What pure hosts looks like. Where is the hosts file in Windows XP? Ad exclusion

which we publish on the website. This file is an important element of the operating system, so it is not surprising that users so often ask questions related to the hosts file. One of the typical questions is how the hosts file should look like.

The fact is that many viruses, when they enter the computer, damage the hosts file. They add their own entries to it, the purpose of which is to block access to anti-virus updates or to replace real sites with fraudulent ones. Determining the appearance of such alien records is very simple. Just open the file with Notepad.

If the hosts file has many lines like this:

• 127.0.0.1 kaspersky.com
• 127.0.0.1 kaspersky-labs.com
• 127.0.0.1 liveupdate.symantec.com
• 127.0.0.1 liveupdate.symantecliveupdate.com

That is the work of viruses. After removing such viruses, the hosts file remains corrupted and users wonder how to restore it.

What should the hosts file look like in Windows XP

In the picture you can see how the hosts file should look like in the Windows XP operating system. If you want to restore the hosts file in this form, then you need to download the text file and its contents to your hosts file.

What the hosts file should look like in Windows Vista, Windows 7 and Windows 8

In the picture you can see how the hosts file should look like in Windows Vista, Windows 7 and Windows 8 operating systems. If you want to restore the hosts file in this form, then you need to download the text file and copy its contents to your hosts file.

How to restore the hosts file. It is not necessary to restore the hosts file to its original form. The "#" character in the hosts file means that any text after this character is a comment and should be ignored by the operating system. Thus, all lines of the hosts file that begin with the "#" character do not affect the operation of the system in any way and can be safely deleted.

How to open the hosts file. The hosts file does not have an extension, but is nevertheless a plain text file. Therefore, it must be opened with the standard Notepad program.

What to do if the hosts file is deleted. If the file is deleted then you can restore it by creating a plain text file and .

Many ordinary and slightly advanced computer users have been using them for many years and did not suspect the existence of some file named hosts A that does not have a last name (that is, no extension).

But thanks to viruses and the imperfection of the operating systems of the Windows family (Windows), users had to get to know this "host", and quite closely.



What is the hosts file for?

In the Windows operating system (XP, Vista, 7, etc.), the file hosts used to associate (match) host names (hosts, servers, domains) with their IP addresses (name resolution).File hosts is a simple text file that does not have any extension (it doesn't even have a dot :)).

File hosts physically located in the directory:

• \Windows\System32\drivers\etc\- for Windows 2000/NT/XP/Vista\7
• \Windows\- for older Windows 95/98/ME

Most often, this directory is located on the C drive, so in this case the full path to the file is obtained. hosts represents:

By default, only one IP address should be specified in a normal hosts file, this is - 127.0.0.1 . This IP address is reserved for localhost, that is, for your local PC. No other addresses should be there!

File contents hosts for Windows XP (Russian OS version):



In text form, the contents of the hosts file for Windows XP can be copied from here:

# (C) Microsoft Corp., 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# be in the first column, followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
#
# Also, comments can be inserted on some lines
# (such as this line), they must follow the hostname and be separated
# from it with the symbol "#".
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # client node x

127.0.0.1 localhost

File contents hosts for Windows Vista (English OS version):

In text form, the contents of the hosts file for Windows Vista can be copied from here:

# Copyright (c) 1993-2006 Microsoft Corp.
#

#




#space.
#


#
# For example:
#


127.0.0.1 localhost
::1 localhost



File contents hosts for Windows 7(English version of OS):

In text form, the contents of the hosts file for Windows 7 can be copied from here:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# ::1 localhost

Using the hosts file

File hosts theoretically can be used to speed up the work on the Internet and reduce the amount of traffic. This is implemented by reducing queries to the DNS server for frequently visited resources by the user. For example, if you use Yandex and Google search engines every day (sites http://yandex.ru And http://google.ru respectively), then it makes sense in the file hosts after the line " 127.0.0.1 localhost" write the following lines:

93.158.134.11 www.yandex.ru

209.85.229.104 google.ru

This will allow your Internet browser not to contact the DNS server, but to immediately establish a connection with sites yandex.ru And google.ru. Of course, few people do such tricks at present, if only because of good modern access speeds.



Restrictions using the hosts file

Some advanced comrades sometimes use the hosts file to block unwanted web resources (for example, erotic content - for children until they grow up and become smarter than you in terms of computers). To do this, after the line 127.0.0.1 localhost also add a bnm line or more lines:

127.0.0.1 blocking resource address-1

127.0.0.1 addressblocked resource-2

127.0.0.1 addressblocked resource-3

For example:

The essence of this entry is that the specified blocking resource will now be compared by the browser with the IP address 127.0.0.1 , which is the address of the local computer - accordingly, the forbidden site simply will not load.

Often this function is used by computer viruses that add the necessary browser redirects to the hosts file:

Most often, the redirection is done to the "left" site, which does not visually differ from the real resource, while the username and password are stolen from the user (he enters them into supposedly real site fields) or they simply write that your account is blocked (supposedly for spam, etc. ), pay money or send SMS (also very paid) to unlock. Simultaneously with the redirection to their site from social networking sites, attackers block using a file hosts access to sites of anti-virus programs.

Attention! Never pay for it! And don't text!

A cell phone can only be used as a means of obtaining a password, an unlock code. Those. messages should come to you, not come from you.



Although, if you don’t feel sorry for the money, first check with your mobile operator the cost of sending SMS to this number in order to decide for sure that you really don’t feel sorry for just giving this amount to someone.

How to edit the hosts file

1. Each element must be written on its own (separate) line.
2. The site's IP address must begin at the first position of the line, followed (on the same line) by a space-separated hostname.
3. The IP address and hostname must be separated by at least one space.
4. The comment line must start with the # character.
5. If comments are used in domain name match strings, they must follow the hostname and be separated from it also by the character # .

Viruses and the hosts file

Attackers, so that their actions are not immediately detected, edit the file hosts more cunningly. Several options are possible:

1. To the end of the file hosts added VERY many lines (several thousand), and redirect addresses (most often at the end) are difficult to notice, especially if you look at the contents of the file hosts using the notepad built into Windows - a very poor editor.

To view the contents and edit a file hosts it is best to use a text editor that shows the number of lines in a document, such as Notepad++.

You should also set up a rather large size of the hosts file, well, in its normal state, it cannot be more than a few kilobytes in size!

2. The original hosts file is edited, after which the attribute " Hidden" or " Systemic", because by default hidden files and folders in Windows operating systems are not displayed. In the folder C:\WINDOWS\system32\drivers\etc file is created hosts.txt(by default, extensions are not displayed for registered file types, and the system does not accept the file hosts.txt she only needs hosts), which is either completely empty, or everything is written as it should be in a real file hosts.

3. Similarly, as in the second option, only here the attackers have already provided for the option that extensions for registered file types are displayed in the operating system (the user turned it on himself). So instead of a file hosts.txt the virus creates a file hosts, which has the letter " O" Russian, not English. Visually, the file looks like a real one, but it is also not perceived by the system.

In this picture, the first file hosts- hidden, the virus made changes to it. Second file hosts- not real, it contains the Russian letter " O" in the name, most often this file hosts empty, viruses don't bother copying the contents from the real file.

Restoring the hosts file

If you have identified similar changes to your file host everything needs to be restored to its original state. To do this, do the following:

• Disable real-time protection for your antivirus program, because many normal modern antivirus programs (for example, Avira) do not allow you to make changes to the file hosts.
• Open directory C:\WINDOWS\system32\drivers\etc
• Enable display of extensions for registered file types, hidden files, and system files.
• Click on file hosts right-click and select the line " Edit with Notepad++":

If you do not have the Notepad++ text editor program installed, then I recommend that you install it first, and do not use notepad. If you do not currently have the Internet or are just too lazy to download Notepad ++, then you can also use a poor notepad to edit the file hosts.

To open a file hosts left-click on it with notepad, a Windows window will appear with the message “ Failed to open the following file...". Set the switch to " Selecting a program from the list manually". Click OK. In the window " Program selection" find in the list Notebook and press OK.

• Edit the contents of the hosts file so that it becomes as indicated at the beginning of this article.
• Save changes.
• Activate antivirus program protection (if disabled).
• Launch the browser and check the ability to view the desired sites.

How the hosts file works

When the user types the address (URL) of a website in the browser and presses Enter, the user's browser:

• Checks in the hosts file whether the name entered is the host's own name (localhost).
• If not, then the browser looks for the requested address (hostname) in the hosts file.
• If a hostname is found, the browser accesses the corresponding IP address specified in the hosts file for that host.
• If the hostname is not found in the hosts file, then the browser accesses the DNS resolver cache (DNS cache).
• If a hostname is found in the cache, the browser looks up the corresponding IP address stored in the DNS cache for that host;
• If the hostname is not found in the DNS resolver cache, the browser contacts the DNS server;
• If the requested web page (site) exists, then the DNS server translates the user-specified URL into an IP address;
• The web browser downloads the requested resource.

The hosts file is designed to match domain names (websites), which are written using characters, and corresponding IP addresses (for example, 145.45.32.65), which are written as four numbers. You can open any site in the browser not only after entering its name, but also after entering the IP address of this site.

On Windows, requests to the hosts file take precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.

Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?

They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown an advertisement, and at worst, a fake page of a popular resource (social network, email service window, online banking service, etc.) will be opened, asking him to enter data from his account.

Thus, due to the carelessness of the user, an attacker can access the user's data and cause damage to him.

Where is the hosts file located?

The hosts file is located in the folder with the Windows operating system, usually it is the "C" drive on the user's computer.

The path to the hosts file will be:

C:\Windows\System32\drivers\etc\hosts

You can manually follow this path, or directly open the folder with the host file, using a special command.

For quick access to the file, press the key combination "Windows" + "R" on the keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above), or one of these commands:

%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc

This file does not have an extension, but it can be opened and edited with any text editor.

Default contents of the hosts file

On the Windows operating system, the "hosts" file has the following standard content:

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost

This file is similar in content to Windows 7, Windows 8, Windows 10 operating systems.

All entries that start with the pound sign # and continue to the end of the line are largely irrelevant to Windows, as they are comments. These comments explain what this file is for.

It says here that the hosts file is for mapping IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Further after the pound sign (#), it will be possible to write a comment to the entry inserted into the file.

These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.

You can download the standard hosts file from here to install it on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.

What to pay attention to

If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malware.

Pay special attention to the contents of the file after these lines:

# 127.0.0.1 localhost # ::1 localhost

Additional entries can be inserted into the host file, which are added here by some programs.

For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries have been inserted to perform certain actions. This was done so that during the process of installing programs on my computer, this utility would cut off unwanted software.

There may be additional lines, of this type: first a “set of numbers”, and then after a space, “site name”, added in order, for example, to disable ads in the Skype program, or block access to some site.

If you yourself did not add anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the host file.

Why change the hosts file

The hosts file is modified in order to block access to a specific resource on the Internet, or in order to redirect the user to another site.

Typically, malicious code is initially executed after a program downloaded from the Internet is launched. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.

To block a site (for example, the VKontakte site), lines of the following type are entered:

127.0.0.1 vk.com

For some sites, two variants of the site name can be entered with or without "www", or without this abbreviation.

You yourself can block unwanted sites on your computer by adding an entry like this to the host file:

127.0.0.1 site_name

In this entry, the IP address (127.0.0.1) is the address on your computer's network. Next comes the name of the site that you need to block (for example, pikabu.ru).

As a result, after entering the name of the site, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.

When using a redirect, after entering the name of the desired site, a completely different site will be opened in the user's browser, usually a web page with advertising, or a fake page of a popular resource.

To redirect to another site, entries like this are added to the host file:

157.15.215.69 site_name

First comes a set of numbers - the IP address (I wrote random numbers here for an example), and then, after the space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.

The scheme of this method is something like this: bad people deliberately create a fake (fake) site, with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user's computer, after launching which changes are made in the hosts file.

As a result, when a user types the name of a popular site in the browser's address bar, instead of the desired site, it is redirected to a completely different site. This could be a fake social network page designed to steal user's personal data, or a site with intrusive ads. Very often, from such a fake site, there are redirects (redirects) to many other specially created pages with advertising.

How to edit the hosts file

You can change the contents of the host file yourself by editing it with a text editor. One of the easiest ways to be able to modify a file is to open the hosts file in Notepad by opening the program as an administrator.

To do this, create a shortcut to the Notepad utility on the Desktop, or run the application in standard programs that are located in the Start menu. To start, first right-click on the program shortcut, and then select "Run as administrator" from the context menu. This will open the Notepad text editor window.

C:\Windows\System32\drivers\etc

After opening the "etc" folder, you will not see the "hosts" file, as the Explorer will display text files. Select the "All Files" setting. After that, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.

After editing is complete, changes in the hosts. Please note that the file type when saving must be: "All files".

Article Conclusions

In the event that the malicious program has changed entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file by removing unnecessary entries from there.

How to change the hosts file (video)

Very often, either after a virus attack, after which, for example, a social network to restore access to your page, or after unsuccessful editing, you have to restore the default content. To do this, you need to know what the contents of the original hosts file are. The situation is complicated by the fact that in each operating system from Microsoft Corporation, it is different, although the main thing remains the same. Below is the original contents of the hosts file for some of the currently popular Windows operating systems, which I will list in descending order of their popularity (I personally believe that the most popular system is the newest system. Who says that Windows XP is immortal, and Windows 7 is the most the best creation of Microsoft, people seem to me to be backward in development. I do not want to offend anyone, I will only be glad to hear that I am wrong).

For those who don't know, the Hosts file is used to translate domain names into network . More details about this file are written in the article, the link to which I gave a little higher.

Original Hosts in Windows 8

#

#




#space.
#


#
# For example:
#
#102.54.94.97 rhino.acme.com #source server
#38.25.63.10 x.acme.com #x client host

#127.0.0.1 localhost
# :1 localhost
127.0.0.1 localhost

Original Hosts file in Windows 7

# Copyright © 1993–2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# :1 localhost

The original Hosts file in the Windows Vista operating system

# Copyright © 1993-2006 Microsoft Corp.
#

#




#space.
#


#
# For example:
#


127.0.0.1 localhost:1 localhost

Original Hosts in Windows XP

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

Using the templates provided, you can easily replace the current content of the Hosts file with its original content. In addition to the above files, I would like to clarify a little what is what here. The main content of the original Windows Hosts file is a commented manual for using this file in English. In addition to describing the functionality of the Hosts file, here are also various examples of its intended use. And if you still have not figured out where the comments are, and where the functional part of this file is, then get acquainted: the sign # is a special character that means that everything on this line after this character is a comment. And this means that in almost all original Hosts files, the really working part is the last line indicating the loopback interface, which is one of the and point to the computer itself. And based on this, you can completely remove all comments from the Hosts file without losing its performance. That is why the title of the article is Original hosts file in Windows, but not Correct Hosts for Windows. After all, the correct Hosts file will be any rubbish like this:

# In front of you is the most correct of all
# of the most correct Hosts files, which
# ever existed on computers
# on which it has ever been installed
# operating system from known
# Microsoft Corporation!
127.0.0.1 localhost
# As you can see, comments are everywhere!
# And here,
# and there. But from this hosts file
# does not become wrong!

The hosts file is a rather vulnerable place in the Windows operating system. This file is the number one target for almost all viruses and trojans that manage to infect a computer. In this article, we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after a computer is infected with viruses.

The task of this file is to store a list of domains and their corresponding ip-addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need in the address bar of the browser, a request is made to convert the domain to an ip address. Now this conversion is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.

Even now, this file has a direct effect on the translation of symbolic names. If you add an entry to the hosts file that will associate the ip address with the domain, then such an entry will work fine. This is exactly what developers of viruses, trojans and other malicious programs use.

As for the file structure, the hosts file is a plain text file with an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual text editor Notepad (Notepad).

The standard hosts file consists of several lines that begin with the "#" character. Such lines are ignored by the operating system and are simply comments.

Also in the standard hosts file there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of anti-virus programs.

For example, after infecting a computer, a virus adds the following entry in the hosts file: "127.0.0.1 kaspersky.com". When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is the wrong ip-address. This leads toaccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or anti-virus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the ip address of the attacker's server. As a result, when trying to access a well-known site, the user gets to a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can get logins, passwords and other personal information of the user.

So in case of any suspicion of a virus infection or site spoofing, the first thing to do is to check the HOSTS file.

Where is the hosts file

Depending on the version of the Windows operating system, the hosts file can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7, or Windows 8, the file is located in the WINDOWS\system32\drivers\etc\ folder.

On Windows NT and Windows 2000 operating systems, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example, in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many hacked users are interested in where they can download the hosts file. However, you do not need to search and download the original hosts file at all. You can fix it yourself, for this you need to open it with a text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update the antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder where this file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows + R, in order to open the "Run" menu". In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
2. After you open the folder in which the hosts file is located, make a backup copy of the current file. In case something goes wrong. If the hosts file exists, just rename it to hosts.old. If the hosts file is not in this folder at all, then this item can be skipped.
3. Create a new empty hosts file. To do this, right-click in the etc folder and select "Create a text document".
4. When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without an extension. Close the warning window by clicking the OK button.
5. After the new hosts file has been created, it can be edited. To do this, open the file with Notepad.
6. Depending on the version of the operating system, the contents of the standard hosts file may differ.
7. For Windows XP and Windows Server 2003, "127.0.0.1 localhost" must be added.
8. Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and "::1 localhost".