Hosts file for Windows 7. Hosts file - what is it, how to change its contents, where to look for it, even if it is missing? How to edit the hosts file
File hosts establishes a correspondence between the IP server and the site domain. A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator.
Today, a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources (social networks, postal services etc.), where an inattentive user enters credentials, which thus fall to the attackers. It is also possible to block access to the websites of antivirus software companies.
Hosts file location
Default file hosts located here C:\Windows\System32\drivers\etc The file has no extension, but can be opened with Notepad. To change the contents of a file in Notepad, you must have administrator rights.
To view the file hosts open the menu Start, select item Execute, enter the command
and press the button OK
This is what the file should look like hosts default.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts
Restoring the contents of the hosts file to default
- Open menu Start, select item Execute, enter the command
%systemroot%\system32\drivers\etc
and press the button OK.
- Rename hosts file V hosts.old.
- Create new file hosts default. To do this, follow the steps below.
- Right click in free space in folder %WinDir%\system32\drivers\etc, select item Create, click the element Text Document , Enter your name hosts and press the key ENTER.
- Click the button Yes to confirm that the filename will not have the extension TXT.
- Open a new file hosts in a text editor. For example, open the file in " Notebook".
- Copy the text below into a file.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Save and close the file.
You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own. To do this you need to run Notebook in mode Administrator.
How to run standard Windows programs look
What is the Hosts file for?
The purpose of this system file- assigning certain website addresses a specific IP.
This file is very popular with all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of “insertion” of a site into browsers, which will ask to send an SMS when opening the browser, or blocking of various sites, at the discretion of the creators of the virus.
Where is the hosts file in windows?
For different versions of Windows OS, the location of the hosts file is slightly different:
Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts
Moreover, the ending hosts, it already is final file, not a folder. He doesn't have it.
What it should look like correct file hosts?
The "contents" of the hosts file are also slightly different for different versions windows, but not really. It is "written" in English language why it is needed and how to make exceptions with one example. All lines starting with a # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
Contents of the original hosts file for Windows Vista:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost
Contents of the original hosts file for Windows 7:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Contents of the original hosts file for Windows 8:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
As you can see, there are no significant differences in the contents of the host file for different versions of Windows.
How to open and edit the hosts file?
The hosts file can be found in standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and writing the site address into it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.
For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:
notepad %windir%\system32\drivers\etc\hosts
As a result, this file will open in Notepad.
In order to block access to the site(let's assume it will be test.ru), you just need to add a line with this site at the very bottom:
127.0.0.1 test.ru
As a result, the file will have the following content:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# This HOSTS file created by Dr.Web Anti-rootkit API
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru
Each new site that you want to block must be started on a new line and entered, not forgetting the local IP address 127.0.0.1
Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The principle of its operation is that it helps to edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.
After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).
You can also change this file for good purposes, for example speed up site loading.
How it works?
When you access the site, you see it Domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I will not go into details of this process, this article is not about that. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:
91.218.228.14 website
This speeds up page loading in a couple of seconds, and sometimes can give access if standard means You cannot access the site.
Still possible redirect to another site using hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:
91.218.228.14 test.ru
And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address..
If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text from the description above (under spoilers).
Some nuances in the hosts file:
Thus, you can easily and free of charge block access to sites in Windows by editing the hosts file.
The hosts file is a file that is responsible for the proper operation of your web browsers. It matches IP addresses to domain names. It is his work that determines which sites will open and how they will open. Therefore, this file often becomes the target of virus programs that block browsers.
Where is this file located, and how to restore it after damage in Win 7, we will consider further.
In Windows 7, this file is located at the specified address: C: WINDOWS SYSTEM32 DRIVERS ETC. To access it, just enter this path in the address bar and press Enter.
Mostly this file is hidden, so before doing this you should enable the viewing hidden files mode. To do this, in the Windows window menu “Tools” - “Folder Options” - select the “View” tab and in it select the radio button opposite “Show hidden files and folders”.
Next, the hosts file needs to be edited. We open it using Notepad and delete all unnecessary things. By default, this file should look like this.
Save it and restart your computer. It should be remembered that if in this file there are extraneous entries, then you need to check your operating system for viruses and remove them. If you do not do this, virus programs will block your browsers again.
The hosts file is located on the path C:WindowsSystem32Driversetchosts (if C- system disk). You can open it with a regular notepad. If you have not made changes to the hosts file, then the following will be written there:
Hosts file in Windows XP:
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
Hosts file in Windows Vista:
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
Hosts file in Windows 7:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Hosts file in Windows 8
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
As you can see, regardless of the version, the host file is not very different, but if a virus “worked” on the hosts file, various sites and IPs can be added there. For example:
127.0.0.1 ftp.kasperskylab.ru
127.0.0.1 ids.kaspersky-labs.com
127.0.0.1 vk.com
127.0.0.1 drweb.com
Such additions to the file prevent you from accessing the specified sites.
1.2.3.4 ftp.kasperskylab.ru
1.2.3.4 ids.kaspersky-labs.com
1.2.3.4 vk.com
1.2.3.4 drweb.com
Such additions in the file when opening the specified sites will redirect you to other sites, possibly infected with viruses (IP-1.2.3.4- are fictitious).
If you find that the hosts file has been changed, it needs to be corrected. In Windows XP, the file is simply opened in Notepad, the necessary changes are made and saved (you must log in as an administrator). On other versions (Windows Vista, 7, 8), you must give permission to change the file. To do this, open the folder in which hosts C:WindowsSystem32Driversetc is located (if drive C is the system one). Right-click on hosts and select "Properties".
Select the "Security" tab, then select the user under which you work on the computer/laptop (in in this example this is pk-help.com) and click the "Edit" button. The “Permissions for the “hosts” group” window will open, select the user again and assign full rights to the file, click “OK”, in the “Properties: hosts” window, also “OK”.
After that, open hosts with Notepad and return the file to original state, save the changes when finished.
This file is a system file and is located in system partition disk in the WindowsSystem32driversetc folder. In format, it is a regular text file named hosts, but without a name extension. It consists of text strings and can be edited with any text editor. Each line can be either a comment (in which case its first character is #) or a matching statement that has the format.
There must be one or more spaces between the address and name. For example, the string 102.54.81.91 rh.com associates the host rh.com with its address 102.54.81.91. During his Windows installations 7 forms the standard content of this document, which looks like: How to restore hosts Sometimes a situation may arise when you need to restore the initial state of this file. It can occur either after its accidental deletion or corruption, or as a result of exposure to malware.
It should be said right away that to access this file (including when restoring it) you need administrator rights. Its content can be generated manually in a text editor or downloaded from the Internet. Editing hosts Of course, in order to edit hosts, you need to have administrator rights. You can edit it with any text editor. As an example, we use the standard Notepad, which is always installed in Windows 7.
You can launch it in two ways - from the command line and by directly calling Notepad: Launch Notepad from the command line. You need to go to “Start” - “Accessories” - “ Command line"(right mouse button - "Run as administrator"). A command line window will open in which you need to type the command notepad C:WindowsSystem32driversetchosts. A Notepad window will appear with the contents of the file. Direct call to Notepad.
You need to follow the path indicated for the command line, only instead of “Command Prompt” you need to specify “Notepad”. A blank Notepad window will appear. Through the “File” menu item you need to get to the etc folder and open it. If it does not show the hosts name, then you must enter it manually in the “File name” field at the bottom of the Notepad window. After any changes to this document, you must reboot, otherwise its new contents will not be known to Windows 7, since they become known only during a reboot.
The benefits and harms of hosts changes Useful changes This file can be considered, for example, as follows: Setting the IP address and domain to match in order to speed up access to the site by bypassing the DNS server. Changes to block access to a specific site, for example, to block verification Windows authenticity or availability of updates for any program.
To do this, 127.0.0.1 is specified as the IP address, which the operating system perceives as an access to this computer, and not to the real site. Changes to "advertise" this computer local server, since the DNS service knows nothing about it. Of course, for this the IP address must be static. Hosts are the main target for most malware. There are two main, one might say “classical”, ways of changing this file, which attackers resort to in order to benefit from it.
These are the following changes: Blocking access to anti-virus program servers so that the computer cannot download such a program or update virus syndrome databases. For example, if, as a result of exposure to a virus or Trojan, a line like “127.0.0.1 esetnod32.ru” appears in the hosts, then any attempts to access the site with this antivirus will be blocked. Substitution of the real website address registered on DNS server, to fake.
Let’s say that a malicious application that has penetrated a computer writes the line “91.81.71.61 vk.com” in this file, where the address of the computer of the author of this program is specified. This is done with the goal that attempts to access everyone’s favorite site will result in a call to the attacker’s server, the interface of which completely replicates its real counterpart, but is used to collect confidential information about site users, for example, their logins and passwords.
Therefore, if there is any suspicion of the presence of viruses in the system, you should first check the status of this file, and that is why many antivirus programs tirelessly monitor its condition and notify the user of all attempts to change it.
Where is the hosts file located?
The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.
The path to the hosts file will be like this:
C:WindowsSystem32driversetchosts
You can manually go through this path, or immediately open the folder with the host file using a special command.
For quick access to the file, press the keyboard shortcut “Windows” + “R”. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:
%systemroot%system32driversetc
%WinDir%System32DriversEtc
Then click on the "OK" button.
hosts file in the folder
This file has no extension, but can be opened and edited in any text editor.
Standard contents of the hosts file
In the Windows operating system, the "hosts" file has the following standard contents:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
This file is similar in content to operating systems Windows 7, Windows 8, Windows 10.
All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.
It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.
These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.
You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.
What to pay attention to
If this file on your computer is no different from this standard file, then this means that there are no problems that could arise due to the change of this file There are no malware on your computer.
Pay special attention to the contents of the file, which are located after these lines:
# 127.0.0.1 localhost
# ::1 localhost
Additional entries can be inserted into the host file, which are added here by some programs.
For example, in this image, you can see that Unchecky has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility cut off unwanted software.
Added entries
There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype program, or block access to a site.
If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.
Why do they change the hosts file?
The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.
Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.
To block a site (for example, the VKontakte site), lines of this type are entered:
127.0.0.1 vk.com
For some sites, two versions of the site name may be entered with “www”, or without this abbreviation.
You yourself can block unwanted sites on your computer by adding a similar entry to the host file:
127.0.0.1 site_name
In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).
As a result, after entering the site name, you will see a blank page from your computer, although address bar browser will display the name of this web page. This site will be blocked on your computer.
When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.
To redirect to another site, entries of the following type are added to the host file:
157.15.215.69 site_name
First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, with Latin letters the name of the site will be written, for example, vk.com or ok.ru.
The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.
As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake page social network, which is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.
How to edit the hosts file
You can change the contents of the host file yourself by editing it using text editor. One of the most simple ways To be able to change the file, open the hosts file in Notepad, opening the program as administrator.
To do this, create a shortcut to the Notepad utility on the Desktop, or launch the application in standard programs, which are located in the Start menu. To start, first click on the program shortcut with the right mouse button, and then select in context menu"Run as administrator" item. After this, the Notepad text editor window will open.
C:WindowsSystem32driversetc
After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.
After editing is complete, save the changes to the hosts file. Please note that the file type when saving should be “All files”.
In case if malware changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.
How to open and edit the hosts file?
The hosts file can be opened using standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and writing the site address into it, the user will not be able to access it through any browser.
In order to change the hosts file, it is advisable to open it as an administrator (How to run a file or program as an administrator) by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.
To make things quicker, you can simply click the Start button and select Run (win+r) (What to do if there is no Run in Start) and enter in the line:
notepad %windir%system32driversetchosts
how to open hosts file
As a result, this file will open in Notepad.
In order to block access to a site (let's assume it will be test.ru), you just need to add a line with this site at the very bottom:
127.0.0.1 test.ru
As a result, the file will have the following content:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# This HOSTS file created by Dr.Web Anti-rootkit API
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru
Each new site that you want to block must be started on a new line and entered, not forgetting the local IP address 127.0.0.1
Also, to edit the hosts file, there is the HOSTS EDITOR program, which you can download and read the description from the official website.
The principle of its operation is that it helps to edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.
how to edit the hosts file
After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).
You can also change this file for good purposes, for example, speed up the loading of the site.
How it works?
When you visit a site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I will not go into details of this process, this article is not about that. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example this or this.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:
91.218.228.14 vindavoz.ru
This speeds up page loading in a couple of seconds, and sometimes can give access if you cannot access the site using standard means.
You can also redirect to another site using the hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:
91.218.228.14 test.ru
And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address. In this case, go to the site vindavoz.ru.
If you want to clean the hosts file, you can do this by simply deleting the contents and pasting the original text into it from the description above (under spoilers).
Some nuances in the hosts file:
Always make sure you have a scroll bar on the side and always scroll to the bottom of the window. This is due to the fact that some viruses are registered in an area hidden outside the window.
In some cases, usually if you cannot save the file, you need to log in under the Administrator account.
Sometimes, due to viruses, this file may be hidden. Read the article Hidden files and folders.
The two methods described (redirection and acceleration) may not produce the desired result. The fact is that several sites can be located on one IP address, this is especially true for external IP addresses provided by services.
Due to the fact that viruses love this file, its attributes can be changed to Hidden and Read-Only.
Check the file attributes if the hosts file cannot be saved.
Thus, you can easily and free block access to sites in Windows by editing the hosts file
The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.
On Windows, a request to the hosts file takes precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.
Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?
They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown advertising, and at worst, a fake page of a popular resource will be opened (social network, service window Email, online banking service, etc.), asking you to enter your account information to log into the fake site.
Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.
Where is the hosts file located?
The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.
The path to the hosts file will be like this:
C:\Windows\System32\drivers\etc\hosts
You can manually go through this path, or immediately open the folder with the host file using a special command.
To quickly access a file, press the “Windows” + “R” key combination on your keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:
%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc
This file has no extension, but can be opened and edited in any text editor.
Standard contents of the hosts file
In the Windows operating system, the "hosts" file has the following standard contents:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
This file is similar in content to operating Windows systems 7, Windows 8, Windows 10.
All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.
It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.
These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.
You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.
What to pay attention to
If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malicious programs.
Pay special attention to the contents of the file, which are located after these lines:
# 127.0.0.1 localhost # ::1 localhost
Additional entries can be inserted into the host file, which are added here by some programs.
For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility would cut off unwanted software.
There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype, or block access to a site.
If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.
Why do they change the hosts file?
The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.
Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.
To block a site (for example, the VKontakte site), lines of this type are entered:
127.0.0.1 vk.com
For some sites, two versions of the site name may be entered with “www”, or without this abbreviation.
You yourself can block unwanted sites on your computer by adding a similar entry to the host file:
127.0.0.1 site_name
In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).
As a result, after entering the site name, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.
When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.
To redirect to another site, entries of the following type are added to the host file:
157.15.215.69 site_name
First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.
The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.
As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake social network page that is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.
How to edit the hosts file
You can change the contents of the host file yourself by editing it using a text editor. One of the easiest ways to be able to change a file is to open the hosts file in Notepad, opening the program as administrator.
To do this, create a shortcut for the Notepad utility on the Desktop, or launch the application in standard programs that are located in the Start menu. To run, first click on the program shortcut with the right mouse button, and then select “Run as administrator” from the context menu. After this, the Notepad text editor window will open.
C:\Windows\System32\drivers\etc
After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.
After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.
Conclusions of the article
If the malicious program has changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.
How to change the hosts file (video)
Good afternoon. Once upon a time I wrote an article about new operating systems. At that moment, I somehow didn’t think that it would be necessary to write an article about the opposite - how to restore it to “factory condition”. The thing is that some “friendly programs” (of course, these are viruses) can change it themselves and add some site useful to us, say VKontakte, Yandex, Google or something else... And after that we receive a message that this site is not available in this moment. Of course, this is the most basic thing, checking the hosts file for extra entries, but not every beginner will guess this. It is for such people that this small instruction will be written.
Instructions
- A. Edit the current file by removing the content and filling it with the following:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
