home-A computer-Hosts content. How to fix the hosts. Restoring the default hosts file contents

Hosts content. How to fix the hosts. Restoring the default hosts file contents

A bit of terminology

DNS(English abbreviation from Domain Name System) - Domain Name Service. Sets correspondence between numeric IP-addresses and text names.

DNS(English abbreviation from Domain Name Server) - domain name server; an office computer of a local or global network that translates computer names in domain records into.

DNS cache(resolver cache DNS) - temporary storage of previous DNS-requests on local. Reduces query execution time, reduces network and Internet traffic.

host(English) - main computer; host, any device connected to the network and using protocols TCP/IP.

IP(eng. Internet Protocol) - Internet protocol; a network layer protocol from the Internet protocol suite.

IP address(eng. IP address) - used to identify a node on a network and to define routing information. Consists of a network identifier ( network ID) and host id ( host ID).

Name Resolution(English) - domain name resolution; the process of converting the computer name to the corresponding.

Name Resolution Service- name resolution service; in networks TCP/IP converts computer names to and vice versa.

TCP / IP(English abbreviation from Transmission Control Protocol / Internet Protocol) - information transfer control protocol, the main protocol of the transport and session layers, providing reliable full-duplex streams. Designed for use in the Global Network and for combining heterogeneous networks.

Url(English abbreviation from Uniform Resource Locator) - unified pointer information resource; a standardized character string indicating the location of a resource on the Internet.

What hosts-file

hosts-file in Windows and other operating systems is used to associate (map) host names (nodes, servers, domains) with their (name resolution).

V hosts-file is registered by default only one(127.0.0.1) reserved for localhost, that is, for local.

File hosts is a plain text file (no extension).

File disk address hosts:

Windows 95\98\ME\ WINDOWS \;

Windows NT\2000\ \ \ – \ Windows \ System32 \ drivers \ etc \.

When an Internet user types in his web browser the address ( Url) of any site (web page) and clicks Enter:

- the user's browser checks in hosts-file, if the name entered is not a proper computer name ( localhost);

- if not, then the browser looks for the requested address (hostname) in the file hosts;

- if a hostname is found, the browser accesses the corresponding hostspecified in hosts-file;

- if the hostname is not found in the file hosts , then the browser accesses ( DNS-cache);

- if the hostname is found in the cache, the browser accesses the corresponding hoststored in the cache DNS;

- if the hostname is not found in the resolver cache DNS, the browser accesses DNS-server;

- if the requested web page (site) exists, DNS-server translates user-specified Url-address in ;

- the web browser downloads the requested resource.

History of origin hosts-file

# Copyright (c) 1993-1999 Microsoft Corp.

#

#

# space.

#

#

# For example:

#

127.0.0.1 localhost

# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

:: 1 localhost

# Copyright (c) 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# :: 1 localhost

Usage hosts-file

hosts-file can be used to speed up the work in the Global Network and reduce traffic - due to the decrease in requests to DNS-server for frequently visited resources.

For example, you often download resources google.ru and google.com... Open the file hosts and after the line127.0.0.1 localhost enter lines

209.85.229.104 google.ru

74.125.232.20 google.com

This will prevent the web browser from accessing the server. DNS, and immediately establish a connection with sites google.ru and google.com.

Sometimes hosts-file is used to block unwanted resources (for example, sending and malicious software). To do this, after the line 127.0.0.1 localhost enter string

127.0.0.1 URL_of_blocking_resource

The essence of this manipulation is that the blocking resource is mapped to127.0.0.1, which is the address local computer, - so the unwanted resource will not be loaded.

Editing rules hosts-file

1. Each element must be located in separate line.

2. must start at the first position of the line, followed (on the same line) by the corresponding hostname.

3. and the hostname must be separated by at least one space.

4. Comments should be preceded by a symbol # .

5. If comments are used in strings of matching domain names, they must follow the hostname and be separated from it by the symbol # .

Usage hosts-file by virus writers

Attackers have long chosen hosts-file, - with its help, the real addresses of web resources are substituted on the infected. After that, the web browser redirects the user to sites with malicious, or, for example, blocks access to the sites of antivirus manufacturers.

Malicious disguises modification hosts-file as follows:

- to make it difficult to detect lines added by a virus, they are written to the end of the file - after a long empty area formed as a result of multiple newlines;

- after that the original hosts-file is assigned an attribute Hidden(by default, hidden files and folders are not visible);

- a false one is created hosts-file which unlike the real file hosts(no extension) has the extension .txt(by default, extensions are not displayed for registered file types):


hosts-file: how to eliminate the consequences virus attack

Open up hosts-file (if the virus has installed the fileattribute Hidden, will be required in Folder properties enable option Show hidden files and folders) ;

- a window will appear Windows with a message "Failed to open next file ...";


- set the switch Selecting a program from the list manually -> OK;

- in the window Program selection in a scrollable list Programs highlight Notepad -> OK;

- file hosts will open in Notepad;

- remove all lines except 127.0.0.1 localhost;

- save hosts-file.

Valery Sidorov

Where is hosts file ? I cannot access many sites, mostly antivirus software, friends say I have a virus on my computer, and problems because of it. My antivirus program is regularly updated, I heard it in Windows XP, there is a hosts file and if you edit it properly, the problem will go away, but if you do it wrong, the Internet will completely disappear, do not tell me where it is and how to edit it?

Where is the hosts file located?

  • Note: You want to know how virus programs use this very important file, as well as how you yourself can use this secret weapon for good purposes. What to do when the hosts file is completely absent from the system or you have two hosts files. What to do when your sites do not open: Odnoklassniki, VKontakte, mail.ru, then be sure to read our new article after reading this article.

In Windows XP and Windows 7, there is a very small and good file, with which you can control your Internet surfing, the vast majority of users personal computer do not know about it, and if they do, they prefer to bypass it for fear of doing something wrong, this file is called hosts. Why is it needed?

  • When you enter the name of the site into the address bar of the browser, for example - mail.ru, be aware that a special DNS server located on the Internet immediately converts the name mail.ru into a set of numbers that is unique for each site IP-address, to for example for mail.ru it is 94.100.191.204. Since the Internet server where the mail.ru site is located does not contain names, but contains only numbers, the names were specially invented for you and me, so that we would more easily remember them. The hosts file is needed to speed up work on the Internet by bypassing the call to DNS server, that is, if we write such information 94.100.191.203 mail.ru in the hosts file, then the mail.ru site will be loaded with us directly, bypassing the DNS server. But you need to register everything correctly, otherwise you will not get anywhere at all or you will end up in the wrong place. This is the "wrong place" and is used by the creators of virus programs. Now about everything in detail!

The most important thing to remember is that a request to the hosts file from all browsers takes precedence over accessing DNS servers. In simple words, any browser before your request, always looks at the information in the hosts file.

For example, if you write other information instead of 94.100.191.203 mail.ru in the hosts file, for example 217.20.147.94 mail.ru, then we will type mail.ru in any browser, instead of the mail.ru mail service, we will go to the Odnoklassniki website , since the IP address 217.20.147.94 is the address of the Odnoklassniki website.

Any System Administrator, and a simple user, must protect the hosts file like the apple of his eye. Now about viruses. Virus writers are happy to use hosts file for their own purposes. A virus entering the user's computer often changes the file hosts , so if you have problems accessing any sites, first of all you need to check your car for the presence malware and then return the file hosts pristine appearance.

The hosts file is located by the address C: \ windows \ system32 \ drivers \ etc \ hosts, where (С :) letter system partition, it is this file that decides which sites are worthy of your attention and which are not. The hosts file can be hidden, in order to see it, you need to enable the display in the system hidden folders and files. Computer-> Organize-> Folder and Search Options-> View, then uncheck the boxHide protected system files, and mark the itemShow hidden files and folders and drives


Opens the hosts file by double clicking right mouse, when prompted to select a program to open the file, select Notepad.

Friends, if you did not find the hosts file in the C: \ windows \ system32 \ drivers \ etc \ folder, then the virus has changed the location of the file in the registry key

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ Tcpip \ Parameters \ DataBasePath,

By the way, you may have the hosts file where you need it, but the operating system will use the hosts file, which is located in a completely different place, where exactly the other hosts file created by the virus is located, you can find out by looking at the DataBasePath value. You will need to return the key to the correct value, as shown in the screenshot.

So we found out where is the hosts file, now let's learn how to edit it, if you just want to fix the file automatically (recommended) using the Microsoft Fix it 50267 utility, then go to the site to its creators and do it with two clicks.

Here is a sample of the original hosts file, by default there should be only one entry 127.0.0.1 localhost in the file

You can directly copy it from me and edit the hosts file with notepad.

Original hosts file in Windows XP

# (C) Microsoft Corp. 1993-1999

# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.

# This file contains mappings of IP addresses to host names.

# Each element must be on a separate line. The IP address must

# is in the first column, followed by the corresponding name.

# IP address and hostname must be separated by at least one space.

# In addition, comments may be inserted on some lines

# (such as this line), they must follow the hostname and be separated

# from it with "#".

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # client x host

127.0.0.1 localhost

Original hosts file in Windows 7

# Copyright (c) 1993-2009 Microsoft Corp.

# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# :: 1 localhost

If we want, we can deny access to some sites altogether, using of this file... You can do it like this, after the numbers 127.0.0.1 you need to enter the domain name of this site. For example, in most cases, a virus program prohibits visiting sites that distribute antivirus software, in the case of Kaspersky antivirus, it will look like this:

127.0.0.1 kaspersky.com

And you and I can use this secret weapon, for example, by protecting our children from accidentally visiting sites with certain content without resorting to programs like Parental Control, for example, we will prescribe:

127.0.0.1 is the name of a site that is dangerous in your opinion.

127.0.0.1 porno .ru

127.0.0.1 sex .ru

The computer will look for the addresses of these sites on the hard disk, you don't need to enter a lot of addresses either, the computer will noticeably slow down.

How else can you use the hosts file? It is no secret that only digital addresses are used on the Internet. The names of the sites, for example: R emontcompa.ru, were invented to make them easier for a simple user to remember. Using the DNS service, a computer converts letters that are understandable to us, but not familiar to it, into numbers, naturally, it takes a lot of time for a computer to access remote DNS servers.

To quickly load your favorite site, in the hosts file, you need to specify its address in numbers directly, bypassing the DNS service. For example, we constantly need Post service mail.ru, since the IP of the site is 94.100.191.203, we write such information in the hosts file, first enter the IP, and then the server name.

127.0.0.1 localhost

94.100.191.203 mail.ru

A space is required.

Friends, recently virus writers have come up with a trick if, for example, you open the hosts file

in notepad, then at first glance nothing suspicious will seem to you, the contents of the hosts file will be standard,

but it is worth scrolling the scroll arrow to the end, to the very end of the hosts file, then there you can find, for example, such malicious entries, of course they need to be deleted.

After a while, you will need to check the hosts file again, if malicious entries are added again, then you have on your computer

the virus works. Read our articles.

Few users working with the "seven" and surfing the Internet guess the true meaning of the HOSTS file (Windows 7). Its content will be shown a little later, but for now let's dwell a little on theory.

why is it needed?

In general, if anyone paid attention, the file itself is located in the etc directory, if you successively go through the tree from Windows folders, via System32 to the drivers directory on system disk... Not everyone, however, enters such a jungle of the system; by and large, this is not necessary. On the other hand, if you pay attention, the object itself does not have an extension, although, in fact, it is an ordinary text document.

But let's take a closer look at Windows 7. Its content is that it is this object that is responsible in the system for the relationship between the names of hosts (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to write combinations consisting of numbers in the browser, but only the names of resources can be specified.

And one more small clarification about the HOSTS file (Windows 7). Its content is subject to change. Depending on what changes were made, this can help block certain sites, speed up access to some resources, or, on the contrary, play a cruel joke by redirecting the user to questionable sites. However, let's first take a look at the original file.

(Windows 7): table of contents

So, first, let's try to open it. I must say that if you use the standard double-click method, nothing will work, because, as mentioned above, this object has no extension. In addition, the file can be hidden, so you must first select the display of hidden objects in the view menu. But the system will offer several applications to open. We choose the simplest - the standard "Notepad" and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). It should be so.

Attention! There should be nothing at all below the line indicating the reserved local address, unless, of course, the user wants some resource to be blocked!

In general, everything above localhost refers to allowed resources. Anything below - to the blocked ones. It is easy to guess that many viruses, in particular programs that distribute spam or advertisements (Malware, Adware, etc.) independently edit the contents of this file. So it turns out that when requesting one resource, the user receives a redirect (redirect) to a completely different one.

HOSTS by default in Windows 7

We reviewed the original file. Now let's take a look at the changed content. To fix it, you can take the contents of the "clean" file for the "seven" from another computer or from the Internet, copy it, then paste it into the original and save it.

But there is one problem here. The fact is that sometimes, after deleting everything unnecessary, it is impossible to save the file as the original (the system simply does not allow it to be done).

How to enter this case? First, delete the original completely (Shift + Del), bypassing the "Trash". Then right click on the empty space inside the etc directory and create new file with the same name, but do not specify the extension. Now we insert the necessary content into it and save the object. After that, in the same place you need to find the lmhosts.sam file and delete it, as indicated earlier.

That's it, it's done. That in the first, that in the second case, a system reboot is mandatory. Only then will everything work as expected. And, of course, editing should be done exclusively with admin rights.

Outcome

In general, very brief information about the HOST file. If you look at the issues of blocking some unwanted resources or, on the contrary, permissions to visit them with accelerated access, editing should be done exclusively manually and according to certain rules. Here you need to remember that the key role of the separator is played by the string indicating the reserved local IP. Well, then, as they say, it's a matter of technology. By the way, the above technique will also help if the contents of the object have been changed due to the influence of virus programs.

All sorts of problems with logging into sites, when you can not go to Odnoklassniki, in the contact they say that your account has been blocked on suspicion of hacking and ask you to enter a phone number, then a code, and as a result, money is withdrawn from the account, most often associated with malware changes in system file Hosts.

There are many ways to fix the hosts file in Windows, and they are all fairly simple. Let's consider three such methods, which, most likely, will be enough to put this file in order. Update 2016: (how to change, restore where located).

Another easy way to fix hosts is to use the AVZ antivirus utility (it can do more than just that, but this instruction will only cover fixing hosts).

You can download AVZ for free from the official website of the developer http://www.z-oleg.com/secur/avz/download.php (look on the right side of the page).

Unpack the archive with the program and run the avz.exe file, then in the main menu of the program, select "File" - "System Restore" and mark one item "Clearing the hosts file".

Then click "Perform marked operations", and when finished, restart your computer.

Microsoft Fix it utility for recovering the hosts file

And the last way is to go to the page http://support.microsoft.com/kb/972034/ru dedicated to recovering the hosts file and download the utility available there. Fixit to automatically reset this file to its original state.

In addition, on this page you will find the original contents of the hosts file for various operating systems.

Operating system (OS) Windows (like other OS) has the ability to accelerate the transition to the IP address you typed in the site without accessing the domain name system DNS - DomainNameSystem. For this it is used special file operating system called hosts (used without any extension). The question arises: "The hosts file - what should be there?"

What is it for and what does the hosts file contain?

If this file contains a correspondence between the site name and its actual IP address, then redirection occurs without contacting the DNS service of your provider. Hosts file is a plain text file that can be opened by anyone, for example, with Notepad (but requires administrator rights). By default, the file contains several lines of explanations (comments) in English or Russian and a single executable line that redirects calls to the localhost name to the IP address of the computer itself.

Where is the hosts file located

Usually the hosts file can be found:

  • in Windows versions 95/98 / ME - in the WINDOWS directory;
  • in Windows NT / 2000 - at WINNT \ system32 \ drivers \ etc;
  • Windows 7 hosts file (and Windows versions XP / 2003 / Vista / 8) - in the WINDOWS \ system32 \ drivers \ etc directory.

Other OS also have a hosts file with similar functionality. Where the hosts file in these operating systems is located needs to be considered separately.

Why a file is important for virus protection

The importance of resolving the issue of hosts, what should be there, is that some use the special properties of this file to protect against antivirus programs and to block the call of some files. After all, if you write the redirection of anti-virus programs to a false IP address in the hosts file, then the computer will not be able to carry out the work of these programs, and, for example, anti-virus databases just won't be updated.

Therefore, if your computer has problems with the operation of antivirus programs, one of the reasons may be an unauthorized modification of the hosts file on your computer.

What the hosts file can be used for

Some users use it to prevent the possibility of using certain sites, for example, pornographic or boring sites. social networks... To accomplish such a task, you can simply enter at the end of the file for each site one line of the type: 127.0.0.1 "site name". At the same time, the sites by whose name users are trying to go to this computer, just won't be called.
You can also do the following trick: redirect those trying to call an unwanted site to a site, for example, Mashkov's library, by entering the line: 81.176.66.163 "site name".

Excluding ad serving

Also, the question of hosts, what should be there, is important because by making some additions to it, you can avoid showing annoying contextual and / or banner advertising, which in some sites is added not only along the perimeter of the information content of the pages, but also interspersed in the middle of the texts articles. To do this, you need to redirect sites that post these types of advertising to 127.0.0.1, as indicated above. And these are sites such as, for example, "Google" contextual advertising Adsense. To exclude its display, enter the following lines in the hosts file:

  • 127.0.0.1 pagead.googlesyndication.com;
  • 127.0.0.1 pagead2.googlesyndication.com.

On the Internet, you can find ready-made texts for insertion into the hosts file, containing many such lines, excluding the display of unnecessary ones.In addition, there are ready-made texts for setting more fast work with some search engines like hosts google. However, you need to be careful when using such materials. It is undesirable for the hosts file to be larger than 10 KB. Otherwise, it will slow down the system itself. Although this 10KB can accommodate many of these redirect strings.

Possible difficulties

First you need to make sure that the file you want to edit is the correct one. The fact is that some cunning creators of virus programs disguise the hosts file used by the system, placing it in the wrong place where it is registered by default. The system accesses the Windows 7 hosts file, the path of which is registered in the registry in the DataBasePath parameter located at the address: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ Tcpip \ Parameters \.

The correct path value looks like:% SystemRoot% \ system32 \ drivers \ etc \ hosts. You can check this by calling the registry editor regedit.exe from the START menu - run.

If the specified variable contains a different value, you need to restore the value that should be.

Another trick of the malware is to place another file with a similar name, such as host, in the etc directory along with the hosts file. Be careful to make sure that you are checking and editing the exact file used by the system.

The third trick is to hide the file from view. They just prescribe that it is hidden. In this case, it is simply not visible in the directory, although it is present there. To be able to view it, you must first set the item "Show hidden files". In Windows XP, this option is set in the View tab of the Properties panel of the Control Panel menu folder. After that, viewing of hidden files will be possible, and it will be possible to reset the "hidden" flag in the properties of this file. At the same time, check if the "Read-only" flag is set for this file. If it is, then you will not be able to edit it. It is necessary to uncheck the corresponding field of the file properties panel.

The next trick might be to use a proxy. If a manual proxy setting is set, then the hosts file will not work. Please check your browser settings to correct this problem. For example, for Firefox you need to open "Settings", then "Advanced", then in the "Network" tab, select "Configure". In the menu that appears, if the item "Use system settings proxy ", select the" No proxy "item and save the settings. But if the item " Manual setting proxy service ”, and you did not install it, then more work needs to be done. First you need to remember the set address of the proxy server, set the item "No proxy", save the settings. Then you need to open the registry editor, call the search, insert the memorized address and perform the search, deleting the value of your address assigned to them in the keys found.

Simple protection

By the way, to prevent malicious programs from changing the settings of the hosts file on your computer, it is useful to set the "Read-only" attribute in its properties (after all your changes in it).

Thus, in this article, we figured out the question about Hosts, what should be there, and found out what kind of file it is, where it is located, what functions it performs, how it can harm a computer under the influence of malware, and how to use it in our purposes.

Similar publications: