Correct hosts windows 7. How to open the hosts file? Creating a shortcut for editing hosts

The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after your computer is infected with viruses.

The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter address bar browser address you need for the site, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.

Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what the developers of viruses, Trojans and other malware.

As for the file structure, the hosts file is normal text file buse expansion. That is, this file is not called hosts.txt, but simply hosts. To edit it you can use plain text New Notepad editor.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus adds in the hosts file the following entry: “127.0.0.1 kaspersky.com”. When I try to open the website kaspersky.com operating system will connect to IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads toAccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords, and other personal information user.

So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

Where is the hosts file located?

Depending on the operating system version Windows file hosts can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the WINDOWS\system32\drivers\etc\ folder.

In the Windows NT and Windows 2000 operating systems, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself, to do this you need to open text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

  1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the Windows key combination + R to open the Run menu" In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
  2. After the folder in which the hosts file is located opens in front of you, do backup copy current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
  3. Create a new one empty file hosts. To do this, click right click mouse in the etc folder and select "Create Text Document» .
  4. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
  5. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
  6. Depending on the version of the operating system, the contents of the standard hosts file may differ.
  7. For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost" .
  8. Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost".

Not every user of the Windows operating system can find, know what to open and how to save the hosts file with changes. This article shows an example of how this can be done in Windows 7. In Windows XP this file is located in the same place, I hope that in Windows Vista and Windows 8 it has not changed its location. It’s just that I’ve never worked in Vit and I’m not going to install Windows 8 yet, so try to find and change it yourself. I hope that the method of opening and making changes also remains similar to Windows 7.

And so, the file hosts in the system is located in the system folder "Windows", which is located on the “C” drive, unless, of course, you installed the system on another drive. IN Windows folder look for the folder "system 32", then folder "drivers", then folder "etc", this is where the file you are looking for is located.

If you do not find it, then do some steps, apparently the parameter is set in the settings "Do not show hidden files, folders and disks".

Open the folder "Computer", press the key "Alt", an additional menu will appear in which you need to select “Tools”, “Folder Options”. A small window with folder options will open. In chapter "View" need to check the box "Show hidden files, folders and drives". Next, click “Ok” and try looking at the “etc” folder again. The file must be in place.

Now the question arises: “How or with what to open it?”, because the extension of this file is not known. It turns out that everything is very simple; you can open this file using notepad. To do this, double-click on the file name, an additional window will open with programs to open it, from which you need to select “Notepad” and click OK.

A text document will open with approximately the following content:

This is where you will make changes. All entries below the lines with the first “#” sign indicate blocked addresses and Internet sites.

Let's experiment by blocking access to the VKontakte website. To do this, you need to add the following to the file:

Access to the site is now closed. In a similar way, you can limit access to other sites that for some reason you do not want to view or, for example, you want to hide pornographic sites from children.

Now close notepad and try to open the VKontakte website.

That does not work? Naturally, because access to it is closed. To open access, do the opposite, delete the line with the specified site from the hosts file. Don't forget to save your changes.

1. If you are a complete idiot, then first think several times before changing anything, or better not touch anything at all, but contact a specialist who can help you. If you still decide to make the changes yourself, then if there are any problems, blame yourself. This file is no joke.

2. If you really want to try, at least make a copy of the file before making changes, copying it to another location. If something goes wrong, you can move the copy of the file back to the folder with the original file, with the consent to replace it.

3. If you did not make a copy of the file and after your self-confidence the computer began to act up, try to find an identical file on the Internet, download it and replace yours, or delete all lines in the hosts file up to the lines with the “#” sign. Don't forget to save.

4. Before every attempt to make any changes or make adjustments, first think about whether this is really necessary and how much you want it!

The Windows 7 operating system has such a file through which you can regulate your visits to sites on the Internet. Mostly people do not know about such a file, and those who know try to ignore it so as not to “perform miracles.” This file is called hosts. Let's look briefly at why it is needed.

Let it be known that when you enter the address of a website in the browser line, a special DNS server located on the Internet immediately changes it to a certain sequence of numbers. This digital series is unique for each site, and site names are needed only for ease of remembering. The hosts file is used to quickly work on the World Wide Web, bypassing requests to the DNS server. In other words, if you write a number string in the hosts file corresponding to the name of the site, then you will be taken to it directly, bypassing the DNS server. You just need to register it correctly, otherwise the site won’t load, and even if it does, it won’t be the one you want.

“Computer pests” willingly use the hosts file for their personal interests. A virus, penetrating a computer, very often changes the hosts file. Therefore, if you suddenly encounter restrictions on access to certain sites, first scan your computer to see if viruses have entered it, and only then convert the hosts to its original form.

Where is the hosts file located in Windows 7?

So, let's look at where hosts is located in Windows 7. You can find it in the Windows system folder. It is located on drive C, that is, where the system is installed. Next, find the “System 32” folder, go to “Drivers” and, finally, to “Etc”. The file we need is saved in this folder.

It also happens that you did not find the hosts file, most likely it is simply hidden and the “Do not show hidden files, folders and drives” option is indicated in the settings. In this case, you need to open the “Computer” folder and press “Alt”, an additional menu will appear at the top of the window, in it select “Tools” and “Folder Options”.
In the new window, select the “View” tab and find the item “Show hidden files, folders and drives”, put a checkmark on it. Accept the changes by clicking the “Ok” button. Now go to the “Etc” folder, the hosts file should be displayed.

Now let's look at how you can change the hosts file. Let's proceed as follows:


Where is the hosts file in Windows 10?

The hosts file in the Windows 10 operating system is located in the same place as in Windows 7, that is, on system disk. In the “Windows” folder, then go to the “System 32” folder, go to “Drivers” and, finally, to “Etc”.

To change a file in Windows 10, you must:

  • Double-click on the hosts file;
  • In the window that appears we find “Open with”;
  • We find among the proposed programs “Notepad”;
  • Click “Ok”;
  • Make changes and save them.
  • If you are a layman in this matter, then it is better not to do anything, but ask for help from a qualified specialist.
  • If something prompts you to make changes yourself, then first make a copy of the file and move it to another folder. If something doesn’t work out for you, you will return a copy of the file.
  • If you did not copy this file and have already made changes, and then your computer starts acting up, then the Internet will help you. Download a similar file from the site and replace yours.
  • Before you change something, think about whether you really need to do it and how important it is for you.

The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.
Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.

As for the file structure, the hosts file is a regular text file without an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus addsin the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads to Access to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, virus developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.


For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.


So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

The malware disguises modification of the hosts file as follows:

To make it difficult to detect lines added by a virus, they are written to the end of the file

After a large empty area formed as a result of repeated line feeds;

After that original hosts file the Hidden attribute is assigned (by default, hidden files and folders are not visible);

A false hosts file is created, which, unlike the real hosts file (which has no extension), has the extension .txt (by default, extensions are not displayed for registered file types):

Where is the hosts file located?

Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the folderWINDOWS\system32\drivers\etc\


In the Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT\system32\drivers\etc\


Editing the hosts file

You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to launch Notepad in Administrator mode, and then open the file C:\Windows\System32\drivers\etc\hosts in it.

How to clean the hosts file

So, point by point.

Click "Start".

Choose "All programs".

Then select the item "Standard".

On "Notepad" click right click the mouse and select the item "Run as administrator."

In the notepad window that opens, select the File menu, then "Open..."

In the window that opens, select “Computer” on the left side of the window.

Then open the disk WITH:.

Windows directory.

System32 directory.

Drivers directory.

Catalog etc.

When you open the etc directory, you will see an empty directory. In the lower right corner of the window, select "All files".

Select the hosts file and click the button "Open".

Check for the necessary content: at the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then there are several examples of how to enter various commands. All this is just plain text and does not carry any functions! We skip it and reach the end. Next should come the teams themselves. Unlike comments (i.e. plain text), they must begin not from the "#" sign, and from specific numbers, indicating the IP address.

Any commands in your hosts file after the following lines can be malicious:

  • On Windows XP: 127.0.0.1 localhost
  • On Windows Vista: ::1 localhost
  • On Windows 7/8: # ::1 localhost

As you can see, host files are slightly different in different operating systems.

In order not to clean up anything unnecessary, you need to know how the commands are deciphered. There is nothing complicated here. At the beginning of each command there is digital ip address, then (separated by a space) the letter associated with it Domain name , and after it there may be a small a comment after the "#" sign.

Remember! All commands starting from numbers 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various sites and Internet services. Which ones exactly, look in the next column following these numbers.
Teams having at the beginning any other numbers ip addresses, redirect(redirect) to fraudulent sites instead of official ones. Which sites have been replaced with fraudulent ones, also look in each column following these numbers.
Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear, look at the screenshot below.

Please keep this point in mind. Many virus commands can be hidden far at the very bottom of the file by cunning Internet attackers, so take the time to scroll the slider all the way down!

After you do the cleanup, don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad, instead of saving in the hosts file, will only make it text copy of hosts.txt, which is not system file and does not perform any functions!

After a successful save, do not forget to restart your computer.


How to block sites in hosts

So, the hosts file is already open and you see that it is built in the form of a regular text document.

At the beginning you will see comments (plain text that does not provide any functionality) starting with the symbol "#" . They may be followed by some functional commands prescribed by the system.

But we don't need them. We skip them and get to the very end of the document. Let's make a retreat. And now, here, we can already write the commands we need!

When finished working with the file, open the File menu, select "Save".


To understand how to correctly enter commands for blocking web resources, you need to know that each PC has its own so-called. loopback address, which sends any request back to itself. For any computers running Windows systems, Linux or Mac this address is always the same - 127.0.0.1 . Now, with the help of just this IP address, you can block any request to an unwanted site so that it is sent not to the requested resource, but to brotherly to the local computer.

This command in hosts is written as follows: " 127.0.0.1 domain name to block "Here are real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.

That's all. Now access to all unwanted sites is securely blocked. The main thing is after changes made- resave the hosts file! Detailed instructions see above.

Restoring the hosts file after a virus infection

As already mentioned, today a large number of malware is using the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources ( social media, postal services etc.), where an inattentive user enters credentials, which thus get to the attackers.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows+R to open the menu "Run". In the window that opens, enter the command "%systemroot%\system32\drivers\etc"and click OK.

2. After this, a folder will open in front of you in which the hosts file is located.

3. Next, you need to make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.


4.Create a new empty hosts file. To do this, right-click in the etc folder and select"Create a text document"

5. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.

6. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.

7. Depending on the version of the operating system, the contents of the standard hosts file may differ.

This is what all, without exception, “clean” hosts files should look like.

Note!

  • For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost"
  • Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost"

If you ever find missing or, conversely, unnecessary entries in such a file, it is better to delete them quickly. Especially if they were not made by you or without your consent. Most likely, this is the result of viruses!

Restoring the default hosts file in Windows 7: Copy the text below into a file.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Save and close the file.

Using this file, you can establish a correspondence between domain names and their IP addresses. IN general case this correspondence is determined by the DNS service (server), but if this service needs to be “bypassed”, that is, to set a non-standard (sometimes useful, and sometimes harmful) correspondence, then they resort to setting it in the hosts file. This system object appeared with the advent of the Internet, when the DNS service did not yet exist, and was the only way for Windows to match the symbolic name of a site with its physical network address.

File format

This file is a system file and is located in system partition disk in the Windows\System32\drivers\etc\ folder. In format, it is a regular text file named hosts, but without a name extension. It consists of text strings and can be edited by any text editor. Each line can be either a comment (in which case its first character is #) or a matching statement in the format <имя домена>. There must be one or more spaces between the address and name. For example, the string 102.54.81.91 rh.com associates the host rh.com with its address 102.54.81.91. During his Windows installations 7 forms the standard content of this document, which looks like:

How to restore hosts

Sometimes a situation may arise when you need to restore the initial state of this file. It can occur either after its accidental deletion or corruption, or as a result of exposure to malware. It should be said right away that to access this file (including when restoring it) you need administrator rights. Its content can be generated manually in a text editor or downloaded from the Internet.

Editing a file

Of course, in order to edit hosts, you need to have administrator rights. You can edit it with any text editor. As an example, we use standard Notepad, which is always installed in Windows 7. You can launch it in two ways - from command line and directly calling Notepad:


After any changes to this document, you must reboot, otherwise its new contents will not be known to Windows 7, since they become known only during a reboot.

The benefits and harms of hosts changes

Useful changes to this file include, for example, the following:

  • Setting the IP address and domain to match in order to speed up access to the site by bypassing the DNS server.
  • Changes to block access to a specific site, for example, to block Windows authentication or the availability of updates for a program. To do this, 127.0.0.1 is specified as the IP address, which the operating system perceives as an access to this computer, and not to the real site.
  • Changes to "advertise" this computer local server, since the DNS service knows nothing about it. Of course, for this the IP address must be static.

Hosts are the main target for most malware. There are two main, one might say “classical”, ways of changing this file, which attackers resort to in order to benefit from it. These are the changes:

  • Blocking access to anti-virus program servers so that the computer cannot download such a program or update virus syndrome databases. For example, if, as a result of exposure to a virus or Trojan, a line like “127.0.0.1 esetnod32.ru” appears in the hosts, then any attempts to access the site with this antivirus will be blocked.
  • Substitution real address site registered on DNS server, to fake. Let’s say that a malicious application that has penetrated a computer writes the line “91.81.71.61 vk.com” in this file, where the address of the computer of the author of this program is specified. This is done with the goal that attempts to access everyone’s favorite site will result in a call to the attacker’s server, the interface of which completely replicates its real counterpart, but is used to collect confidential information about site users, for example, their logins and passwords.

Therefore, if there is any suspicion of the presence of viruses in the system, you should first check the status of this file, and that is why many antivirus programs tirelessly monitor its condition and notify the user of all attempts to change it.