Today, users of social networks like VKontakte or Odnoklassniki are often faced with the problem of logging into the site. The system controls this through the HOSTS file, which is located in the C: \ Windows \ System32 \ drivers \ etc tree. Unfortunately, this is the service most commonly affected by viruses. Let's try to figure out how to fix the situation.
What files are in the C: \ Windows \ System32 \ drivers \ etc directory, and what are they responsible for?
First, let's pay attention to the files in this folder. In addition to the file you are looking for, there should be only four more objects here. If there is something else, you can safely say that or something like that.
In terms of file functions, for example, the C: \ Windows \ System32 \ drivers \ etc \ services object and other files, including HOSTS, protocol, lmhosts, and networks, are responsible for some of the user's access to certain resources on the Net.
The considered one determines the correspondence of the database of domain names to IP addresses. In addition, its use involves accelerating the user's access to the most frequently visited pages on the Internet bypassing DNS servers, as well as blocking some unwanted resources or banner links. By default, in addition to the descriptive text part, it contains a single entry of interest to us at the end of the text, namely: 127.0.0.1 localhost. Everything! There should be no more additional entries in it.
Checking the IP address of sites
If we talk about an example of matching a domain name to the real IP address of a resource, you can check it in a completely elementary way, using in command line standard input ping command followed by the URL of the checked resource, separated by a space.
To get the IP of any resource, you must use the following combination: ping www. (Site name). (Domain ownership). For example, for Facebook networks it will look like ping www.facebook.com. After executing the command, the desired address and statistics of the so-called ping will be displayed on the screen.
What to do if a file is infected with a virus?
Unfortunately, it is the C: \ Windows \ System32 \ drivers \ etc \ HOSTS file that viruses infect most often. After that, when the user enters the same social network, he is either redirected to the clone site, or a message is generally issued demanding payment for the entrance. Let's make a reservation right away: not a single "social network" takes money for using the services of a resource. Hence the conclusion: this is a virus (sometimes artificial blocking, which is extremely rare).
If such a misfortune has already happened, first you should check computer system In some cases, it is not worth using even the antivirus installed on the system, since it has already missed the threat, and there is no guarantee that it will detect it and remove it as a result of an on-demand scan.
Better to run some portable utilities like Dr. Web (Cure IT is best!) Or KVRT, which doesn't even require installation. But even such powerful products do not always help, and the blocking of access to resources written in the file C: \ Windows \ System32 \ drivers \ etc \ HOSTS remains and continues to work. Let's see how you can get rid of it.
Correcting file text manually
First, go to the directory C: \ Windows \ System32 \ drivers \ etc, then select our file and right-click to call the menu with the command "Open with ..." ... Now, from the list of available programs, select the standard "Notepad" and look at the contents of the text.
As a rule, an infected file may contain entries like 127.0.0.1, followed by the addresses of resources of the same social networks (for example, 127.0.0.1 odnoklassniki.ru). This is the first sign that they were produced as a result of a trigger. malicious code... It turns out that the control elements of the system, referring to HOSTS file are constantly produced when trying to access it.
The simplest fix is to remove all content when further insertion original text (you can take it from another computer or find it on the Internet). After that, you just need to save the changes (Ctrl + S) and restart the computer terminal. You can, of course, try to replace the desired file with the original one, but the system is unlikely to allow this, even if you have administrator rights. In addition, this option works in about 20-30% of cases.
Problems with HOSTS and the lmhosts.sam object
The problem can often be more serious. The fact is that sometimes when entering the directory C: \ Windows \ System32 \ drivers \ etc, the HOSTS file we need is visually missing.
First, in the "Explorer", you should use the service menu, and then select the folder options, where the display option is enabled hidden objects(files and folders). In addition, you need to remove the "birdies" from the lines of hiding protected system files and extensions for registered types. Our file is now visible.
However, this is where the real problems begin. The fact is that when you try to edit or save, the system displays a message that the C: \ Windows \ System32 \ drivers \ etc \ HOSTS file is not writable. What to do in this case?
We apply drastic measures - delete the HOSTS file, preferably from the "Recycle Bin". You can quickly delete it, bypassing the "Recycle Bin", using the Shift + Del combination. Then click right click on the free space of the window and select the command to create a new text file and call it hosts or HOSTS without the extension, whatever you want, this does not matter. We agree with the warning of the system regarding the change of the extension and proceed to editing. As it is already clear, the actions further are similar to the previous option - we just insert the original content and save the newly created document. After that we delete lmhosts file.sam (it is he who affects the performance of the desired host file), after which we again reboot the system.
This option will restore access to your favorite sites that were previously blocked. By the way, this method almost always works.
Instead of an afterword
As you can see from the above, it is quite easy to fix the problem with blocking Internet resources, even without having any special knowledge and skills for this. However, before you start editing the HOSTS system object, you should make sure that standard check anti-virus software gave nothing. Some users try to use utilities like Microsoft Fix It. Please note that if there is a virus in the system, the files will be re-infected, and the corrections will be made only for a while.
In this article, we will look at a way to clean this file using the most operating system Windows without downloading special programs.
This article was written solely on the basis of personal experience author and co-authors. All of these tips you follow at your own peril and risk. The author and the Site Administration are not responsible for the consequences of your actions.
Before starting to clean up the file, you need to do the following operations ( necessarily!):
- if no antivirus program is installed, find and install any antivirus program of your choice;
- it is necessary to update the anti-virus databases as of the current day;
- conduct full check system for malicious content (in some cases, it may be necessary to check in safe mode or from Live CD / DVD);
- after checking with an antivirus program, disable antivirus protection for the duration of cleaning host file s (some antivirus programs block changes).
Attention! This instruction for clearing the hosts file ineffective on an infected computer... First, you should cure the system from viruses and then start fixing the hosts file.
If you have not changed the location of the folder with the hosts file on your own, then I recommend that you first return the value of the registry key to the default value. To do this, open an empty Notepad, paste the text below there and save the file with the name hostsdir.reg on the desktop.
Windows Registry Editor Version 5.00 "DataBasePath" = hex (2): 25,00,53,00,79,00,73,00,74,00,65,00,6d, 00,52,00,6f, 00, 6f, \ 00.74,00,25,00,5c, 00,53,00,79,00,73,00,74,00,65,00,6d, 00,33,00,32,00,5c , 00, \ 64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c, 00,65,00,74,00,63,00,00, 00
The text should start without spaces and empty lines, after the line "Windows Registry Editor Version 5.00" there should be one empty line, after all the text you should also put an empty line. In the file, the string "% SystemRoot% \ system32 \ drivers \ etc" is encoded in a two-byte hexadecimal code (hex (2) :).
After saving the file, close notepad, find the file on the desktop hostsdir.reg and double click on it. The system will notify you that an attempt is being made to make changes to the register and will ask for your consent. Answer "Yes", after which the change will be made to the registry.
If the system reports that access is denied or registry modification is blocked, then you do not have administrative rights in the system or your system requires more careful attention, the use of special programs for treatment.
We press (or the same thing: we press the keyboard shortcut Win + R)
A window will appear Launching the program
In field Open enter the line:
Notepad% SystemRoot% \ system32 \ drivers \ etc \ hosts
(just copy the above command text into the box Open window Launching programs). We press OK
We see a notebook on the screen with approximately similar content:
It also happens that some cunning pests write their malicious addresses outside the Notepad window. Always check if you have a scrollbar on the side and always scroll to the end of the file.
Clear the entire editor window (press Ctrl + A and Delete) and copy one of the following texts, depending on the version of your operating system.
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost
# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost :: 1 localhost
# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # :: 1 localhost
Note that most lines start with a # sign. This sign means the beginning of a comment and all the text up to the end of the line is not perceived by the system. Due to this circumstance, in the texts for Windows XP and Windows Vista, only the last line is important, and for Windows 7, 8 and 10 the text can be completely empty.
Then we save the changes made, close the notebook and try to open the previously blocked sites.
Attention! The site administration, as an alternative, does not recommend deleting the etc folder, which contains the hosts file. This can lead to system crash.
After successfully saving the file, you have the following options:
- everything returned to normal and previously blocked sites open normally;
- sites continue to be blocked or open third-party resources. This means that an active Trojan is operating in the system, which at regular intervals checks the contents of the hosts file and changes it.
If after rebooting the system everything returned to the same state of blocking your favorite sites, then you need to return to the beginning of the article and select another antivirus to check the system.
There are also times when, after making changes, it is not possible to save the file. Open the command line of the system (Start - Accessories - Command line or Win + R - cmd - OK) and in turn enter the commands below:
Cd% SystemRoot% \ System32 \ drivers \ etc attrib -S -H -R hosts notepad hosts
If you cannot save the file to Windows systems(including Windows XP if logged into a limited account), You need to log in with an Administrator account or run notepad on behalf of the Administrator and edit the file. In details this operation specified in the article on our website Can't save the hosts file.
If all else fails !!!
Download the attached file below and run. The file was downloaded from the Microsoft website and does not contain any malicious content.
Attention! The attached file is not an antivirus program! It only automatically resets the content of the hosts file to its default content, as described for manual editing in the article.
What is the Hosts file for?
The purpose of this system file is to assign specific site addresses to a specific IP.
This file is very fond of all sorts of viruses and malware in order to register their data in it or simply replace it.
The result of these actions may be signs of "inserting" the site into browsers, which will ask you to send an SMS when you open the browser, or blocking various sites, at the discretion of the creators of the virus.
Where is the hosts file in windows?
For different versions OS Windows location the hosts file is slightly different:
Windows 95/98 / ME: WINDOWS \ hosts
Windows NT / 2000: WINNT \ system32 \ drivers \ etc \ hosts
Windows XP / 2003 / Vista / Seven (7) / 8: WINDOWS \ system32 \ drivers \ etc \ hosts
And the ending hosts, this is already the final file, not a folder. He hasn't.
What should the correct hosts file look like?
The "content" of the hosts file is also slightly different for different versions windows, but not really. It is "written" in English language what it is for and how to make exceptions with one example. All lines starting with the # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:
#
#
# space.
#
#
# For example:
#
127.0.0.1 localhost
Contents of the original hosts file for Windows Vista:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost :: 1 localhost
Contents of the original hosts file for Windows 7:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# :: 1 localhost
Contents of original Windows 8 hosts file:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# :: 1 localhost
As you can see, the contents of the host file for different windows versions, there are no special differences.
How do I open and modify the hosts file?
The hosts file can be standard Notepad Windows.
This is probably the most interesting part of the article.
First of all, you need to understand, why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and having registered the site address in it, the user will not be able to access it through any.
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad in this way and open the file in it.
For quick action, you can simply click the Start button and select Run ( win+r) () and enter into the line:
notepad% windir% \ system32 \ drivers \ etc \ hosts
As a result, this file will open in Notepad.
In order to block access to the site(suppose it will be test.ru), you just need to add a line with this site to the very bottom:
127.0.0.1 test.ru
As a result, the file will have the following content:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# This HOSTS file created by Dr.Web Anti-rootkit API
# 127.0.0.1 localhost
# :: 1 localhost
127.0.0.1 test.ru
Every new site you want to block must start with new line and register, not forgetting the local IP address 127.0.0.1
Also, to edit the hosts file, there is a program HOSTS EDITOR, which can be downloaded and the description can be read from.
The principle of her work is that she helps to edit the hosts file.
From the screen below, the principle of its operation is clear, everything is done in a couple of clicks. Adding is done by clicking on +.
After editing, do not forget to click on the save button (2 "Save changes" button to the left of the "+" button).
You can also change this file for good purposes, for example speed up website loading.
How it works?
When you visit the site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I will not go into the details of this process, the article is not about that. But here you need to know that the hosts file has priority when accessing sites, and only after it request is in progress to DNS.
In order to speed up the loading of the site, you need to know its IP address and domain.
The IP address of the site can be found using various services, for example or.
Domain is the name of the site.
For example, we will speed up the loading of this site, where you are reading an article, by explicitly specifying the IP address and domain to the file.
Then the added line will be:
91.218.228.14 site
This speeds up page loading in a couple of seconds, and sometimes can give access if by standard means You cannot enter the site.
Still with you can redirect to another site using the hosts file.
To do this, you need to know the IP address of the site and its domain (as in the above case), then the added line will be like this:
91.218.228.14 test.ru
And now, after entering the test.ru site into the address bar of the browser, you will be redirected to the site specified in the IP address ..
If you want to clean the hosts file, you can do this by simply deleting the content and pasting the original text from the description above (under the spoilers).
Some nuances in the hosts file:
Thus, you can easily and free of charge block access to sites in Windows by edits of the hosts file.
This file defines the mapping of domain names to IP addresses. For what practical purposes can the hosts file be used? To speed up your work on the Internet by bypassing the DNS server for frequently visited pages and blocking access to some unwanted sites, as well as prohibiting access to the addresses of banner exchange networks.
By default, this file contains only one entry: 127.0.0.1 localhost
This file may also contain a brief Microsoft help with the rules for adding new records.
The rules are as follows:
Each element must be on a separate line. The IP address must be in the first column, followed by the corresponding name. The IP address and hostname must be separated by at least one space. In addition, comments can be inserted in some lines; they must follow the node name and be separated from it with the # symbol. That is, everything written after the # sign is treated as a comment and is ignored when processing the file.
A bit of theory. If you type the site address in the address bar of the browser, then the browser first contacts the DNS server, which converts this ordinary address into the IP address of the requested server. At this moment, the status bar of the browser says: "Searching for a node ...". If the requested node is found, then the text "Node found, waiting for a response ..." is displayed in the status line, and TCP connection according to the standard for this service port.
Acceleration of work on the Internet can be achieved by comparing explicitly in the hosts file domain names frequently visited resources to the corresponding IP addresses. This will prevent you from referring to DNS server, and immediately establish a connection.
You can find out the IP address of the desired node using the ping program (../WINDOWS/system32/ping.exe). For example, to find out the IP address of a site, type cmd.exe in the command line and click OK, in the window that opens, type the ping command. You will get ping statistics for this node and the IP address of the site. Also, to get an IP address, you can use special utilities third party developers.
The question may arise: is it not easier to add IP addresses to favorites replacing the usual www addresses? No, it’s not easier, because in many cases you will receive an error message when you try to connect like this. The fact is that many servers use virtual hosts, when several virtual web servers can be located at the same IP address. These virtual servers are usually distinguished by their third-level domain names.
To block unwanted sites, you can assign this site the address of your own computer: 127.0.0.1 When accessing such a site, the browser will try to load it from your computer, resulting in an error message. Similarly, you can block banners by listing the list of banner networks and assigning the address 127.0.0.1 to them.
Example hosts file:
127.0.0.1 localhost # your computer's address
213.180.194.113 mic-hard.narod.ru # specify the address to speed up website loading
127.0.0.1 bs.yandex.ru # block Yandex banners
I cannot get in touch. What to do?
This question is asked every day by thousands of users on various forums. In most cases, a window appears on the user's computer where it is proposed to send an SMS message, after sending it, which promises to restore access to your favorite site. Another variant of events is also possible. Access to your favorite sites is blocked without any warnings and extortion of money. What to do in this case? How to regain access to your favorite site? Today we will take a quick look at one of the solutions to this problem.
First of all, I want to inform users of the following news. The developers and owners of the resource "vkontakte.ru" do not plan to collect money for access to their site. Therefore, any message on the screen of your monitor that all profiles will be deleted, and access to social network prohibited - an attempt to mislead you, extortion of money.
Now let's talk about measures to counter cybercriminals.
If a message appears on your monitor that you need to send an SMS in order to get an access code to the Vkontakte site, keep in mind that a Trojan has settled on your computer, which carefully collects information about which sites you visit, which passwords you enter. Moreover, a significant part of this information has already been collected.
The first priority is to disable the Trojan. I would summarize the initial stage of work in two simple points:
1.Disable suspicious processes in the computer memory
2.Remove suspicious programs from startup
I highly recommend reading the previously written article "How to remove a virus from a USB flash drive", where the two above questions are exactly considered.
If you have successfully solved the two points I have given, you should attend to the installation antivirus software... What to do if antivirus software is already installed on your computer? Feel free to remove it and reinstall it.
Which antivirus is better? The best antivirus in this situation, there will be one that was not installed earlier.
Be sure to update the databases after installation. In due time I was helped in such a situation by the famous program from Kaspersky Lab - Kaspersky Internet Security 2009, but this does not mean that the famous Kaspersky is the best one for solving our problem. Each antivirus has its own drawbacks and advantages. Which one suits best is up to you.
After all the above activities have been carried out, you need to proceed to the most important thing - editing the hosts file. You can read more about this file.
Our first priority is to find this file on your computer.
I want to note that some time ago we created a program that allows you to solve all the actions described below in a few mouse clicks. Therefore, if you do not want to go into the jungle of the text below, I recommend immediately
If your operating system is installed on the C drive, then the path to the file will be as follows:
C: \ WINDOWS \ system32 \ drivers \ etc
This folder should contain the hosts file. The file has no extension. To edit it, right-click on the file, select the "Open" item and then a list of programs will be offered in a new window.
Here we are looking for the Notepad program. Select it with the mouse and click the "OK" button.
Before showing what the wrong hosts file should look like, I want you to know the contents of the original file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
It is with this text that the file is filled after the installation of the Windows operating system.
Now we look at our current file using the Notepad program. On an infected computer, it may well look like this: 
Note that 127.0.0.1 is opposite to the domain names of the sites. In fact, every line like: "127.0.0.1 vkontakte.ru" blocks access to a specific site. In this case, it is the social network Vkontakte.ru.
Now our task is to select all the contents of the hosts file and delete all the text that has opened to our eyes. Next, copy the original hosts content from our site. I brought it to your attention for review above. And we insert it in place of the data we just deleted. Here's what we should get: 
Close Notepad. When asked to save the file, we answer "Yes". 
We reboot the computer. And we try to enter the desired site. According to my observations, in 20-30 percent of cases, the above actions lead to a positive result.
However, there are more difficult option... So, suppose you went to the C: \ WINDOWS \ system32 \ drivers \ etc folder and you see the following picture there: 
As we can see, the hosts file does not exist here! We see that a certain lmhosts file is located in the folder, which the hand is trying to rename into hosts. I do not advise you to do this, as this operation will not lead you to a positive result.
In this case, you need to perform the following set of actions: in the main menu Windows explorer go to the main menu Service and select the item "Folder Options". 
Go to the "View" tab and uncheck the box next to the following items:
- Hide protected system files
- Hide extensions for registered file types
Now we click on the switch opposite the inscription "Show hidden files and folders ". 
Press the "Apply" button and then the "OK" button. The window will close, and we will see the contents of the already beloved folder C: \ WINDOWS \ system32 \ drivers \ etc
We can see that the real hosts file has been hidden from our view. Now we see him. 
However, when we try to edit and save, the following window opens to our eyes: 
Therefore, we will do it easier. Let's delete the hosts file altogether. Select it with the mouse and press "Shift + Delete" on the keyboard. Thus, our file is deleted forever, bypassing the trash.
Now let's create the hosts file again. To do this, in the folder C: \ WINDOWS \ system32 \ drivers \ etc, click on an empty space with the right mouse button and call the context menu.
Choose: Create - Text Document 
A file with the name Text document.txt will appear. Completely delete the name and extension of the file and enter simply hosts. For a request to change the extension, we answer "Yes". 
Now we paste the contents of the original hosts file: 
Just delete the lmhosts.sam file. We reboot the computer. Our Vkontakte website should open.
If this has not happened for you, please describe the problem in detail on our forum.
In fairness, it should be noted that the above recipe will work not only for the Vkontakte social network, but also for the Odnoklassniki social network and other frequently visited Internet resources.
The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article, we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after a computer has been infected with viruses.
The task of this file is to store a list of domains and their corresponding ip-addresses. The operating system uses this list to translate domains to ip addresses and vice versa.
Every time you enter the address you need for a site into the address bar of your browser, a request is made to convert the domain to an ip-address. This translation is now performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.
Even now, this file has a direct impact on the conversion of symbolic names. If you add an entry in the hosts file that will associate an ip-address with a domain, then such an entry will work fine. This is exactly what the developers of viruses, Trojans and other malicious programs use.
As for the structure of the file, the hosts file is normal. text file buse expansion. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual Notepad text editor.
The standard hosts file consists of several lines that begin with a "#" character. These lines are ignored by the operating system and are just comments.
also in standard file hosts there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.
Hosts file fraud
There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of anti-virus programs.
For example, after infecting a computer, the virus adds in the hosts file the following entry: "127.0.0.1 kaspersky.com". When you try to open the kaspersky.com website, the operating system will connect to the ip-address 127.0.0.1. Naturally, this is the wrong ip address. This leads toaccess to this site is completely blocked.As a result, the user of the infected computer cannot download the anti-virus or anti-virus database updates.
In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.
For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the IP address of the attacker's server. As a result, when trying to go to a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can obtain usernames, passwords and other personal information of the user.
So in case of any suspicion of a virus infection or substitution of sites, the first thing to do is to check the HOSTS file.
Where is the hosts file
Depending on the version of the operating system Windows file hosts can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7, or Windows 8, the file is located in the WINDOWS \ system32 \ drivers \ etc \ folder.
In Windows NT and Windows 2000 operating systems, this file is located in the WINNT \ system32 \ drivers \ etc \ folder.
In very ancient versions of the operating system, for example, Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.
Restoring the hosts file
Many hacked users are interested in where you can download the hosts file. However, there is no need to search and download the original hosts file. You can fix it yourself, for this you need to open text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update your antivirus.
Let's take a closer look at the process of restoring the hosts file:
- Open the folder where the file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press the Windows key + R key combination to open the Run menu". In the window that opens, enter the command "% Systemroot% \ system32 \ drivers \ etc" and click OK.
- After the folder in which the hosts file is located opens in front of you, do backup the current file. In case something goes wrong. If the hosts file exists, then simply rename it hosts.old. If the hosts file does not exist at all in this folder, then this item can be skipped.
- Create a new empty file hosts. To do this, right-click in the etc folder and select the item "Create text document".
- When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without the extension. Close the warning window by clicking on the OK button.
- After the new hosts file is created, you can edit it. To do this, open the file with Notepad.
- Depending on the version of the operating system, the contents of the standard hosts file may differ.
- For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost".
- Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and ":: 1 localhost".
