The host file is missing. Where is the hosts file located? Where is hosts located?

Where is the hosts file located?? I can’t access many sites, mostly anti-virus programs, friends say I have a virus on my computer, and problems are caused by it. My antivirus program is regularly updated, I heard in Windows XP, there is a hosts file and if you edit it properly, the problem will go away, but if you do it incorrectly, the Internet will completely disappear, can you tell me where it is and how to edit it?

Where is the hosts file located?

• Note: Do you want to know how virus programs use this very important file, and also how you can use this secret weapon yourself for good purposes. What to do when the hosts file is completely missing from the system or you have two hosts files. What to do when your websites do not open: Odnoklassniki, VKontakte, mail.ru, then be sure to read our new article after reading this article.

In Windows XP and Windows 7, there is a very small and good file with which you can control your Internet surfing, the vast majority of personal computer users do not know about it, and if they do know, they prefer to bypass it for fear of doing anything that’s not true, this file is called hosts. Why is it needed?

• When you enter the name of a site, for example, mail.ru, into the address bar of your browser, know that a special DNS server located on the Internet immediately converts the name mail.ru into a set of numbers, which is a unique IP address for each site, to For example, for mail.ru it is 94.100.191.204. Since the Internet server where the mail.ru website is located does not contain names, but contains only numbers, the names were specially invented for you and me, so that we can remember them more easily. The hosts file is needed to speed up work on the Internet by bypassing access to the DNS server, that is, if you and I write the following information in the hosts file 94.100.191.203 mail.ru, then the mail.ru website will load directly from us, bypassing the DNS server . But you need to register everything correctly, otherwise you won’t get anywhere at all or you’ll end up in the wrong place. This is the “wrong way” that the creators of virus programs use. Now about everything in detail!

The most important thing to remember is that a request to the hosts file in all browsers has priority over access to DNS servers. In simple words, any browser, before making your request, always looks at the information located in the hosts file.

For example, if in the hosts file we enter other information instead of 94.100.191.203 mail.ru, for example 217.20.147.94 mail.ru, then by typing mail.ru in any browser, instead of the mail.ru mail service, we will get to the Odnoklassniki website , since the IP address 217.20.147.94 is the address of the Odnoklassniki website.

Any system administrator, and even a simple user, must guard the hosts file like the apple of his eye. Now about viruses. Virus writers, one might say, are happy to use hosts file for your own purposes. When a virus gets onto a user’s computer, it often changes the file hosts , therefore, if you have problems accessing any sites, first of all you need to check your machine for the presence of malware, and then return the file hosts pristine appearance.

The hosts file is located at the address C:\windows\system32\drivers\etc\hosts, where (C:) is the letter of the system partition, it is this file that decides which sites are worthy of your attention and which are not. The hosts file may be hidden; to see it, you need to enable the system to show hidden folders and files. Computer->Organize->Folder and Search Options->View, then uncheck the itemHide protected system files, and mark the pointShow hidden files and folders and drives

The hosts file opens by double-clicking the right mouse; when prompted to select a program to open the file, select Notepad.

Friends, if you did not find the hosts file in the C:\windows\system32\drivers\etc\ folder, it means the virus has changed the location of the file in the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DataBasePath,

By the way, you may have the hosts file where you need it, but the operating system will use the hosts file located in a completely different place. You can find out exactly where the other hosts file created by the virus is by looking at the DataBasePath value. You will need to return the correct value to the key, as in the screenshot.

So we found out where is the hosts file located, now let's learn how to edit it, if you want to simply fix the file automatically (recommended) using the Microsoft Fix it 50267 utility, then go to the website of its creators and do it with two clicks.

Here is a sample of the original hosts file, by default the file should only have one entry 127.0.0.1 localhost

You can directly copy it from me and edit the hosts file using notepad.

Original hosts file in Windows XP

# (C) Microsoft Corp., 1993-1999

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains mappings of IP addresses to hostnames.

# should be in the first column and must be followed by the appropriate name.

# (such as this line), they must follow the node name and be separated

# 38.25.63.10 x.acme.com # client node x

Original hosts file in Windows 7

# Copyright (c) 1993-2009 Microsoft Corp.

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# ::1 localhost

If we want, we can deny access to some sites completely using this file. You can do this this way: after the numbers 127.0.0.1 you need to enter the domain name of this site. For example, in most cases, a virus program prohibits visiting sites that distribute anti-virus software; in the case of Kaspersky anti-virus, it will look like this:

127.0.0.1 kaspersky.ru

And you and I can use this secret weapon, for example, by protecting our children from accidentally visiting sites with certain content without resorting to programs like Parental Control, for example, we will write:

127.0.0.1 is the name of a site that you consider dangerous.

127.0.0.1 porno.ru

127.0.0.1 sex.ru

The computer will look for the addresses of these sites on the hard drive, you don’t need to enter too many addresses either, the computer will noticeably slow down.

How else can you use the hosts file? It's no secret that only digital addresses are used on the Internet. The names of sites, for example: R emontcompa.ru, were invented so that the common user would remember them more easily. The computer converts letters that we understand, but are not familiar to, into numbers using the DNS service; naturally, it takes a lot of time for the computer to contact remote DNS servers.

To quickly load your favorite site, in the hosts file, you need to specify its address in numbers directly, bypassing the DNS service. For example, we constantly need the mail.ru mail service, since its site IP is: 94.100.191.203, we write this information in the hosts file, first enter the IP, and then the server name.

127.0.0.1 localhost

94.100.191.203 mail.ru

A space is required.

Friends, recently virus writers have come up with a trick if, for example, you open the hosts file

in a notepad, then at first glance nothing suspicious will seem to you, the contents of the hosts file will be standard,

but if you scroll the scroll arrow to the end, to the very end of the hosts file, then there you can find, for example, such malicious entries; of course, they need to be deleted.

After some time, you will need to check the hosts file again; if malicious entries are made again, it means there is something on your computer

the virus is working. Read our articles.

The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after your computer is infected with viruses.

The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.

Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.

As for the file structure, the hosts file is a regular text file with an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus adds in the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads to the fact thatAccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, scammers can obtain user logins, passwords and other personal information.

So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

Where is the hosts file located?

Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the WINDOWS\system32\drivers\etc\ folder.

In the Windows NT and Windows 2000 operating systems, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the Windows key combination + R to open the Run menu" In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
2. After the folder in which the hosts file is located opens in front of you, make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
3. Create a new empty hosts file. To do this, right-click in the etc folder and select "Create a text document".
4. When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
5. Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
6. Depending on the version of the operating system, the contents of the standard hosts file may differ.
7. For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost".
8. Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost".

Hosts is a text file containing a database of domain names and used when translating them into network addresses of hosts. A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator. All of the above means that with the help of this file you can very easily and simply set up access to any of the existing Internet resources. Let's say you wanted to block access to one of the popular social networks, for example. To do this, you will have to write just a few lines in hosts and save the changes. After this, any user who uses your computer will simply not be able to get into VK, since access will be denied. Of course, with a set of minimal knowledge, this prohibition is easily circumvented.

An ordinary user should theoretically know nothing about the hosts file, since it simply has no use for him. Alas, modern realities are such that we have to learn a lot of new things. The fact is that in the last few years a lot of fraudulent organizations have appeared that use hosts to steal personal information, as well as to take money from a person by redirecting him to other sites for the purpose of extortion. So that you understand what I'm talking about, I'll give you an example. Let's say you decide to go to the same VK. Only instead of your page, you see a warning in which you are asked to send an SMS to a short number in order to make sure that you are a real person and not a robot. There may be other reasons, in this case it does not matter. You send a message, after which money begins to be debited from your account. This is the fraud of which you have become a participant. You must immediately call your telecom operator, explain the situation and ask for a refund to your account. Most likely, you will have to write a written statement, after which the funds will be returned to you, since they were withdrawn from the account illegally.

How could this happen? Using the hosts file, you are automatically redirected to a fraudulent site, which only in appearance resembles the usual VKontakte, while the address in the line may be real (that is, vk.com). However, this is not VK. To verify this, you can open hosts and see extra lines like 111.222.333.333 vk.com, with the help of which the redirection occurs.

Another question arises - how can the hosts change? Yes, it’s very simple: to do this, you just need to install a Trojan on your PC, which will carry out the entire operation without your knowledge. And you can pick it up on almost any website.

So, now let's move on to the main question, namely: what does the file look like? Let me say right away that it varies slightly depending on the operating system.

Windows XP

# Copyright (c) 1993-1999 Microsoft Corp.
#

#




#space.
#


#
# For example:
#

127.0.0.1 localhost

Windows Vista

#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

Windows 7 and 8

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost

As you can see, the files are practically no different from each other, with some differences. However, I recommend using your own hosts for each operating system. Just copy the specified data.

By the way, the files are located in the following sections:

• In Windows XP/2003/Vista/7/8 C:\WINDOWS\system32\drivers\etc\hosts

• On Windows NT/2000: C:\WINNT\system32\drivers\etc\hosts

If you do not have the ability or desire to change this file yourself, you can use a utility called, which I recently talked about - it automatically changes the contents of hosts if it contains extra characters.

File hosts establishes a correspondence between the IP server and the site domain. A request to this file takes precedence over calls to DNS servers. Unlike DNS, the contents of the file are controlled by the computer administrator.

Today, a large number of malware use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look similar to popular resources (social networks, email services, etc.), where an inattentive user enters credentials, which thus get to the attackers. It is also possible to block access to the websites of antivirus software companies.

Hosts file location

Default file hosts located here C:\Windows\System32\drivers\etc The file has no extension, but can be opened with Notepad. To change the contents of a file in Notepad, you must have administrator rights.

To view the file hosts open the menu Start, select item Execute, enter the command

and press the button OK

This is what the file should look like hosts default.

If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for “malware”, and then restore the file hosts

Restoring the contents of the hosts file to default

• Open menu Start, select item Execute, enter the command

  %systemroot%\system32\drivers\etc

  and press the button OK.

• Rename the hosts file to hosts.old.
• Create a new file hosts default. To do this, follow the steps below.

1. Right click on an empty space in the folder %WinDir%\system32\drivers\etc, select item Create, click the element Text document, enter name hosts and press the key ENTER.
2. Click the button Yes to confirm that the filename will not have the extension TXT.
3. Open a new file hosts in a text editor. For example, open the file in " Notebook".
4. Copy the text below into a file.

   # Copyright (c) 1993-2009 Microsoft Corp.
   #
   # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
   #
   # This file contains the mappings of IP addresses to host names. Each
   # entry should be kept on an individual line. The IP address should
   # be placed in the first column followed by the corresponding host name.
   # The IP address and the host name should be separated by at least one
   #space.
   #
   # Additionally, comments (such as these) may be inserted on individual
   # lines or following the machine name denoted by a "#" symbol.
   #
   # For example:
   #
   # 102.54.94.97 rhino.acme.com # source server
   # 38.25.63.10 x.acme.com # x client host

   # localhost name resolution is handled within DNS itself.
   # 127.0.0.1 localhost
   # ::1 localhost

Save and close the file.

You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own. To do this you need to run Notebook in mode Administrator.

How to run standard Windows programs, see

I write about what worries me at the moment. The websites Odnoklassniki, VKontakte, and My World were simultaneously blocked on my computer.

Of course, you can bypass the blocking using an anonymizer if this happens at work or school, but if this is your computer, then know that you “caught a virus.” Of course, it is very unpleasant to realize that a “stranger” is in charge of your territory, but do not despair, everything is in our hands!

To remove the virus you need to find the hosts file on your computer at these addresses: Click the button Start - Computer - Local disk (C:) and further -

Windows95/98/ME:WINDOWS\hostsWindowsNT/2000:

WINNT\system32\drivers\etc\hostsWindowsXP/2003/Vista:

WINDOWS\system32\drivers\etc\hosts

Attention!

Before opening the file, click at the top Tools - Folder Options - View - Advanced Options. Scroll the window and find the option at the very bottom Show hidden folders, files, drives.

This is very important, since the virus hosts file enters our computer in hidden form.

I discovered two “extra” hosts files. These hidden “virus” files need to be removed. Open the file using the Notepad editor (right-click - “open with”).

If you do not have this editor, then open it using Notepad or WpordPad.

A “clean” hosts file should look like this:

For Windows XP

# Copyright (c) 1993-1999 Microsoft Corp.

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a ‘#’ symbol.

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

For Windows Vista system

#

#




#space.
#


#
# For example:
#


127.0.0.1 localhost::1 localhost

For Windows 7 system

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

In Russian:

# (C) Microsoft Corp., 1993-1999

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains mappings of IP addresses to hostnames.

# Each element must be on a separate line. The IP address must

# should be in the first column and must be followed by the appropriate name.

# The IP address and hostname must be separated by at least one space.

# Additionally, some lines may contain comments

# (such as this line), they must follow the node name and be separated

# from it with the ‘#’ symbol.

# For example:

# 102.54.94.97 rhino.acme.com # origin server

# 38.25.63.10 x.acme.com # client node x

127.0.0.1 localhost

When you have compared the “clean version” with yours and found extra entries - get rid of them - they are garbage! Also remove unnecessary hidden hosts files, in which you will find links to Odnoklassniki, My World, VKontakte and many other nasty things. You will understand everything yourself.

This is what an infected hosts file looks like:

If you are afraid to make any changes, then simply restore the hosts file. To do this, create an empty hosts.txt file on drive C (it was selected to make subsequent steps easier), open it in Notepad and enter the file template corresponding to your operating system (see above).

After this, copy the created file to the directory C:\Windows\System32\Drivers\etc or to C:\Windows\SysWOW64\drivers\etc for 64-bit Windows 7.

If there are no hidden files and your only file contains more than the above, delete everything in it and insert one of the texts above.

Attention!

The hosts file is saved without an extension (there should not be a hosts.txt format) After everything done, be sure to restart your computer.