System hosts file- This text file, which contains a local database of domain names and their IP addresses. A request to the hosts file has higher priority than access to DNS servers. This is what various viruses or malware, replacing its contents with your data.
Where is the hosts file located?
By default, system file hosts located in the directory
.
To get to it you need to go to the menu Start → Execute or press the key combination WIN+R. In the window that opens Starting the program enter the address:
C:\Windows\system32\drivers\etc
or
%WinDir%\system32\drivers\etc
Press the button Enter.
To open it, click on it right click mouse and select the item in the menu Open with notepad
What should be in the hosts file by default?
Hosts file for Windows XP:
# Copyright (c) 1993-1999 Microsoft Corp.# # # space.
# # # For example: # 127.0.0.1 localhost
Hosts file for Windows Vista: # # Copyright (c) 1993-2006 MicrosoftCorp. # This is a sample HOSTS file used by Microsoft TCP/IP. # for Windows # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one #space. ## Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol. # # For example: #
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # Hosts file for Windows 7: # for Windows # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one #space. ## Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol. # # For example: ## Copyright (c) 1993-2009 MicrosoftCorp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
127.0.0.1 localhost ::1 localhost # Hosts file for Windows 7: # for Windows # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one #space. ## Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a ‘#’ symbol. # # For example: # Hosts file for Windows 8:# Copyright (c) 1993-2009 Microsoft Corp.
# localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost nodes A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator. All of the above means that with the help of this file you can very easily and simply set up access to any of the existing Internet resources. Let's say you wanted to block access to one of the popular social networks, for example. To do this, you will have to write just a few lines in hosts and save the changes. After this, any user who uses your computer will simply not be able to get into VK, since access will be denied. Of course, with a set of minimal knowledge, this prohibition is easily circumvented.
An ordinary user should theoretically know nothing about the hosts file, since it simply has no use for him. Alas, modern realities are such that we have to learn a lot of new things. The fact is that in the last few years, a lot of fraudulent organizations have appeared that use hosts to steal personal information, as well as to take money from a person by redirecting him to other sites for the purpose of extortion. So that you understand what I'm talking about, I'll give you an example. Let's say you decide to go to the same VK. Only instead of your page you see a warning asking you to send an SMS to short number in order to make sure that you are a real person and not a robot. There may be other reasons, in this case it does not matter. You send a message, after which money begins to be debited from your account. This is the fraud of which you have become a participant. You must immediately call your telecom operator, explain the situation and ask for a refund to your account. Most likely, you will have to write a written statement, after which the funds will be returned to you, since they were withdrawn from the account illegally.
How could this happen? Using the hosts file, you are automatically redirected to a fraudulent site that only appearance resembles the usual VKontakte, while the address in the line can be real (that is, vk.com). However, this is not VK. To verify this, you can open hosts and see extra lines like 111.222.333.333 vk.com, with the help of which the redirection occurs.
Another question arises - how can the hosts change? Yes, it’s very simple: to do this, you just need to install a Trojan on your PC, which will perform the entire operation without your knowledge. And you can pick it up on almost any website.
So, now let's move on to the main question, namely: what does the file look like? I will say right away that it varies slightly depending on operating system.
Windows XP
# Copyright (c) 1993-1999 Microsoft Corp.
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
Windows Vista
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
Windows 7 and 8
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
#127.0.0.1 localhost
As you can see, the files are practically no different from each other, with some differences. However, I recommend using different hosts for each operating system. Just copy the specified data.
By the way, the files are located in the following sections:
- In Windows XP/2003/Vista/7/8 C:\WINDOWS\system32\drivers\etc\hosts
- On Windows NT/2000: C:\WINNT\system32\drivers\etc\hosts
If you do not have the ability or desire to change it yourself this file, you can use a utility called , which I recently talked about - it automatically changes the contents of hosts if it contains extra characters.
Restoring the default hosts file in Windows 7
File hosts establishes a correspondence between the IP server and the site domain. A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator.
Today, a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources ( social media, postal services etc.), where an inattentive user enters credentials, which thus get to the attackers. It is also possible to block access to the websites of antivirus software companies.
Default file host located here C:\Windows\System32\drivers\etc The file has no extension, but can be opened with Notepad. To change the contents of a file in Notepad, you must have administrator rights.
To view the file host open the menu Start, select item Execute, enter the command
and press the buttonOK.This is what the file should look like host default.
If the file contains entries like 127.0.0.1 odnoklassniki.ru127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file host
Restoring the contents of the hosts file to default
- Open menu Start, select item Execute, enter the command %systemroot%\system32\drivers\etc and press the button OK.
- Rename the hosts file to hosts.old.
- Create a new file hosts default. To do this, follow the steps below.
- Right click in free space in folder %WinDir%\system32\drivers\etc, select item Create, click the element Text Document, Enter your name hosts and press the key ENTER.
- Click the button Yes to confirm that the filename will not have the extension TXT.
- Open a new file hosts in a text editor. For example, open the file in " Notebook".
- Copy the text below into a file.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
Recently I needed to fix the hosts file, and where to find the hosts file, I didn't know, so I had to comb for the answer I needed. Fortunately, there was a lot of information, but just in case, I still decided to leave the answer to my question on the pages of the Computer Malfunctions blog.
Where is the hosts file located in Windows XP?
The HOSTS file is located in Windows XP by the address:
C:\WINDOWS\system32\drivers\etc\
Open hosts file can be done using any text editor, for example, using Windows Notepad.
What does the hosts file look like?
If your task is hosts file recovery, then you can copy the typical contents of the hosts file for Windows XP below. In fact, the contents of the hosts file can be limited to just one line "127.0.0.1 localhost". Everything else is just explanatory commentary. On Windows XP the hosts file looks like So:
# (C) Microsoft Corp., 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# should be in the first column and must be followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
#
# Additionally, some lines may contain comments
# (such as this line), they must follow the node name and be separated
# from it with the symbol "#".
#
# For example:
#
# 102.54.94.97 rhino.acme.com # origin server
# 38.25.63.10 x.acme.com # client node x127.0.0.1 localhost
And finally, if your system is not Windows XP, then I recommend that you read the article on restoring the hosts file for Windows 7, Windows Vista, Windows Server 2008, Windows Server 2003 on the official Microsoft support website: http://support.microsoft.com/kb/972034/ru.
This article will talk about the “long-suffering” system file hosts, which often suffers from network “malware” leaked onto the computer. Hosts has no extension, but essentially it is a regular text file and the built-in Notepad is enough to edit it. The purpose of the file is to store a list of domains and their corresponding IP-addresses. This is the list that the browser first accesses after entering, say, a domain name in the address bar Yandex.ru to find out that it corresponds to the address 77.88.21.11.
Now imagine that an attacker program has changed the hosts"IP" Yandex.ru to the address of the “weed” site she needs. Now every time after typing in the browser Yandex.ru you will find yourself on some XXX.com. Of course, this disgrace must be quickly stopped, for which you will have to go directly to the file hosts. In the article I will outline a guaranteed way to do this, because... V latest versions Windows the developer has strengthened the security of the OS, which in practice has made life more difficult for users: the desired folder may not be visible or the file itself cannot be edited.
So, to bring hosts should be opened into a “divine” view Notepad as administrator. To do this, go to the menu "Start"→ next," All programs" → "Standard" → right-click on Notebook and in context menu let's choose "Run as administrator ".
In the top panel that appears, click " File " → "Open" → in the address bar indicate the path to the desired folder – C:\Windows\System32\drivers\etc . If the folder is empty, in the “File name” line write hosts and click " Open" (next screenshot).
The contents of the file can be compared with the original in Windows 7 and, in case of discrepancies, copy for yourself.
# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. #127.0.0.1 localhost
In principle, you can leave only one entry - 127.0.0.1 localhost or even leave nothing - in any case, this is better than the disgrace as in the screenshot below ( real example editorial staff hosts villain-virus).
As you can see, the malware blocked the update antivirus programs and access to social networking sites. To prevent the situation from happening again, it is recommended to protect the file with the " Only reading" by clicking on hosts right click → " Properties" → on the first tab "General" check the box next to the corresponding attribute.
About what else useful can be done with system file hosts I'll tell you in ours.
Loading...