The article covers the following questions: where is the hosts file in Windows 7, Windows 8, Windows 10; contents of the hosts file, how to edit it; how to save the hosts file if access is denied.

Hosts file - what is it, what is it for?

What is this

hosts - a file containing a database of IP addresses and domain names corresponding to them. For example, for the popular site VKontakte the correspondence will be as follows:

87.240.131.118 vk.com

The hosts file on Windows is opened using the application Notebook.

What is it needed for

Letter website addresses were invented exclusively for people, since it is easier for a person to remember. Computers find sites by numbers. Using the same VKontakte as an example: vk.com is a letter address (or they say URL), and 87.240.131.118 is a digital address (or IP address).

Check my words. Enter in the address bar of your browser
87.240.131.118
You must go to the site https://vk.com/.

All matches between IP addresses and URLs are stored on DNS servers, which the browser contacts and opens to us the desired site.

But before contacting the DNS server, the browser always checks the hosts file. In it we can prohibit the opening of sites, or replace the correspondence between the IP address and the URL.
This is what viruses do on the computer, replacing matches, adding other lines to this file, etc. For information about the lines that need to be entered into such a file, see the chapter “Like commands that need to be entered

What should the hosts file look like? Contents of the hosts file

The hosts file should have the following:

For Windows XP:

# Copyright (c) 1993-1999 Microsoft Corp. # # #space. # # # For example: # 127.0.0.1 localhost

For Windows Vista:

# Copyright (c) 1993-2006 MicrosoftCorp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one #space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host #127.0.0.1 localhost # ::1 localhost

For Windows 7, 8, 8.1, 10:

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one #space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. #127.0.0.1 localhost # ::1 localhost

Where is the hosts file located in Windows 7, Windows 8, Windows 10

The hosts file is located in all versions of Windows at
See screenshots:

How to open the hosts file

This file can be opened using Notepad. Find this application in the start menu. Click right click mice. In the menu that appears, select “Run as administrator.” In the Notepad window that opens, through the “File” → “Open…” menu, open the hosts file, writing the file address in the address bar of the window that opens or moving from folder to folder until we find it.

How to edit the hosts file

1. Recovery

To restore a file you need:

1. Open the file using Notepad as administrator.
2. Copy the contents of the file from this article, paste with replacement and save.

Attention!

The file should only be opened through Notepad running as administrator. Otherwise, you will not be able to save the changes. When we save the .txt extension in the file name, we delete it.

Tricks of a modified hosts file

1. Some viruses disguise their changes after lines
127.0.0.1 localhost
::1 localhost
They leave a lot of spaces and only then add lines.

Therefore, when replacing content, select all content (hot keys CTRL+A).

2. The file is hidden
If there is no file in the specified package, then it may have been hidden and assigned the “Hidden” attribute.
In the menu View → Options → View, check the “Show hidden files, folders and drives” checkbox.

Now that the file has appeared, in the file properties, uncheck the “Hidden” checkbox.

3. Cannot be edited
The file has been assigned the Read Only attribute. In the file properties, uncheck the corresponding box.

To folder C:\Windows\System32\drivers\etc place a file with the name hosts, but with the extension .txt(hosts.txt file) or without an extension, like the hosts file, but with a different name, for example, host.

2. Change

To block access to a certain site, you need to enter the lines at the end of the content
(Skip line)
127.0.0.1 (several spaces) (Domain name to block)
127.0.0.1 (several spaces) (Name of the blocked domain from www.)

Using the example of the same VKontakte and Odnoklassniki:

Save. We check our work by entering the URL of these sites into the address bar of the browser. Sites do not open. Bingo!

This way you can block websites computer games, casino sites, pornographic sites, etc.

To redirect, we do everything as before, but we give the desired URL a different IP.

Example. Let the site https://vk.com/ open when you log in to VKontakte and Odnoklassniki
We write the lines:
(Skip line)
87.240.131.118 vk.com
87.240.131.118 www.vk.com
87.240.131.118 ok.ru
87.240.131.118 www.ok.ru

2.3. Popular sites and their IP addresses

87.240.131.118 https://vk.com/
213.180.193.3 https://ya.ru
5.61.23.5 https://ok.ru/

The Internet is full of services to determine the IP addresses of any websites. Google it.

hosts access denied - what to do

If you cannot save the file and access is denied. We do it in order, trying to save the file after each item.

1. Open in Notepad as administrator.
2. Copy the file to your desktop. Change it. The hosts file remaining in the folder C:\Windows\System32\drivers\etc rename it to hosts.old. Copy the hosts file you edited on your desktop to the folder C:\Windows\System32\drivers\etc.
3. Turn off antivirus. Antivirus programs often ensure that no changes are made to this file. Add the file to Windows Defender exceptions. Starting at 8 Windows versions makes sure that no one changes this file.
4. We set access rights to the file in its properties on the “Security” tab.
5. If you still can't remove it, go to Safe Mode and try to remove it from under it.

What happens if you delete the hosts file

Nothing will happen. Unless there are problems with your Internet connection. During connection, the IP address 127.0.0.1 will have to be specified manually. It's possible that some programs will ask for localhost instead of 127.0.0.1, which will create another problem.

File hosts establishes a correspondence between the IP server and the site domain. A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator.

To date a large number of malware is using the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites malware redirect the user to pages that look similar to popular resources (social networks, postal services etc.), where an inattentive user enters credentials, which thus fall to the attackers. It is also possible to block access to the websites of antivirus software companies.

Hosts file location

Default file hosts located here C:\Windows\System32\drivers\etc The file has no extension, but can be opened with Notepad. To change the contents of a file in Notepad, you must have administrator rights.

To view the file hosts open the menu Start, select item Execute, enter the command

and press the button OK

This is what the file should look like hosts default.

If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts

Restoring the contents of the hosts file to default

• Open menu Start, select item Execute, enter the command

  %systemroot%\system32\drivers\etc

  and press the button OK.

• Rename the hosts file to hosts.old.
• Create new file hosts default. To do this, follow the steps below.

1. Right click on an empty space in the folder %WinDir%\system32\drivers\etc, select item Create, click the element Text Document , Enter your name hosts and press the key ENTER.
2. Click the button Yes to confirm that the filename will not have the extension TXT.
3. Open a new file hosts in a text editor. For example, open the file in " Notebook".
4. Copy the text below into a file.

   # Copyright (c) 1993-2009 Microsoft Corp.
   #
   # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
   #
   # This file contains the mappings of IP addresses to host names. Each
   # entry should be kept on an individual line. The IP address should
   # be placed in the first column followed by the corresponding host name.
   # The IP address and the host name should be separated by at least one
   #space.
   #
   # Additionally, comments (such as these) may be inserted on individual
   # lines or following the machine name denoted by a "#" symbol.
   #
   # For example:
   #
   # 102.54.94.97 rhino.acme.com # source server
   # 38.25.63.10 x.acme.com # x client host

   # localhost name resolution is handled within DNS itself.
   #127.0.0.1 localhost
   # ::1 localhost

Save and close the file.

You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own. To do this you need to run Notebook in mode Administrator.

How to launch standard programs Windows see

Many ordinary and slightly advanced computer users have been using them for many years and were not aware of the existence of a file named hosts, which does not have a surname (i.e. extension).

But thanks to viruses and the imperfection of operating systems of the Window family (Windows), users had to get to know this “host”, and quite closely.



What is the hosts file for?

In the Windows operating system (XP, Vista, 7, etc.) the file hosts used to associate (map) host names (nodes, servers, domains) with their IP addresses (name resolution).File hosts- it's simple text file, which does not have any extension (it doesn’t even have a dot :)).

File hosts physically located in the directory:

• \Windows\System32\drivers\etc\- for Windows 2000/NT/XP/Vista\7
• \Windows\- For old Windows 95/98/ME

Most often this directory is located on drive C, so in this case the full path to the file is obtained hosts represents:

By default, only one IP address should be specified in a normal hosts file, this is - 127.0.0.1 . This IP is reserved for localhost, that is, for your local PC. There shouldn't be any other addresses there!

File contents hosts for Windows XP (Russian OS version):



In text form, the contents of the hosts file for Windows XP can be copied from here:

# (C) Microsoft Corp., 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains mappings of IP addresses to hostnames.
# Each element must be on a separate line. The IP address must
# should be in the first column and must be followed by the appropriate name.
# The IP address and hostname must be separated by at least one space.
#
# Additionally, some lines may contain comments
# (such as this line), they must follow the node name and be separated
# from it with the symbol "#".
#
# For example:
#
# 102.54.94.97 rhino.acme.com # origin server
# 38.25.63.10 x.acme.com # client node x

127.0.0.1 localhost

File contents hosts for Windows Vista (English OS version):

In text form, the contents of the hosts file for Windows Vista can be copied from here:

# Copyright (c) 1993-2006 Microsoft Corp.
#

#




#space.
#


#
# For example:
#


127.0.0.1 localhost
::1 localhost



File contents hosts for Windows 7 (English version of OS):

In text form, the contents of the hosts file for Windows 7 can be copied from here:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost

Using the hosts file

File hosts theoretically can be used to speed up the Internet and reduce the amount of traffic. This is achieved by reducing requests to the DNS server for resources frequently visited by the user. For example, if you use every day search engines Yandex and Google (sites http://yandex.ru And http://google.ru respectively), then it makes sense in the file hosts after the line " 127.0.0.1 localhost" write the following lines:

93.158.134.11 yandex.ru

209.85.229.104 google.ru

This will allow your Internet browser not to contact the DNS server, but to immediately establish a connection to sites yandex.ru And google.ru. Of course, few people currently do such tricks, if only because of the good modern access speeds.



Restrictions using the hosts file

Some advanced comrades sometimes use the hosts file to block unwanted web resources (for example, erotic content - for children until they grow up and become computer smarter than you). To do this you need after the line 127.0.0.1 localhost also add the bnm line or several lines:

127.0.0.1 address of blocked resource-1

127.0.0.1 addressblocked resource-2

127.0.0.1 addressblocked resource-3

For example:

The essence of this entry is that the specified blocked resource will now be matched by the browser to the IP address 127.0.0.1 , which is the address local computer, – accordingly, the forbidden site simply will not load.

This function is often used by computer viruses, which add browser redirects needed by attackers to the hosts file:

Most often, redirection is done to a “left” site, which visually does not differ from the real resource, while the user’s login and password are stolen (he enters them into the supposedly real fields of the site) or they simply write that your account is blocked (allegedly for spam, etc. ), pay money or send SMS (also very expensive) to unlock. Simultaneously with redirecting to their website from social networking sites, attackers block using a file hosts access to antivirus program sites.

Attention! Never pay for this! And don't send SMS!

A cell phone can only be used as a means of obtaining a password or unlock code. Those. messages should come to you, not come from you.



Although, if you don’t mind the money, check with your first mobile operator cost of sending SMS to this number, to definitely decide that you really don’t mind just giving this amount to someone.

How to edit the hosts file

1. Each element must be written on its own (separate) line.
2. The IP address of the site must begin at the first position of the line, followed (in the same line) by a space and followed by the corresponding host name.
3. The IP address and hostname must be separated by at least one space.
4. The comment line must begin with the # symbol.
5. If comments are used in domain name matching strings, they must follow the host name and are also separated by # .

Viruses and hosts file

To prevent their actions from being immediately detected, attackers edit the file hosts in a cunning way. Several options are possible:

1. To the end of the file hosts is added VERY there are many lines (several thousand), and the redirection addresses (most often located at the end) are difficult to notice, especially if you view the contents of the file hosts using built-in Windows notepad- a very poor editor.

To view the contents and edit the file hosts It's best to use a text editor that shows the number of lines in a document, such as Notepad++.

You should also be alarmed by the rather large size of the hosts file; in the normal state, it cannot be more than a few kilobytes in size!

2. The original hosts file is edited, after which it is assigned the attribute " Hidden" or " System", because by default hidden files and folders in operating systems Windows systems are not displayed. In folder C:\WINDOWS\system32\drivers\etc file is created hosts.txt(by default, extensions are not displayed for registered file types, and the system does not accept the file hosts.txt, she only needs hosts), which is either completely empty, or everything is written as it should be in a real file hosts.

3. Similar to the second option, only here the attackers have already provided the option that extensions for registered file types are displayed in the operating system (the user enabled it independently). Therefore, instead of the file hosts.txt the virus creates a file hosts, which has the letter " O"Russian, not English. Visually the file looks like a real one, but is also not perceived by the system.

In this picture the first file hosts- hidden, the virus made changes to it. Second file hosts- not real, it contains the Russian letter " O" in the name, most often this file hosts empty, viruses do not bother to copy the contents from the real file.

Restoring the hosts file

If you have identified similar changes to your file host, everything needs to be restored to original state. To do this you need to do the following:

• Disable real-time protection for your antivirus program, because many normal modern antivirus programs (for example, Avira) do not allow changes to the file hosts.
• Open directory C:\WINDOWS\system32\drivers\etc
• Enable the display of extensions for registered file types, hidden files, and system files.
• Click on the file hosts right click and select in context menu line " Edit with Notepad++":

If you do not have the text editor program Notepad++ installed, I recommend installing it first and not using Notepad. If you don’t currently have the Internet or are just too lazy to download Notepad++, then you can use the poor notepad to edit the file hosts.

To open a file hosts with notepad, you need to left-click on it, it will appear Windows window with the message " The following file could not be opened..." Set the switch to " Selecting a program from the list manually". Click OK. In the window " Program selection" find in the list Notebook and press OK.

• Edit the contents of the hosts file so that it becomes as indicated at the beginning of this article.
• Save changes.
• Activate antivirus program protection (if disabled).
• Launch your browser and check that you can view the desired sites.

How the hosts file works

When a user types the address (URL) of a site in the browser and presses Enter, the user's browser:

• Checks in the hosts file whether the entered name is the computer's own name (localhost).
• If not, then the browser looks for the requested address (hostname) in the hosts file.
• If a hostname is found, the browser accesses the IP address specified in the hosts file corresponding to that host.
• If the hostname is not found in the hosts file, then the browser accesses the DNS resolver cache (DNS cache).
• If a hostname is found in the cache, the browser looks up the IP address stored in the DNS cache for that host;
• If the hostname is not found in the DNS resolver cache, the browser contacts the DNS server;
• If the requested web page (site) exists, the DNS server translates the user-specified URL into an IP address;
• The web browser downloads the requested resource.

Hosts is a small text file containing a database of domain names. It is used when translating domain names into network addresses of hosts. The content of the “host” should be controlled by the PC administrator, that is, you.

In what cases can you edit a file? Each of you probably has a page on the social network VKontakte or Odnoklassniki. Sometimes, when entering the page, a window appears, the so-called “Account Validation”, with which you need to confirm that you are a real person and not just another bot. Just below you are asked to enter your phone number. This form looks something like this:

In this case, it does not matter what social network we are talking about. You must understand the main thing - these are the actions of scammers aimed at making some money from you. If you enter your phone number, then after a minute you will receive a message on your phone with a code that you must enter in the field that appears. After this action, a large amount of money will be debited from your personal account, or the funds will be debited gradually - this is the so-called subscription.

How is this possible? It’s worth saying “thank you” to the “hosts” file. When you surf the Internet, a virus or Trojan may get onto your computer, which automatically rewrites the hosts, making the necessary adjustments to it. With the help of these adjustments, when you type vk.com in the address bar, you end up not on VKontakte, but on a site specially created by scammers, which exactly replicates its design social network, only instead of your page “Account Validation” is displayed.

It’s very easy to check this - open hosts and see if there are any strange IP addresses in it. In 99% of cases they are in the file.

How to edit hosts?

There are two ways. If you do not want to edit this file yourself, but want to restore it to its original form, you can download free utility Dr.Web Cureit, which automatically corrects “hosts” to default settings while scanning the system.

If you want to fix it yourself, go to the C:\windows\system32\drivers\etc\ folder. Hosts has hidden attributes, so you need to make hidden files visible (Control Panel - Folder Options - Show hidden files, folders and drives). Now hover your mouse over the file, click on the left button and select “Run as administrator” from the menu. Edit the file and save it. By the way, by default it looks like this (everything below the localhost entry can be deleted):

Another option is to not show hidden folders. To do this, create a notepad on your desktop. Open it, select “File” - “Open” and enter the path C:\windows\system32\drivers\etc\hosts. However, in this case you can only view the file, but not edit it.

The hosts file is a rather vulnerable place in operating system Windows. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after your computer is infected with viruses.

The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.

Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.

As for the file structure, the hosts file is a regular text file with an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

also in standard file hosts there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic way benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus adds in the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads toAccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.

So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

Where is the hosts file located?

Depending on the operating system version Windows file hosts can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the WINDOWS\system32\drivers\etc\ folder.

In the Windows NT and Windows 2000 operating systems, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself, to do this you need to open text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder in which this file is located. In order not to wander through catalogs for a long time in search of desired folder You can use a little trick. Press the Windows key combination + R to open the Run menu" In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
2. After the folder in which the hosts file is located opens in front of you, do backup copy current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
3. Create a new one empty file hosts. To do this, right-click in the etc folder and select "Create a text document".
4. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
5. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
6. Depending on the version of the operating system, the contents of the standard hosts file may differ.
7. For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost" .
8. Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost".