The Hosts file - what it is, where it is located in Windows, what a webmaster should do with it and how to remove virus entries from it. Contents of the hosts file Why change the hosts file

For everyone who has problems with this file!!! The file was checked by Kaspersky, Nod 32, Doctor Web antiviruses - everything is clean! Download the file, unzip it, copy it to the Windows/system32/drivers/etc directory (if Windows asks for permission to replace files, we agree; if it writes an error that you are not an Administrator, try replacing the file using the Total Commander program) and enjoy life. The file is suitable for all latest operating systems:

Windows XP
Windows Vista
Windows 7
Windows 8 and 8.1

The file is required mainly for VKontakte users who cannot open any sites, as well as for those who cannot access anti-virus sites or update anti-viruses. Description of the file. Downloading is completely free, without annoying SMS. An article on how to create a hosts file yourself, the article can help you solve your problem.
Also, one of the users provided us with his host file so that you can use it.It blocks all malicious and advertising sites that can harm your computer. We express our gratitude to the user Diman8369 for providing such a file.

Creating and editing a host file in Windows XP

Windows 7, 8, 8.1 and 10

About 8 thousand computers per day are infected with Trojan Hosts

The Doctor Web company reported increasing cases of websites being hacked in order to download malicious programs of the Trojan.Hosts family to users’ computers. The scale of the spread of this threat at the beginning of 2013 became almost epidemic. The peak of the distribution of Trojan.Hosts occurred in January and mid-February, when about 9,500 cases of infection were recorded on user computers every day. In March, Trojan.Hosts infect about 8,000 computers per day.

To hack websites, attackers use the FTP protocol, connecting to resources using previously stolen logins and passwords. Then a special command interpreter (shell) is loaded onto the hacked site, using which the .htacess file is modified, and a malicious script is placed on the site.

As a result, when visiting an infected site, the script presents the visitor with a web page containing links to various malicious applications. In particular, this is how Trojans from the Trojan.Hosts family have recently begun to spread widely.

The main purpose of the Trojan.Hosts family of malware is to modify the hosts file, located in the Windows system folder and responsible for translating network addresses of sites. As a result of malicious actions, when trying to go to one of the popular Internet resources, the user of the infected computer is redirected to a web page belonging to the attackers.

Over the past year, questions regarding where the hosts file is located have been increasingly asked.

In fact, this file is very useful when making all sorts of settings related to Internet access.

In fact, for any problem with the Internet, the hosts file will be used one way or another. But we'll talk about this later. The main question is where to find this most useful file.

If you simply enter the query “hosts” into the system search, you won’t be able to find the file you need – it’s not that simple. At least it works very rarely, if at all.

Yes, on one of the domestic forums there was a post where a person found this very file through the most common search, but other users were unable to find it in this way.

In any case, it would be useful to consider how to find the hosts file on a particular OS.

Location on computer

Let's start, perhaps, with the still popular Windows 7 system. Here, to find the hosts file, you need to do the following:

Go to “My Computer”, then go to “Local Disk C”. Next, you should go to the “Windows” folder, which is highlighted in Figure No. 1.

Note: If the system drive is with a different designation (not C:, although most often it is C:), then the above-mentioned folder called “Windows” is located on it. In any case, you should check everywhere. There is only one such folder on the computer, so this process certainly won’t take much time.

After this, you should go to the “System32” folder. Finding it won’t be difficult either, because there’s only one like it there and it’s simply impossible to confuse it with anything.

No. 2. Folder “System32” in “Local Disk C”

After going to the “System32” folder, you need to find the “drivers” folder and go to it. This step will also be very easy to complete.

No. 3. Folder "drivers" in "Local drive C"

Next, you should find another folder called “etc”. It is highlighted in the picture below.

No. 4. Folder “etc” in “Local Disk C”

Actually, in the folder called “etc” there will be the hosts file we are looking for. Perhaps there will be only one there, or other files that are also responsible for connecting to the Internet will be located with it. Specifically, these are “networks”, “services” and “protocol”.
They often cause disruptions in the network operation of the operating system, and they have to be completely removed. Therefore, you can remember the location of all these files - this will definitely be needed in future work.
In any case, the two files will definitely not be called “hosts”.

Thus, you can find the hosts file in Windows 7 by following the path C:\Windows\System32\drivers\etc. By the way, you can open this file very easily, even if you do not follow the path indicated above.

To do this you will need a command line running as an administrator. It opens very simply.

You just need to open the “Start” menu, then open “All Programs”, select the “Accessories” folder (underlined with a red line in Figure No. 5), and right-click on the “Command Prompt” item.

In the drop-down menu you need to select “Run as administrator” (highlighted with a green frame in the same figure).

After this, in the command line you just need to write the command “notepad [path of the hosts file, that is, C:\Windows\System32\drivers\etc\hosts]” and press the Enter button on the keyboard.

It all looks like it is shown in Figure 6.

Accordingly, with this approach there is no need to find anything. The system will open everything automatically. But we’ll talk about opening the file in question later.

As for opening hosts in other systems, such as Windows 8 and Windows 10, everything is also quite simple there. As for the eighth version of the above-mentioned OS, the path there is no different.

This means that to find the desired file you just need to follow exactly the same path - C:\Windows\System32\drivers\etc.

The only difference from the above screenshots is that there will be a slightly different interface, but otherwise everything remains exactly the same.

In the end, you can not search for it at all, but open it through the command line in the same way as described above.

The same situation with Windows 10 - the path remains exactly the same. Again, the difference from the above photos is only in the interface.

Below you can see a screenshot of the same file in the Windows 10 system folder.

If we talk not about the Windows we are used to, but about Ubuntu, then the file we need is also located in a folder called “etc”.

Accordingly, to open it, you should enter a simple command: sudo gedit /etc/hosts.

Conclusion! From all of the above, one simple conclusion can be drawn - the hosts file is always located in the “etc” folder in all operating systems.

The only exceptions are older versions of Windows - 95, 98 and ME. There you can find it directly in the folder called “Windows”.

So, we already know where to find this file. Now it’s worth finding out how to edit it, and why it is needed at all.

The purpose of the hosts file

To put it simply, it is needed to save a database of domain names.

If it’s more complicated, this file is needed to convert symbolic domain names (example: yandex.ru) into IP addresses that correspond to them.

The fact is that before each transition to a specific site, the computer needs to convert the symbolic name of the site into its digital designation.

And this is where hosts comes to the rescue. In TCP/IP networks, the same function is assigned to DNS, that is, the domain name system.

The problem is that very often attackers and all kinds of Internet content blockers, such as Roskomnadzor, use this very file to block access to various sites.

A full-fledged software is written, which makes changes to it and thereby creates significant problems when entering the World Wide Web.

However, this is also relevant for the above-mentioned “networks”, “services” and “protocol” files.

But they can be completely removed, but this trick won’t work with hosts. Therefore, we need to know how it can be edited.

How to open the hosts file

One of the ways to do this was described above.

It consists of opening a command prompt as an administrator and writing the command “notepad [path of the hosts file, that is, C:\Windows\System32\drivers\etc\hosts]”.

As you can see, the Notepad program is used here to open, that is, in fact, a text editor. It is a regular notepad, but with a lot more different functions.

The problem is that it is not installed on every modern computer.

Although installing it is very simple - there are hundreds of sites for this that post Notepad installation files on their repositories, opening the file we are considering can be much easier.

The fact is that in this case we will not need all the functionality of Notepad and you can open hosts with the most ordinary notepad.

To do this, you need to follow these steps:

From the very beginning, you need to right-click on the file itself and select “Open with” from the drop-down menu (it is highlighted with a red frame in Figure No. 8).

Note: Usually the filehostshas no extension and looks as shown in Figure 7, that is, in the form of an empty sheet icon. But sometimes the system can still give him some kind of extension. This is exactly what we can see in Figure 8. Regardless of whether it has an extension or not, you should still open it only through Notepad orNotepad.

Next, you need to select “Select a program”. If the list that opens contains “Notepad”, as in Figure 9, then you need to click on it and click on the “OK” button.
If not, you should use the “Browse” button (highlighted with a red frame in Figure No. 9) and select a notepad there.

As you can see, everything is done very simply. After this, the file we need opens.

As for editing it, there are no special instructions here; everything is done in the same way as in a regular notepad.

This means that you can select a part, delete it with the Backspace button on the keyboard, and perform other actions provided by a regular text editor.

You can clearly see the process of finding, opening and editing the hosts file in the video below.

How to change the hosts file

Where is the hosts file located - Examples for different OSes

Hello, friends!
In some situations it is necessary to change or restore the hosts file.

In this article I will tell you what it is intended for and how to edit it correctly. I will give an example of how using the hosts file you can speed up, redirect or block access to certain sites.

The hosts file is a special system text file that is responsible for converting symbolic domain names into their corresponding IP addresses and vice versa. In addition to the usual address, an Internet site also has an IP address.

For example, the social network Odnoklassniki has an address like www.ok.ru and IP address 217.20.147.94. By the way, you can enter these numbers into the address bar of your browser and go, but you will be redirected to www.ok.ru.

It should be noted that such domain addresses (www.ok.ru and others) were invented solely for the sake of convenience. Agree, it is much easier to remember the symbolic name (domain) ok.ru than its IP address 217.20.147.94.

However, the server (dedicated computer) on which the ok.ru website is located does not accept such symbolic treatment. To convert a host name to an IP address, the hosts file and a special domain name system (abbreviated as DNS) are used. Moreover, the hosts file has priority over DNS.

When you enter an address, the first thing it does is look at your hosts file, and only then contact the DNS server. Unlike DNS, the hosts file can be edited directly.

I believe that you now understand the importance of the hosts file and understand why most malware seeks to gain access to it.

Using the hosts file

By managing the hosts file, you can speed up access to certain sites or, conversely, limit access to them. You can organize redirection from some pages to other sites. For example, when accessing some prohibited resources, you will be redirected to the website of the Ministry of Internal Affairs.

But the greatest danger is posed by malicious software, which, having gained access to the hosts file, will use it for its own malicious purposes. For example, block access to websites, social networks, or the sites of antivirus software companies.

Where is the hosts file located?

As a rule, if it is a Windows operating system (NT, 2000, XP, 2003, Vista, 7, 8), the hosts file is located in the system partition on drive C. The full address looks like this: C:\Windows\System32\drivers\etc\hosts.

There is a faster way to get to the host file. To do this, press the key combination: Win + R or “Start” → “Run”. A window for entering a command will open. Enter the following command:

notepad %windir%\system32\drivers\etc\hosts

And here is the host file itself, which by default looks like this:

If there is no hosts file in this folder, then most likely the virus has changed its location in the registry key. Below is a registry key that specifies the path to the folder with the host file:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters \DataBasePath

In addition, the hosts file may be hidden. In this case, go to “Folder Options” → “View” and set the value to “Show hidden folders, files and drives”.

How to edit the hosts file?

The hosts file can be edited in any text editor. For example, in a standard Windows notepad.

Let's look at the editing options and get started block access to the sites mentioned above: vk.com and ok.ru.

The site or sites to which access needs to be blocked are written on a new line; first, the local IP address is indicated at the beginning of the line - 127.0.0.1 .

In our case, the entry looks like this:

127.0.0.1 vk.com
127.0.0.1 ok.ru

Save the changes. Now open the browser and try to go to the address vk.com or ok.ru. As you can see, the hosts file has done its job, and the attempt to connect to these sites failed.

You can also redirect(make a redirect) to another site. To do this, you need to know the IP address of the site where the redirection will be made, and next to it, indicate the domain from which the redirect is being made, separated by a space.

The example below shows that first I entered the IP address of the site yandex.ru (213.180.204.3), and indicated the domain vk.com separated by a space.

This means that when you try to access the vk.com website, you will be redirected to yandex.ru (213.180.204.3).

To speed up the loading of a site, you need to know its IP address and domain. This data is written in the hosts file.

It would seem that everything is simple: you need to register the necessary changes in the hosts file and click “Save”. But the system complains and does not allow you to save the desired changes. More precisely, it suggests saving it to a separate text file.

This is due to the tightening of security rules in the latest OS versions, and this makes sense, since many viruses try to write their own strings here. In this case, the changes are made by us, and this is done purposefully.

You need to do the following. Return to the location of the hosts file and right-click to open the context menu, where you select “Properties”.

Go to the “Security” tab and select the user under whose name you are working.

Agree with the warning about the reduced security level. Go back and save changes.

There is an easier way to edit the hosts file - using the command line. You can read it.

To restore the default hosts file settings, simply copy and paste the text below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

This is how you can easily and simply by editing the hosts file, you can block access to sites or perform redirection. That's all for today.

In the next article I will tell you how to edit the hosts file if the Windows system is locked. In addition, I will answer popular questions: “Why can’t I log into Odnoklassniki?”, “Why can’t I log into VKontakte, email and other sites?” Subscribe and don’t miss the release of this article (the article has already been published, you can read it).

Today, quite often users of social networks like VKontakte or Odnoklassniki encounter problems logging into the site. The system controls this through the HOSTS file, which is located in the C:\Windows\System32\drivers\etc tree. Unfortunately, it is this service that is most often susceptible to viruses. Let's try to figure out how to fix the situation.

What files are in the C:\Windows\System32\drivers\etc directory, and what are they responsible for?

First, let's take a look at the files in this folder. In addition to the file you are looking for, there should be only four more objects located here. If there is something else, we can safely say that or something similar.

Regarding file functions, for example, the C:\Windows\System32\drivers\etc\services object and other files, including HOSTS, protocol, lmhosts and networks, are responsible for some functions of user access to certain resources on the Network.

The one in question determines the mapping of a database of domain names to IP addresses. In addition, its use involves speeding up user access to the most frequently visited pages on the Internet, bypassing DNS servers, as well as blocking some unwanted resources or banner links. By default, in addition to the descriptive text part, it contains one single entry of interest to us at the end of the text, namely: 127.0.0.1 localhost. All! There should be no more additional entries in it.

Checking the IP address of sites

If we talk about the example of a domain name matching the real IP address of a resource, you can check it in a completely elementary way by using the standard input of the ping command on the command line, followed by the URL of the resource being checked, separated by a space.

To obtain the IP of any resource, you must use the following combination: ping www.(site name).(domain affiliation). For example, for the Facebook network this would look like ping www.facebook.com. After executing the command, the required address and statistics of the so-called ping will be displayed on the screen.

What to do if the file is infected with a virus?

Unfortunately, it is the C:\Windows\System32\drivers\etc\HOSTS file that viruses infect most often. After this, when the user logs into the same social network, he is either redirected to a clone site, or a message is issued requiring payment for the login. Let’s make a reservation right away: not a single “social network” charges money for using the services of the resource. Hence the conclusion: it is a virus (sometimes artificial blocking, which is extremely rare).

If such a disaster has happened, you should first check your computer system. In some cases, you should not even use the antivirus installed on the system, since it has already missed the threat, and there is no guarantee that it will detect it and remove it as a result of an on-demand scan.

It's better to run some portable utilities like Dr. Web (Cure IT is best!) or KVRT, which does not even require installation. But even such powerful products do not always help, and blocking access to resources written in the C:\Windows\System32\drivers\etc\HOSTS file remains and continues to work. Let's see how we can get rid of it.

Correcting file text manually

First, go to the directory C:\Windows\System32\drivers\etc, then select our file and right-click to call up the menu with the command “Open with...” (initially, the system file itself will not open by double-clicking because it does not have an extension) . Now, from the list of available programs, select the standard “Notepad” and look at the contents of the text.

As a rule, an infected file may contain entries like 127.0.0.1, after which the addresses of resources of the same “social networks” are indicated (for example, 127.0.0.1 odnoklassniki.ru). This is the first sign that they were produced as a result of the activation of malicious code. It turns out that the control elements of the system, referring to the HOSTS file, are constantly producing when trying to access it.

The simplest fix is to delete all content when you paste the original text (you can take it from another computer or find it on the Internet). After this, you just need to save the changes (Ctrl + S) and restart the computer terminal. You can, of course, try to replace the file you are looking for with the original one, but it is unlikely that the system will allow you to do this even if you have administrator rights. In addition, this option works in about 20-30% of cases.

Problems with HOSTS and the lmhosts.sam object

The problem can often be more serious. The fact is that sometimes when entering the C:\Windows\System32\drivers\etc directory, the HOSTS file we need is visually missing.

First, in Explorer, you should use the service menu, and then select the folder options, where the option to show hidden objects (files and folders) is enabled. In addition, you need to uncheck the boxes for hiding protected system files and extensions for registered types. Now our file is visible.

However, this is where the real problems begin. The fact is that when you try to edit or save, the system displays a message that the file C:\Windows\System32\drivers\etc\HOSTS is not writable. What to do in this case?

We take drastic measures - delete the HOSTS file, preferably from the Recycle Bin. You can quickly delete it, bypassing the Trash, using the combination Shift + Del. Then right-click on the free space of the window and select the command to create a new text file and call it hosts or HOSTS without an extension, as you wish, it does not matter. We agree with the system’s warning regarding changing the extension and begin editing. As is already clear, the further steps are similar to the previous option - simply insert the original content and save the newly created document. After this, we delete the lmhosts.sam file (it is this that affects the performance of the desired host file), after which we again reboot the system.

This option will restore access to your favorite sites that were previously blocked. By the way, this method almost always works.

Instead of an afterword

As can be seen from the above, you can fix the problem with blocking Internet resources quite simply, even without having any special knowledge and skills for this. However, before you start editing the HOSTS system object, you should make sure that a standard scan with anti-virus software did not yield anything. Some users try to use utilities like Microsoft Fix It. Please note that if there is a virus in the system, the files will be re-infected, and the corrections will only be made temporarily.

What is the Hosts file for?
The purpose of this system file is to assign certain website addresses to a specific IP.
This file is very popular with all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of “insertion” of a site into browsers, which will ask to send an SMS when opening the browser, or blocking of various sites, at the discretion of the creators of the virus.

Where is the hosts file in windows?
For different versions of Windows OS, the location of the hosts file is slightly different:

Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts

Moreover, the ending hosts, this is already the final file, not a folder. He doesn't have it.

What should the correct hosts file look like?
The “contents” of the hosts file are also slightly different for different versions of Windows, but not much. It “writes” in English why it is needed and how to make exceptions, giving one example. All lines starting with a # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:

#

#

#space.
#

#
# For example:
#

127.0.0.1 localhost

Contents of the original hosts file for Windows Vista:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost

Contents of the original hosts file for Windows 7:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
#127.0.0.1 localhost
# ::1 localhost

Contents of the original hosts file for Windows 8:

# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost

As you can see, there are no significant differences in the contents of the host file for different versions of Windows.

How to open and edit the hosts file?
The hosts file can be found in standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and writing the site address into it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.

For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:

notepad %windir%\system32\drivers\etc\hosts

As a result, this file will open in Notepad.

In order to block access to the site(let's assume it will be test.ru), you just need to add a line with this site at the very bottom:

127.0.0.1 test.ru

As a result, the file will have the following content:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# This HOSTS file created by Dr.Web Anti-rootkit API

#127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru

Each new site that you want to block must be started on a new line and entered, not forgetting the local IP address 127.0.0.1

Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The way it works is that it helps edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.

After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).

You can also change this file for good purposes, for example speed up site loading.
How it works?
When you visit a site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I won’t go into details of this process; that’s not what the article is about. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:

91.218.228.14 website

This speeds up page loading in a couple of seconds, and sometimes can give access if you cannot access the site using standard means.

Still possible redirect to another site using hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:

91.218.228.14 test.ru

And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address..

If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text from the description above (under spoilers).

Some nuances in the hosts file:

Always make sure you have a scroll bar on the side and always scroll to the bottom of the window. This is due to the fact that some viruses are registered in an area hidden outside the window.

In some cases, usually if you cannot save the file, you need to log in under the Administrator account.

Sometimes, due to viruses, this file may be hidden. Read the article.

The two methods described (redirection and acceleration) may not produce the desired result. The fact is that several sites can be located on one IP address, this is especially true for external IP addresses provided by services.

Due to the fact that viruses love this file, its attributes can be changed to Hidden And Read-only.

Check the file attributes if the hosts file cannot be saved.

Thus, you can easily and free of charge block access to sites in Windows by editing the hosts file.