be able to change the file, open the hosts file in Notepad, opening the program as administrator.

To do this, create a shortcut to the Notepad utility on the Desktop, or launch the application in standard programs, which are located in the Start menu. To start, first click on the program shortcut with the right mouse button, and then select in context menu"Run as administrator" item. After this, the Notepad text editor window will open.

C:\Windows\System32\drivers\etc

After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.

After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.

Conclusions of the article

In case if malware changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.

How to change the hosts file (video)

Some terminology

DNS(English abbreviation for Domain Name System) – Domain Name Service. Establishes correspondence between numeric IP-addresses and text names.

DNS(English abbreviation for Domain Name Server) – domain name server; office computer local or Global Network, which translates computer names in domain records to .

DNS cache(resolver cache DNS) – temporary storage of previous DNS-requests on local . Reduces request execution time, reduces network and Internet traffic.

host(English) – main Calculating machine; host, any device connected to the network and using protocols TCP/IP.

IP(English) Internet Protocol) – Internet protocol; a network layer protocol from the Internet protocol suite.

IP address(English) IP address) – used to identify a node on a network and to determine routing information. Consists of the network identifier ( network ID) and host ID ( host ID).

Name Resolution(English) – domain name resolution; the process of converting a computer name to the appropriate one.

Name Resolution Service– name resolution service; in networks TCP/IP converts computer names to and vice versa.

TCP/IP(English abbreviation for Transmission Control Protocol/Internet Protocol) – information transfer control protocol, the main protocol of the transport and session layers, providing reliable full-duplex streams.

Designed for use in the Global Network and for combining heterogeneous networks.(English abbreviation for URL Uniform Resource Locator ) – unified index information resource

; a standardized string of characters indicating the location of a resource on the Internet. What's happened hosts

-filehosts -file in Windows (and other operating systems is used to associate (map) host names (nodes, servers, domains) with their).

name resolution What's happened IN(127.0.0.1), reserved for localhost, that is, for local.

File What's happened is a regular text file (without extension).

Disk address of the file What's happened:

-file in 95\98\M.E.\WINDOWS\;

Windows NT\2000\ \ \ – \Windows\System32\drivers\etc\.

When an Internet user types the address ( Designed for use in the Global Network and for combining heterogeneous networks.) of any site (web page) and clicks Enter:

– the user’s browser checks What's happened-file, whether the entered name is the proper name of the computer ( localhost);

– if not, then the browser looks for the requested address (hostname) in the file What's happened;

– if a hostname is found, the browser accesses the corresponding hostspecified in What's happened-file;

– if the hostname is not found in the file What's happened , then the browser accesses ( DNS-cache);

– if a hostname is found in the cache, the browser accesses the corresponding host, saved in cache DNS;

– if the hostname is not found in the resolver cache DNS, the browser accesses DNS-server;

– if the requested web page (site) exists, DNS-server translates user-specified Designed for use in the Global Network and for combining heterogeneous networks.-address in ;

– The web browser loads the requested resource.

History of origin What's happened-file

# Copyright (c) 1993-1999 Microsoft Corp.

#

#

#space.

#

#

# For example:

#

127.0.0.1 localhost

# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

# Copyright (c) 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

#127.0.0.1 localhost

# ::1 localhost

Usage What's happened-file

What's happened-file can be used to speed up work on the Global Network and reduce traffic - due to reduced requests to DNS-server for frequently visited resources.

For example, you often download resources google.ru And google.com. Open the file What's happened and after the line127.0.0.1 localhost enter lines

209.85.229.104 google.ru

74.125.232.20 google.com

This will prevent the web browser from having to contact the server DNS, and immediately establish a connection to sites google.ru And google.com.

Sometimes What's happened-file is used to block unwanted resources (for example, those that send malware). To do this you need after the line 127.0.0.1 localhost enter string

127.0.0.1 URL_of_resource_blocked

The essence of this manipulation is that the blocked resource is mapped to127.0.0.1 which is the address local computer, – so the unwanted resource will not be loaded.

Editing rules What's happened-file

1. Each element must be on a separate line.

2. must begin at the first position of the line and must be followed (on the same line) by its corresponding hostname.

3. and hostname must be separated by at least one space.

4. Comments must be preceded by the symbol # .

5. If comments are used in domain name matching strings, they must follow the host name and be separated by # .

Usage What's happened-file by virus writers

Attackers have long chosen What's happened-file, – with its help the real addresses of web resources are replaced on the infected one. After this, the web browser redirects the user to sites with malicious software, or, for example, blocks access to the sites of antivirus manufacturers.

Malicious disguises modification What's happened-file as follows:

– to make it difficult to detect lines added by a virus, they are written to the end of the file - after a large empty area formed as a result of repeated line translations;

– after that to the original What's happened-the file is assigned an attribute Hidden(by default, hidden files and folders are not visible);

– a false one is created What's happened- a file that, unlike a real file What's happened(without extension) has extension .txt(by default, extensions are not displayed for registered file types):


What's happened-file: how to eliminate the consequences of a virus attack

Open What's happened-file (if the virus installed the fileattribute Hidden, will be required in Folder properties enable option Show hidden files and folders) ;

– a window will appear -file in with a message "The following file could not be opened...";


– set the switch Selecting a program from the list manually –> OK;

- in the window Program selection in scrollable list Programs highlight Notepad –> OK;

– file What's happened will open in Notepad;

– delete all lines except 127.0.0.1 localhost;

– save What's happened-file.

Valery Sidorov

Few users who work with the "seven" and surf the Internet realize the true meaning of the HOSTS file (Windows 7). Its content will be shown a little later, but for now let’s dwell a little on the theory.

why is it needed?

In general, if anyone paid attention, the file itself is located in the etc directory, if you sequentially move along the tree from Windows folders, via System32 to the drivers directory on system disk. Not everyone, however, goes into such a thicket of the system; by and large, this is not necessary. On the other hand, if you pay attention, the object itself does not have an extension, although, in fact, it is an ordinary text document.

But let's take a closer look at Windows 7. Its content is that it is this object that is responsible in the system for the relationship between host names (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to enter combinations consisting of numbers in the browser, but we can only specify the names of resources.

And one more small clarification about the HOSTS file (Windows 7). Its content may change. Depending on what changes have been made, this can help block certain sites, speed up access to certain resources, or, on the contrary, can play a cruel joke by redirecting the user to dubious sites. However, first let's look at the original file.

(Windows 7): Contents

So, first, let's try to open. I must say that if you use standard method double click, nothing will work, because, as mentioned above, this object does not have an extension. In addition, the file may be hidden, so you should first select show hidden objects in the view menu. But the system will offer several applications to open. We choose the simplest thing - standard Notepad and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). That's how it should be.

Attention! There should be nothing below the line indicating the reserved local address, unless, of course, the user wants some resource to be blocked!

In general, everything above localhost is allowed resources. Everything below is blocked. It is not difficult to guess that many viruses, in particular programs that distribute spam or advertising (Malware, Adware, etc.) independently edit the contents of this file. So it turns out that when requesting one resource, the user receives a redirect (redirection) to a completely different one.

Default HOSTS in Windows 7

We reviewed the original file. Now let's look at the changed content. To fix it, you can take the contents of a “clean” file for the “seven” from another computer or from the Internet, copy it, then paste it into the original and save it.

But there is one problem. The fact is that sometimes, after removing everything unnecessary, it is not possible to save the file as the original (the system simply does not allow this to be done).

What to do in this case? First, delete the original completely (Shift + Del), bypassing the Trash. Then we right click on the empty space inside the etc directory and create new file with the same name, but we do not specify the extension. Now we insert the necessary content into it and save the object. After this, you need to find the lmhosts.sam file there and delete it, as indicated earlier.

That's it, it's done. In both the first and second cases, a system reboot is required. Only then will everything work as expected. And, of course, editing should be done exclusively with administrator rights.

Bottom line

In general, there were very brief information about the HOST file. If you look at the issues of blocking some unwanted resources or, on the contrary, allowing access to them with faster access, editing must be done exclusively manually and according to certain rules. Here you need to remember that the key role of the separator is played by the line indicating the reserved local IP. Well, then, as they say, it’s a matter of technique. By the way, the above technique will also help if the contents of the object have been changed due to the influence of virus programs.

Related publications: