> >

How to change the hosts file. Corrupted HOSTS file in C:\Windows\System32\drivers\etc folder: what should I do? The host file in system32 is empty what to do

Today quite often users social networks like "VKontakte" or "Odnoklassniki" meet with the problem of entering the site. The system controls this through the HOSTS file, which is located in the C:\Windows\System32\drivers\etc tree. Unfortunately, this service is most often affected by viruses. Let's try to figure out how to fix the situation.

What files are located in the C:\Windows\System32\drivers\etc directory, and what are they responsible for?

First, let's look at the files in this folder. In addition to the desired file, only four more objects should be located here. If there is something else, you can safely say that or something like that.

In terms of file functions, for example, the C:\Windows\System32\drivers\etc\services object and other files, including HOSTS, protocol, lmhosts, and networks, are responsible for some functions of a user's access to certain resources on the Web.

The one in question determines the mapping of a database of domain names to IP addresses. In addition, its use involves accelerating the user's access to the most frequently visited pages on the Internet bypassing DNS servers, as well as blocking some unwanted resources or banner links. By default, in addition to the descriptive text part, it contains the only entry of interest to us at the end of the text, namely: 127.0.0.1 localhost. All! There should be no more additional entries in it.

Checking the IP address of sites

If we talk about the example of a domain name matching the real IP address of a resource, you can check it in a completely elementary way, using the standard input of the ping command on the command line, after which the URL of the resource being checked is indicated with a space.

To get the IP of any resource, you must use the following combination: ping www.(site name).(domain ownership). For example, for Facebook networks it will look like ping www.facebook.com. After executing the command, the desired address and statistics of the so-called ping will be displayed on the screen.

What to do if the file is infected with a virus?

Unfortunately, it is the C:\Windows\System32\drivers\etc\HOSTS file that viruses infect most often. After that, when a user enters the same social network, he is either redirected to a clone site, or a message is generally displayed requiring payment for entry. Let's make a reservation right away: not a single "social program" takes money for using the services of the resource. Hence the conclusion: this is a virus (sometimes artificial blocking, which is extremely rare).

If such a misfortune has already happened, you should first check the computer system. In some cases, you should not even use the antivirus installed on the system, because it has already missed the threat, and there is no guarantee that it will detect and remove it as a result of an on-demand scan.

It is better to run some portable utilities like Dr. Web (preferably Cure IT!) or KVRT, which doesn't even require installation. But even such powerful products do not always help, and blocking access to resources, specified in the C:\Windows\System32\drivers\etc\HOSTS file, remains and continues to work. Let's see how we can get rid of it.

Correcting file text manually

To begin with, we go to the C:\Windows\System32\drivers\etc directory itself, after which we select our file and right-click to call up the menu with the “Open with…” command (initially, the system file itself will not be opened by double-clicking, because it does not have an extension) . Now from the list available programs select the standard "Notepad" and look at the contents of the text.

As a rule, an infected file may contain entries like 127.0.0.1, after which the addresses of resources of the same "social networks" are indicated (for example, 127.0.0.1 odnoklassniki.ru). This is the first sign that they are produced due to the operation malicious code. It turns out that the control elements of the system, referring to the HOSTS file, are constantly produced when trying to access it.

The simplest fix is ​​to delete all content and then paste the original text (it can be taken from another computer or found on the Internet). After that, you just need to save the changes (Ctrl + S) and reload computer terminal. You can, of course, try to replace the desired file with the original one, but the system is unlikely to allow this even if you have administrator rights. In addition, this option works in about 20-30% of cases.

Problems with HOSTS and the lmhosts.sam object

The problem can often be more serious. The fact is that sometimes when you enter the C:\Windows\System32\drivers\etc directory, the HOSTS file we need is visually missing.

First, in the "Explorer" you should use the service menu, and then select the folder options, where the option to show hidden objects (files and folders) is activated. In addition, you need to remove the "birds" from the lines of hiding protected system files and extensions for registered types. Now our file is visible.

However, this is where the real problems begin. The fact is that when you try to edit or save, the system displays a message stating that the file C:\Windows\System32\drivers\etc\HOSTS is not writable. What to do in this case?

We take drastic measures - we delete the HOSTS file, preferably from the Recycle Bin. You can quickly remove it bypassing the "Recycle Bin" by pressing Shift + Del. Then we right-click on the free space of the window and select the command to create a new text file and call it hosts or HOSTS without an extension, as you wish, it does not matter. We agree with the warning of the system regarding the change of the extension and proceed to editing. As it is already clear, the next steps are similar to the previous option - just paste the original content and save the newly created document. After that, we delete the lmhosts.sam file (it is it that affects the performance of the desired host file), after which we again reboot the system.

This option will restore access to your favorite sites that were previously blocked. By the way, this method almost always works.

Instead of an afterword

As can be seen from the foregoing, it is quite easy to fix the problem with blocking Internet resources, even without having any special knowledge and skills for this. True, before you start editing the HOSTS system object, you should make sure that the standard anti-virus software check did not give anything. Some users try to use utilities like Microsoft Fix It. Please note that if there is a virus in the system, the files will be re-infected, and the corrections will be made only for a while.

What is the Hosts file for?
The purpose of this system file is to assign certain IP addresses to certain site addresses.
This file is very fond of all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of "inserting" the site into browsers, which will ask to send SMS when the browser is opened, or blocking various sites, at the discretion of the creators of the virus.

Where is the hosts file in windows?
For various versions On Windows, the location of the hosts file is slightly different:

Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts


And the ending hosts, this is already the target file, not the folder. He doesn't have .

What should the correct hosts file look like?
The "content" of the hosts file is also slightly different for different versions windows, but not really. It is "written" in English language what it is for and how to make exceptions with one example. All lines that begin with a # sign mean that they are commented out and do not affect the file.
The contents of the original hosts file for Windows XP:


#

#




#space.
#


#
# For example:
#



127.0.0.1 localhost


The contents of the original hosts file for Windows Vista:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost


The contents of the original hosts file for Windows 7:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# ::1 localhost


The contents of the original hosts file for Windows 8:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# ::1 localhost


As you can see, there are no special differences in the content of the host file for different versions of windows.

How to open and edit the hosts file?
The hosts file can be found in standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, changing given file and having registered the site address in it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as an administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad in this way and open the file in it.

For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:

notepad %windir%\system32\drivers\etc\hosts



This will open the file in Notepad.

In order to block access to the site(suppose it will be test.ru ), you just need to add a line with this site to the very bottom:

127.0.0.1 test.ru


As a result, the file will have the following content:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# This HOSTS file created by Dr.Web Anti-rootkit API

# 127.0.0.1localhost
# ::1 localhost
127.0.0.1 test.ru


Each new site that you want to block, you need to start on a new line and write, not forgetting the local IP address 127.0.0.1

Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The principle of her work is that she helps to edit the hosts file.
From the screen below, the principle of its operation is clear, everything is done in a couple of clicks. Adding is done by clicking on + .


After editing, do not forget to click on the save button (2 "Save changes" button to the left of the "+" button).

You can also change this file for good purposes, for example speed up website loading.
How it works?
When you visit the site, you see it Domain name, which has letters. But all sites on the Internet have an IP address, and the names are already assigned using DNS. I will not go into the details of this process, the article is not about that. But here you need to know that the hosts file has priority when accessing sites, and only after it is a DNS request.
In order to speed up the loading of the site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or .
Domain is the name of the site.
For example, let's speed up the loading of this site on which you are reading an article by explicitly specifying the IP address and domain for the file.
Then the added line will be:

91.218.228.14 site


This speeds up page loading in a couple of seconds, and can sometimes give access if standard means You cannot access the site.

More with possible redirect to another site using the hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:

91.218.228.14 test.ru


And now, after entering the site test.ru into the address bar of the browser, you will be redirected to the site specified in the IP address..

If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text into it, from the description above (under the spoilers).

Some nuances in the hosts file:

  • Always make sure you have a scroll bar on the side and always scroll down the window. this is due to the fact that some viruses are registered in the area hidden outside the window.
  • In some cases, usually if you can't save the file, you need to sign in with account Administrator.
  • Sometimes, due to viruses, this file may be hidden. Read the article.
  • In the two methods described (redirection and acceleration), the desired result may not be obtained. The fact is that several sites can be located on one IP address, this is especially true for external IP addresses that provide services.
  • Due to the fact that viruses love this file, its attributes can be changed to Hidden and Read-only.
  • Check the file attributes if you cannot save the hosts file.

    Thus, you can easily and free of charge block access to websites in windows way editing the hosts file.

    • Many ordinary and slightly advanced computer users have been using them for many years and did not suspect the existence of some file named hosts A that does not have a last name (that is, no extension).

    But thanks to viruses and the imperfection of the operating systems of the Windows family (Windows), users had to get to know this "host", and quite closely.

    

    What is the hosts file for?

    In the Windows operating system (XP, Vista, 7, etc.), the file hosts used to associate (match) host names (hosts, servers, domains) with their IP addresses (name resolution).File hosts is a simple text file that does not have any extension (it doesn't even have a dot :)).

    File hosts physically located in the directory:

    • \Windows\System32\drivers\etc\- for Windows 2000/NT/XP/Vista\7
    • \Windows\- for old Windows 95/98/ME

    Most often, this directory is located on the C drive, so in this case the full path to the file is obtained. hosts represents:

    By default, only one IP address should be specified in a normal hosts file, this is - 127.0.0.1 . This IP address is reserved for localhost, that is, for your local PC. No other addresses should be there!

    File contents hosts for Windows XP (Russian OS version):

    

    In text form, the contents of the hosts file for Windows XP can be copied from here:

    # (C) Microsoft Corp., 1993-1999
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains mappings of IP addresses to hostnames.
    # Each element must be on a separate line. The IP address must
    # be in the first column, followed by the appropriate name.
    # The IP address and hostname must be separated by at least one space.
    #
    # Also, comments can be inserted on some lines
    # (such as this line), they must follow the hostname and be separated
    # from it with the symbol "#".
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # client node x

    127.0.0.1 localhost

    File contents hosts for Windows Vista (English OS version):

    In text form, the contents of the hosts file for Windows Vista can be copied from here:

    # Copyright (c) 1993-2006 Microsoft Corp.
    #

    #




    #space.
    #


    #
    # For example:
    #


    127.0.0.1 localhost
    ::1 localhost

    

    File contents hosts for Windows 7(English version of OS):

    In text form, the contents of the hosts file for Windows 7 can be copied from here:

    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    #space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a "#" symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1localhost
    # ::1 localhost

    Using the hosts file

    File hosts theoretically can be used to speed up the work on the Internet and reduce the amount of traffic. This is implemented by reducing queries to the DNS server for frequently visited resources by the user. For example, if you use every day search engines Yandex and Google (sites http://yandex.ru and http://google.ru respectively), then it makes sense in the file hosts after the line " 127.0.0.1 localhost" write the following lines:

    93.158.134.11 www.yandex.ru

    209.85.229.104 google.ru

    This will allow your Internet browser not to contact the DNS server, but to immediately establish a connection with sites yandex.ru and google.ru. Of course, few people do such tricks at present, if only because of good modern access speeds.

    

    Restrictions using the hosts file

    Some advanced comrades sometimes use the hosts file to block unwanted web resources (for example, erotic content - for children until they grow up and become smarter than you in terms of computers). To do this, after the line 127.0.0.1 localhost also add a bnm line or more lines:

    127.0.0.1 blocking resource address-1

    127.0.0.1 addressblocked resource-2

    127.0.0.1 addressblocked resource-3

    For example:

    The essence of this entry is that the specified blocking resource will now be compared by the browser with the IP address 127.0.0.1 , which is the address local computer, - respectively, the forbidden site simply will not load.

    This feature is often used computer viruses, which add the redirects for browsers that attackers need to the hosts file:

    Most often, the redirection is done to the "left" site, which does not visually differ from the real resource, while the username and password are stolen from the user (he enters them into supposedly real site fields) or they simply write that your account is blocked (supposedly for spam, etc. ), pay money or send SMS (also very paid) to unlock. Simultaneously with the redirection to their site from social networking sites, attackers block using a file hosts access to sites of anti-virus programs.

    Attention! Never pay for it! And don't text!

    A cell phone can only be used as a means of obtaining a password, an unlock code. Those. messages should come to you, not come from you.

    

    Although, if you do not feel sorry for the money, first check with your mobile operator cost of sending SMS to given number to decide for sure that you really don’t feel sorry for just giving this amount to someone.

    How to edit the hosts file

    1. Each element must be written on its own (separate) line.
    2. The site's IP address must begin at the first position of the line, followed (on the same line) by a space-separated hostname.
    3. The IP address and hostname must be separated by at least one space.
    4. The comment line must start with the # character.
    5. If comments are used in domain name match strings, they must follow the hostname and be separated from it also by the character # .

    Viruses and the hosts file

    Attackers, so that their actions are not immediately detected, edit the file hosts more cunningly. Several options are possible:

    1. To the end of the file hosts added VERY many lines (several thousand), and redirect addresses (most often at the end) are difficult to notice, especially if you look at the contents of the file hosts using the notepad built into Windows - a very poor editor.

    To view the contents and edit a file hosts best to use text editor, which shows the number of lines in the document, such as Notepad++.

    You should also set up a rather large size of the hosts file, well, in its normal state, it cannot be more than a few kilobytes in size!

    2. The original hosts file is edited, after which the attribute " Hidden" or " Systemic", because by default hidden files and folders in operating systems Windows are not displayed. In folder C:\WINDOWS\system32\drivers\etc file is created hosts.txt(by default, extensions are not displayed for registered file types, and the system does not accept the file hosts.txt she only needs hosts), which is either completely empty, or everything is written as it should be in a real file hosts.

    3. Similarly, as in the second option, only here the attackers have already provided for the option that extensions for registered file types are displayed in the operating system (the user turned it on himself). So instead of a file hosts.txt the virus creates a file hosts, which has the letter " about" Russian, not English. Visually, the file looks like a real one, but it is also not perceived by the system.

    In this picture, the first file hosts- hidden, the virus made changes to it. Second file hosts- not real, it contains the Russian letter " about" in the name, most often this file hosts empty, viruses don't bother copying the contents from the real file.

    Restoring the hosts file

    If you have identified similar changes to your file host everything needs to be restored to its original state. To do this, do the following:

    • Disable real-time protection for your antivirus program, because many normal modern antivirus programs (for example, Avira) do not allow you to make changes to the file hosts.
    • Open directory C:\WINDOWS\system32\drivers\etc
    • Enable display of extensions for registered file types, hidden files, and system files.
    • Click on file hosts right-click and select the line " Edit with Notepad++":

    If you do not have the Notepad++ text editor program installed, then I recommend that you install it first, and do not use notepad. If you don't have in this moment Internet or just too lazy to download Notepad ++, then you can use a poor notepad to edit the file hosts.

    To open a file hosts Notepad, you need to click on it with the left mouse button, it will appear Windows window with the message " Failed to open the following file...". Set the switch to " Selecting a program from the list manually". Click OK. In the window " Program selection" find in the list Notebook and press OK.

    • Edit the contents of the hosts file so that it becomes as indicated at the beginning of this article.
    • Save changes.
    • Activate antivirus program protection (if disabled).
    • Launch the browser and check the ability to view the desired sites.

    How the hosts file works

    When the user types the address (URL) of a website in the browser and presses Enter, the user's browser:

    • Checks in the hosts file whether the name entered is the host's own name (localhost).
    • If not, then the browser looks for the requested address (hostname) in the hosts file.
    • If a hostname is found, the browser accesses the corresponding IP address specified in the hosts file for that host.
    • If the hostname is not found in the hosts file, then the browser accesses the DNS resolver cache (DNS cache).
    • If a hostname is found in the cache, the browser looks up the corresponding IP address stored in the DNS cache for that host;
    • If the hostname is not found in the DNS resolver cache, the browser contacts the DNS server;
    • If the requested web page (site) exists, then the DNS server translates the user-specified URL into an IP address;
    • The web browser downloads the requested resource.

    Hello, dear readers of the blog site. Today I want to talk about such a rather simple thing in my device as hosts file.

    Remarkably, it lives on almost all operating systems (and therefore all computers of Internet users), from Linux to Windows 7. Another distinguishing feature is that it does not have an extension, but this is due precisely to the fact that it works it should be in any OS, which means it must be universal.

    But this is not the main thing. Although he is a relic of the past, there are still plenty of ways to use Hosts for both good and bad purposes. For example, viruses and virus writers love it very much and often use it either to replace official sites with their phishing duplicates, or to block the ability to update your anti-virus program.

    However network equipment I need IP-ishniki and nothing else. Therefore, a list of correspondence between the host name and its Ip address () was manually formed. Such a list was called Hosts and sent to all hosts. local network. Everything was great until the moment when it became impossible to use such a method due to the huge number of entries contained in this file. Distributing it became problematic.

    In this regard, we decided to approach this issue differently, namely, to place on the Internet a whole (domain name system) that would store all these correspondence tables and users' computers turned to the nearest of them with the question of which Ip-ishnik corresponds to the Vasya.ru domain.

    At the same time, everyone safely forgot about the Hosts file, but it still had a place to be in all operating systems, except that only its content was extremely scarce. Usually there was and still is only one entry:

    127.0.0.1 localhost

    For some reason, this IP address (or rather the range 127.0.0.1 - 127.255.255.255) was chosen to represent the local host (private IP), i.e. the very computer you are sitting at (literally localhost - “this computer”). But, really, that's all for the old IPv4 (fourth version).

    And in IPv6, which is now in use (due to the fact that it is embedded in previous version the number of addresses is not enough for everyone) such an entry will look a bit different:

    ::1 localhost

    But the essence is the same. Because now both standards for specifying an IP address are still used or can be used, then in the Hosts file usually both of these lines are present. True, any gibberish can be written above them (depending on the OS used), but all those lines contain the hash symbol # (hash) at the beginning, which means that these lines are comments and should not be taken into account.

    On my old Windows Vista, the Hosts file now looks like this:

    # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # This HOSTS file created by Dr.Web Anti-rootkit API 127.0.0.1 localhost:: 1 localhost

    Record syntax very simple - first the IP address is indicated, and then, after any number of spaces (tab characters), the name of the host (computer, node or domain) is written. A separate line is used for each entry of this kind.

    Here the main question arises, and what place does Hosts take now in the process of establishing correspondence between the domain names entered in the browser and those IP addresses that are hidden behind these domains? Well, as it turned out, it occupies a very important place, namely the first one. But first things first.

    So, you enter the URL address () into the address bar of the browser, or follow the link from the browser bookmarks, or from any web page open in it. In any case, the browser receives from you the path to the document you want to see.

    Either way, the URL will contain the domain name of the site on which the document you are interested in lies (the site in our example). However, this domain corresponds to a very specific server (maybe virtual), where this very site is hosted. And this server must must be an IP address so that it is visible on the network and can be accessed.

    Your browser cannot know which IP corresponds to the domain name contained in the URL (well, unless you have enabled caching in this very browser DNS records and this node was previously visited by you). Therefore he addressed first for clarification, specifically to the Hosts file on your computer.

    If this domain is not found there (and the corresponding IP), then the browser will start torturing DNS record caching service from Windows. If earlier you accessed this domain and not much time has passed since then, then the DNS cache will give the browser this same IP address. The browser will receive it and open the document you requested.

    If there are no records for this domain among the cache, then the browser will send a request to the nearest DNS server (most likely, it will be your server) and receive the required information from it. True, in this case there may be a slight delay in opening the web page you requested, but with modern Internet speeds this will be practically not noticeable.

    And this happens with absolutely any request to open a document from the Internet from your computer. Do you get it? Empty Hosts does not create any problems, but if you fill it out, and even with malicious intent, it may turn out that you enter the password from your Yandex wallet not on the official website of this payment system, but on a phishing resource with a similar design (see ).

    How can this be? Well, no one is safe from being infected with viruses (), and a virus can easily add the IP address of a phishing resource to the Hosts and associate the domain name money.yandex.ru with it, for example. Therein lies the danger.

    A fake social networking site might intercept your passwords, charge you an entry fee, or do something more creative. The saddest thing is that it is impossible to notice the substitution, because the correct domain name will show off in the address bar of the browser.

    Where is the Hosts file located and how can I remove virus entries from it?

    On the other hand remove the changes made by the virus from the Host file even an absolute noob in computers can. Usually the problem lies precisely in finding where this very file is located.

    In old Windows versions, such as XP or 2000, it was open to everyone and lived in system folders at the following address:

    Windows\System32\drivers\etc\

    You won’t believe it, but he lives at the same address in both Windows 7 and Vista, but everything is somewhat more complicated there, because following the path:

    C:\Windows\System32\drivers\

    You won't find the etc folders there. The developers felt that this file should not be touched by ordinary mortals in order to avoid problems.

    However, the hosts file in windows 7 and vista nevertheless, there is a place to be, you just need to look for it, having received Administrator rights. Personally, I never even tried to figure out all this nonsense with rights, but for myself I found a very simple way to get around this limitation.

    So, go to the menu button "Start" - "All Programs" and find the folder "Accessories" there. Labels live inside it, among which it is easy to see the Notepad. Click on it with the right mouse button and from the appeared context menu choose "Run as Administrator":

    Well, actually, half the work is done. Now in notepad, select "File" - "Open" from the top menu. In the standard window Windows Explorer find the etc folder you are looking for (inside the Windows\System32\drivers\ directory), select "All files" in the lower right corner from the drop-down list and watch with happy eyes the appearance of this top-secret file:

    It will be exactly without an extension, and the rest of the crap, like hosts.txt, very often create viruses to divert your attention and confuse you in the end. For a real file, they set the "Hidden" attribute, which can be set or unchecked by simply right-clicking on the file and selecting the lowest item "Properties":

    And since in Windows, by default, extensions are not displayed for registered file types (that’s why they did it - I don’t understand), then the user finds hosts.txt without seeing either its extension or the fact that there is another hosts in the same folder, but it is hidden from his eyes.

    By making changes to the fake, he does not achieve anything, he starts tearing his hair, wringing his hands and goes to the store for a new laptop in order to finally get into his beloved Contact, which the virus blocked on the old computer. Ahh, horror.

    Although, of course, the user may be advanced and enable the display of hidden and system files in the settings. In Windows Vista, for this you need to go to the "Control Panel" - "Folder Options" - the "View" tab and move the checkmark to the line "Show hidden folders and files. By the way, it would be better to uncheck the “Hide extensions…” line above:

    There is very easy way to open this file. It will be enough to press the key combination Win + R on the keyboard (or select the “Run” item from the “Start” button menu), then enter the following line in the window that opens and press Enter:

    Notepad %windir%\system32\drivers\etc\hosts

    But it doesn't matter. We still found where this secret (for Windows 7 and vista) file is located, and we must carefully examine it for possible abuse. If the initial examination of the patient did not reveal any pathologies, then look to the page scroll area in Notepad.

    Sometimes the virus makes its entries after a few hundred blank lines, thereby reducing the risk of them being detected by you. If there is no scrollbar, then everything is fine, and if there is, then use it and bring your Hosts to the form that it should have from birth, i.e. it will be enough to have only two lines in it (no one needs comments):

    127.0.0.1 localhost::1 localhost

    Well if address substitution in this file it is quite simple to represent, for example, it might look like this:

    127.0.0.1 localhost::1 localhost 77.88.21.3 site

    How, in this case, is the blocking certain sites through Hosts? Well, it's just that the domain to be blocked is assigned a private IP address of 127.0.0.1, like so:

    127.0.0.1 localhost::1 localhost 127.0.0.1 vk.com 127.0.0.1 odnoklassniki.ru

    Clever browser finds this match and tries to get the desired document (web page) from your own computer, which, of course, it fails and about which it will immediately inform you. By the way, this good way block your children from accessing sites that you think they should not visit. Of course, you will still need to create a list of such sites or take it somewhere, but you can try it if you wish.

    As I already mentioned, in ancient times, when the Internet for most users was still slow, to speed up the opening of sites, their IPs were registered in Hosts. Another thing is that these same resources periodically changed hosting and, along with it, IP addresses. And the user, forgetting about what he did six months ago to speed up the Internet, is trying in vain to understand why his favorite resources are not available to him.

    How to use Hosts when transferring a site to a new hosting?

    Well, and finally, I would like to talk about how, by making changes to the Hosts file, you can work with a site that has moved to a new hosting even before DNS servers x, a new record will be written (corresponding to your domain with a new Ip address). The method is very simple, but effective.

    So, you are changing the host. Naturally, the IP address of your site also changes. How do they find out about it on the Internet? Everything is correct, using a network of DNS servers. By the way, the first and most important step you can do it yourself by going to the control panel of your registrar and entering the addresses of the NS servers of your new host.

    It is from them that the new DNS will spread throughout the Internet. But this process is lengthy and, in the worst case scenario, it can take a couple of days. At this time, the site should be available both on the new and on the old hosting, so that users from all over the world would not be deprived of the opportunity to see it.

    However, you yourself will be interested to know how, in fact, your resource feels with the new host? Check the operation of all plugins and other things. Is it really necessary to wait from several hours to two days? Because it's unbearable.

    Firstly, you can try to reset the DNS cache on your own computer, because it may prevent you from seeing your resource on a new hosting if external DNS servers have already received new record. How to do it? Again, everything is very simple. Press the key combination Win + R on the keyboard (or select the “Run” item from the “Start” button menu), and then enter in the window that opens:

    A very scary window called command prompt will open, where you will need to paste this command:

    ipconfig /flushdns

    The regular paste buttons in the Command Prompt window don't work, so just right-click on it and choose Paste.

    After that, press "Enter", the DNS cache will be cleared on your computer and you can try to open your site again. By the way, the DNS cache can also be in the browser itself, so clear it or refresh the window while holding down the "Shift" button on the keyboard.

    By the way, if you are interested, you can see the contents of the DNS cache by typing in command line the following command:

    ipconfig /displaydns

    Is the site still open on the old hosting? No problem. We find the Hosts file in the way described just above and add only one line to it:

    109.120.169.66 site

    Where 109.120.169.66 - this will be IP address of your new hosting, followed by your site's domain name. All. While the rest of the world is admiring your resource on the old hosting, you have the opportunity to fix possible jambs on the engine already transferred to the new hosting. The thing is wonderful and I always use it.

    Good luck to you! See you soon on the blog pages site

    You may be interested

    What is DNS and how DNS servers provide the Internet VPS from NeoServer - become the owner of your virtual universe
    How to backup and restore from backup, as well as the nuances of transferring a site (Joomla, WordPress) to a new hosting
    Buying a domain (domain name) on the example of the registrar Reghouse
    local server Denwer - how to create a website on a computer - installation, configuration and removal of Denver
    cPanel - creating and working with databases, adding subdomains and multidomains, as well as their parking
    What are domains, hosting, DNS servers and IP addresses
    FileZilla - where to download for free and how to learn how to use popular FTP client Filezilla
    Transferring the site to a new Infobox hosting, choosing between regular and VPS, as well as working with the hosting control panel

    Today, users of social networks such as VKontakte or Odnoklassniki often encounter a problem when it is impossible to access the site. The system controls this with the HOSTS file located in the C:\Windows\System32\drivers\etc tree.


    However, this servant is just often exposed to viruses. In today's article, we will talk about how to fix this situation.

    What files exist in the C:\Windows\System32\drivers\etc directory, and what are they responsible for?

    First you need to pay attention to the files that are stored in this folder. Except existing file, only four objects should be placed here. If there is something else, it can be argued that it is a virus or some kind of malicious file. If we consider functions, for example, the object C:\Windows\System32\drivers\etc\services and other files, including HOSTS, protocol, lmhosts and networks, they are responsible for certain functions of user access to specific resources on the Internet. HOSTS maps a database of domain names to IP addresses. Also, its use provides for accelerating access to web pages that the user visits most often, bypassing DNS servers. In addition, unwanted resources or banner links are blocked. In addition to the descriptive text part, by default it stores a single entry at the end of the text, which in this case is of interest. This is exactly: 127.0.0.1 localhost. Nothing else should be there.

    Checking the IP address of sites

    When considering an example of a domain name matching the site's real IP address, you can check it in a simple way. To do this, just enter ping into the command line, and then specify the URL of the resource that is being checked, separated by a space. To get the IP of any site, you should use the following combination: ping www.(resource name).(domain ownership). For example, for the social network Facebook it will look like this: ping www.facebook.com. When the command is executed and the desired address is displayed on the screen, as well as the statistics of the so-called ping.

    What actions are required if a file is infected with a virus?

    It is worth noting that it is the C:\Windows\System32\drivers\etc\HOSTS file that is often infected with viruses. When a user goes to the same social network, they are redirected to a clone site or a message appears in which the user is required to pay an entrance fee. It is necessary to immediately clarify: not a single social network provides for spending money for using the services of a resource. Thus, the conclusion immediately suggests itself: the system is infected with a virus. In some cases, artificial blocking occurs, which is quite rare. If this still happened, you must first carefully check the device using virus scanner. Sometimes it makes no sense to use the program installed in the system, because it has already missed the virus, so there is no guarantee that this will not happen again. It is advisable to use portable utilities such as Dr. Web (or better Cure IT!) or KVRT. It is worth noting that these programs do not even need installation. Unfortunately, in some cases, these utilities, which are quite powerful, are unable to help deal with the problem.

    Correcting file text manually

    First, go to the C:\Windows\System32\drivers\etc directory itself, then select the required file. By pressing the right mouse button, you need to open a menu with the command "Open with ...". Next, from the list of available programs, you need to select the standard Notepad and familiarize yourself with the contents of the text. Usually, in an infected file, you can see entries like 127.0.0.1, after which the addresses of social networking sites are written. For example, 127.0.0.1 odnoklassniki.ru. This is already a sign that they were created as a result of running malicious code. Thus, it turns out that the system controls permanently block the site when you try to enter it, referring to the HOSTS file. The easiest way to get rid of this problem is to delete the content the next time you insert the original text. Then you need to save the received changes using a combination Ctrl keys+ S, and reboot the computer. It is also possible to replace the desired file with the original one, however, most likely, the system will not allow this even if you have administrator rights. Besides, this method is effective only in 20-30% of cases.

    Problems with hidden file HOSTS and the lmhosts.sam object

    Just want to note that such problems can be quite serious. The thing is that in some cases, when entering the C:\Windows\System32\drivers\etc directory, the HOSTS file required by the user is visually observed. In this case, you must first visit the "Explorer" and apply the service menu, and then select the folder options, where the option to show hidden objects is used. You should also uncheck the lines for hiding protected files, as well as extensions for registered types. After that, the object can be visually detected.

    True, everything is not so simple here, because it is after this that the real problems begin. So, when you try to edit or save, the system displays a message that the file C:\Windows\System32\drivers\etc\HOSTS is not writable. What actions should be taken in this case? The drastic measures to be taken are to delete the HOSTS file. By the way, do not forget about visiting the "Basket". From there it is also desirable to remove it. If the user decides to do it quickly, without going to the "Basket", he can use the combination Shift keys+ Del.

    You need to right-click on free space window and select the command to create a new text file. You need to name it hosts or HOSTS without extension. In principle, it does not play a big role. Then you should agree with the system warning, which is associated with changing the extension, and you can start editing. It is not difficult to guess that all actions are the same as in the previous version. You only need to paste the original content and save the created document. Next, you should delete the lmhosts.sam file, which affects the performance of the desired host file. At the end, the system needs to be rebooted. This option is able to restore access to your favorite resources that were previously blocked. It is also worth noting that this method is almost always effective.

    From all of the above, we can conclude that it is very easy to fix the problem that leads to the blocking of web resources. It is not necessary to have any special knowledge and skills. Although, before you start editing the HOSTS system object, you need to make sure that the standard anti-virus check software did not give a result. Some users try to apply programs like Microsoft Fix It. It should be taken into account that if a virus is present in the system, the files may become infected again.

    Internet
    The most interesting:
    Distance from the TV depending on the diagonal ... bad choice ...
    How to make a closed VKontakte group How to make a private VKontakte group
    How to find out if a mobile phone is being tapped How to find out a mobile phone for wiretapping