Restoring the Windows 7 host file. The hosts file - where it is located, what it should look like, how to edit and save
After entering the required site in the browser, suppose Google.com , the browser sequentially (according to priority) looks for a match between this domain name and the IP addressee (because it is IP addresses that network devices work with).
A) the specified site is checked in the hosts file, if it finds a match (let’s assume 1.1.1.1 Google.com is written in the hosts file), then the contents of IP - 1.1.1.1 will open for you, if there is no specified domain name, proceed to the next step;
b) cache dns is checked (if you have previously opened Google.com, then most likely the IP of this site is saved in DNS cache your computer/laptop), if the IP of the site is indicated there, then the page opens for you, if not, proceeds to the last stage;
V) the request goes to DNS server(it is registered manually in the settings network connection or issued via DHCP), if the DNS server does not have the specified site, it will “ask” another DNS server until it finds it (if, of course, it exists at all) and the site opens successfully.
Hosts file is located along the path C:\Windows\System32\Drivers\etc\hosts (if C is the system drive). You can open it with a regular notepad. If you have not made any changes to host file s, then the following will be written there:
|
Hosts file in Windows XP: 127.0.0.1 localhost |
Hosts file inWindows Vista:
127.0.0.1 localhost |
|
Hosts file in Windows 7: # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. |
Hosts file in Windows 8 # Copyright (c) 1993-2009 Microsoft Corp. # localhost name resolution is handled within DNS itself. |
As you can see, regardless of the version, the host file is not very different, but if a virus “worked” on the hosts file, various sites and IPs can be added there. For example:
127.0.0.1 ftp.kasperskylab.ru
127.0.0.1 ids.kaspersky-labs.com
127.0.0.1 vk.com
127.0.0.1 drweb.com
Such additions to the file prevent you from accessing the specified sites.
1.2.3.4 ftp.kasperskylab.ru
1.2.3.4 ids.kaspersky-labs.com
1.2.3.4 vk.com
1.2.3.4 drweb.com
Such additions in the file when opening the specified sites will redirect you to other sites, possibly infected with viruses (IP-1.2.3.4- are fictitious).
If you find that the hosts file has been changed, it needs to be corrected. In Windows XP, the file is simply opened in Notepad, the necessary changes are made and saved (you must log in as an administrator). On other versions (Windows Vista, 7, 8), you must give permission to change the file. To do this, open the folder in which hosts is located C:\Windows\System32\Drivers\etc(if drive C is system). Click right click mouse on hosts and choose "Properties".
Select a tab "Safety", then select the user under which you work on your computer/laptop (in in this example this is the site) and click the button "Change". A window will open "Permissions for the group "hosts"", select the user again and assign full rights on the file, click "OK", in the window "Properties: hosts", Same "OK".
After that, open hosts with Notepad and return the file to original state, save the changes when finished.
Using this file, you can establish a correspondence between domain names and their IP addresses. In the general case, this correspondence is determined by the DNS service (server), but if this service needs to be “bypassed,” that is, a non-standard (sometimes useful, and sometimes harmful) mapping is set, then they resort to setting it in the hosts file. This system object appeared with the advent of the Internet, when DNS service did not yet exist, and was the only way for Windows to indicate the correspondence between the symbolic name of a site and its physical network address.
This file is a system file and is located in system partition disk in Windows folder\System32\drivers\etc\. This is a normal format text file With named hosts, but without name extension. It consists of text strings and can be edited by any text editor. Each line can be either a comment (in which case its first character is #) or a matching statement in the format
How to restore hosts
Sometimes a situation may arise when you need to restore the initial state of this file. It can occur either after accidental deletion or corruption, or as a result of the influence of malware. It should be said right away that to access this file (including when restoring it) you need administrator rights. Its content can be generated manually in a text editor or downloaded from the Internet.
Editing a file
Of course, in order to edit hosts, you need to have administrator rights. You can edit it with any text editor. As an example we use standard Notepad, which is always installed on Windows 7. You can launch it in two ways - from command line and directly calling Notepad:
After any changes to this document, you must reboot, otherwise its new contents will not be known to Windows 7, since they become known only during a reboot.
The benefits and harms of hosts changes
Useful changes to this file include, for example, the following:
- Setting the IP address and domain to match in order to speed up access to the site by bypassing the DNS server.
- Changes to block access to a specific site, for example, to block verification Windows authenticity or availability of updates for any program. To do this, 127.0.0.1 is specified as the IP address, which the operating system perceives as an access to this computer, and not to the real site.
- Changes to "advertise" this computer local server, since the DNS service knows nothing about it. Of course, for this the IP address must be static.
Hosts are the main target for most malware. There are two main, one might say “classical”, ways of changing this file, which attackers resort to in order to benefit from it. These are the changes:
- Blocking access to anti-virus program servers so that the computer cannot download such a program or update virus syndrome databases. For example, if, as a result of exposure to a virus or Trojan, a line like “127.0.0.1 esetnod32.ru” appears in the hosts, then any attempts to access the site with this antivirus will be blocked.
- Substitution real address site registered on the DNS server to a fake one. Let's say malicious application, which has penetrated the computer, will write in this file the line “91.81.71.61 vk.com”, where the address of the computer of the author of this program is specified. This is done with the goal that attempts to access everyone’s favorite site will result in a call to the attacker’s server, the interface of which completely replicates its real counterpart, but is used to collect confidential information about site users, for example, their logins and passwords.
Therefore, if there is any suspicion of the presence of viruses in the system, you should first check the status of this file, and that is why many anti-virus virus programs tirelessly monitor its condition and notify the user of all attempts to change it.
The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.
IN Windows request to the hosts file has priority over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.
Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?
They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown advertising, and at worst, a fake page of a popular resource will be opened (social network, service window Email, online banking service, etc.), asking you to enter your account information to log into the fake site.
Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.
Where is the hosts file located?
The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.
The path to the hosts file will be like this:
C:\Windows\System32\drivers\etc\hosts
You can manually go through this path, or immediately open the folder with the host file using a special command.
For quick access to the file, press the keyboard shortcut “Windows” + “R”. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:
%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc
This file has no extension, but can be opened and edited in any text editor.
Standard contents of the hosts file
In the Windows operating system, the "hosts" file has the following standard contents:
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
This file is similar in content to the operating systems Windows 7, Windows 8, Windows 10.
All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows, since they are comments. These comments explain what the file is for.
It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin with new line, first write the IP address, and then after at least one space the site name. Next, after the hash (#), you can write a comment to the entry inserted into the file.
These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.
You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.
What to pay attention to
If the file on your computer is no different from this one, standard file, this means that there are no problems that could arise due to the change this file There are no malware on your computer.
Pay special attention to the contents of the file, which are located after these lines:
# 127.0.0.1 localhost # ::1 localhost
The host file can be inserted additional entries, which are added here by some programs.
For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility cut off unwanted software.
There may be additional lines, this type: first a “set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype program, or block access to a site.
If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.
Why do they change the hosts file?
The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.
Usually, initially malicious code is executed after launching a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.
To block a site (for example, the VKontakte site), lines of this type are entered:
127.0.0.1 vk.com
For some sites, two versions of the site name may be entered with “www” or without this abbreviation.
You yourself can block unwanted sites on your computer by adding a similar entry to the host file:
127.0.0.1 site_name
In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).
As a result, after entering the site name, you will see a blank page from your computer, although address bar browser will display the name of this web page. This site will be blocked on your computer.
When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.
To redirect to another site, entries of the following type are added to the host file:
157.15.215.69 site_name
At the beginning recruitment is underway numbers - IP address (I wrote here random numbers for example), and then, after a space, with Latin letters the name of the site will be written, for example, vk.com or ok.ru.
The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.
As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake page social network, which is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.
How to edit the hosts file
You can change the contents of the host file yourself by editing it using text editor. One of the most simple ways To be able to change the file, open the hosts file in Notepad, opening the program as administrator.
To do this, create a shortcut to the Notepad utility on the Desktop, or launch the application in standard programs, which are located in the Start menu. To start, first click on the program shortcut with the right mouse button, and then select in context menu"Run as administrator" item. After this, the Notepad text editor window will open.
C:\Windows\System32\drivers\etc
After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.
After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.
Conclusions of the article
In case if malware changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.
How to change the hosts file (video)
The Windows 7 operating system has such a file through which you can regulate your visits to sites on the Internet. Mostly people do not know about such a file, and those who know try to ignore it so as not to “perform miracles.” This file is called hosts. Let's look briefly at why it is needed.
Let it be known that when you enter the address of a website in the browser line, a special DNS server located on the Internet immediately changes it to a certain sequence of numbers. This digital series is unique for each site, and site names are needed only for ease of remembering. The hosts file is used for speed of work in worldwide network Internet, bypassing requests to the DNS server. In other words, if you write a number string in the hosts file corresponding to the name of the site, then you will be taken to it directly, bypassing the DNS server. You just need to register it correctly, otherwise the site won’t load, and even if it does, it won’t be the one you want.
“Computer pests” willingly use the hosts file for their personal interests. A virus, penetrating a computer, very often changes the hosts file. Therefore, if you suddenly encounter restrictions on access to certain sites, first scan your computer to see if viruses have entered it, and only then convert the hosts to its original form.
Where is the hosts file located in Windows 7?
So, let's look at where hosts is located in Windows 7. You can find it in the Windows system folder. It is located on drive C, that is, where the system is installed. Next, find the “System 32” folder, go to “Drivers” and, finally, to “Etc”. The file we need is saved in this folder.
It also happens that you did not find the hosts file, most likely it is simply hidden and the “Do not show” option is indicated in the settings hidden files, folders and disks." In this case, you need to open the “Computer” folder and press “Alt”, it will appear at the top of the window extra menu, in it select “Service” and “Folder Options”. 
In the new window, select the “View” tab and find the item “Show hidden files, folders and drives”, put a checkmark on it. Accept the changes by clicking the “Ok” button. Now go to the “Etc” folder, the hosts file should be displayed. 
Now let's look at how you can change the hosts file. Let's proceed as follows:
Where is the hosts file in Windows 10?
The hosts file in the Windows 10 operating system is located in the same place as in Windows 7, that is, on system disk. In the “Windows” folder, then go to the “System 32” folder, go to “Drivers” and, finally, to “Etc”.
To change a file in Windows 10, you must:
- Double-click on the hosts file;
- In the window that appears we find “Open with”;
- We find among the proposed programs “Notepad”;
- Click “Ok”;
- Make changes and save them.
- If you are a layman in this matter, then it is better not to do anything, but ask for help from a qualified specialist.
- If something prompts you to make changes yourself, then first make a copy of the file and move it to another folder. If something doesn’t work out for you, you will return a copy of the file.
- If you did not copy this file and have already made changes, and then your computer starts acting up, then the Internet will help you. Download a similar file from the site and replace yours.
- Before you change something, think about whether you really need to do it and how important it is for you.