Correct hosts. What is a hosts file? Internal structure of Hosts records and storage manipulation

Some terminology

DNS(English abbreviation for Domain Name System) – Domain Name Service. Establishes correspondence between numeric IP-addresses and text names.

DNS(English abbreviation for Domain Name Server) – domain name server; a service computer on a local or global network that translates computer names in domain records into .

DNS cache(resolver cache DNS) – temporary storage of previous DNS-requests on local . Reduces request execution time, reduces network and Internet traffic.

host(English) – main computer; host, any device connected to a network and using protocols TCP/IP.

IP(English) Internet Protocol) – Internet protocol; a network layer protocol from the Internet protocol suite.

IP address(English) IP address) – used to identify a node on a network and to determine routing information. Consists of the network identifier ( network ID) and host ID ( host ID).

Name Resolution(English) – domain name resolution; the process of converting a computer name to the appropriate one.

Name Resolution Service– name resolution service; in networks TCP/IP converts computer names to and vice versa.

TCP/IP(English abbreviation for Transmission Control Protocol/Internet Protocol) – information transfer control protocol, the main protocol of the transport and session layers, providing reliable full-duplex streams. Designed for use in the Global Network and for combining heterogeneous networks.

URL(English abbreviation for Uniform Resource Locator) – unified index of information resource; a standardized string of characters indicating the location of a resource on the Internet.

What's happened hosts-file

hosts-file in Windows and other operating systems is used to associate (map) host names (nodes, servers, domains) with their (name resolution).

IN hosts-by default there is only one registered in the file(127.0.0.1), reserved for localhost, that is, for local.

File hosts is a regular text file (without extension).

Disk address of the file hosts:

Windows 95\98\M.E. – \WINDOWS\;

Windows NT\2000\ \ \ – \Windows\System32\drivers\etc\.

When an Internet user types the address ( URL) of any site (web page) and clicks Enter:

– the user’s browser checks hosts-file, whether the entered name is the proper name of the computer ( localhost);

– if not, then the browser looks for the requested address (hostname) in the file hosts;

– if a hostname is found, the browser accesses the corresponding host, specified in hosts-file;

– if the hostname is not found in the file hosts , then the browser accesses ( DNS-cache);

– if a hostname is found in the cache, the browser accesses the corresponding host, saved in cache DNS;

– if the hostname is not found in the resolver cache DNS, the browser accesses DNS-server;

– if the requested web page (site) exists, DNS-server translates user-specified URL-address in ;

– The web browser loads the requested resource.

History of origin hosts-file

#space.

# For example:

127.0.0.1 localhost

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

Usage hosts-file

hosts-file can be used to speed up work on the Global Network and reduce traffic - due to reduced requests to DNS-server for frequently visited resources.

For example, you often download resources google.ru And google.com. Open the file hosts and after the line127.0.0.1 localhost enter lines

209.85.229.104 google.ru

74.125.232.20 google.com

This will prevent the web browser from having to contact the server DNS, and immediately establish a connection to sites google.ru And google.com.

Sometimes hosts-file is used to block unwanted resources (for example, those that send malware). To do this you need after the line 127.0.0.1 localhost enter string

127.0.0.1 URL_of_resource_blocked

The essence of this manipulation is that the blocked resource is mapped to127.0.0.1, which is the address of the local computer - so the unwanted resource will not be loaded.

Editing rules hosts-file

1. Each element must be on a separate line.

2. must begin at the first position of the line and must be followed (on the same line) by its corresponding hostname.

3. and hostname must be separated by at least one space.

4. Comments must be preceded by the symbol # .

5. If comments are used in domain name matching strings, they must follow the host name and be separated by # .

Usage hosts-file by virus writers

Attackers have long chosen hosts-file, – with its help the real addresses of web resources are replaced on the infected one. After this, the web browser redirects the user to sites with malicious software, or, for example, blocks access to the sites of antivirus manufacturers.

Malicious disguises modification hosts-file as follows:

– to make it difficult to detect lines added by a virus, they are written to the end of the file - after a large empty area formed as a result of repeated line translations;

– after that to the original hosts-the file is assigned an attribute Hidden(by default, hidden files and folders are not visible);

– a false one is created hosts- a file that, unlike a real file hosts(without extension) has extension .txt(by default, extensions are not displayed for registered file types):

hosts-file: how to eliminate the consequences of a virus attack

Open hosts-file (if the virus installed the fileattribute Hidden, will be required in Folder properties enable option Show hidden files and folders) ;

– a window will appear Windows with a message "The following file could not be opened...";

– set the switch Selecting a program from the list manually –> OK;

- in the window Program selection in scrollable list Programs highlight Notepad –> OK;

– file hosts will open in Notepad;

– delete all lines except 127.0.0.1 localhost;

– save hosts-file.

Valery Sidorov

I write about what worries me at the moment. The websites Odnoklassniki, VKontakte, and My World were simultaneously blocked on my computer.

Of course, you can bypass the blocking using an anonymizer if this happens at work or school, but if this is your computer, then know that you “caught a virus.” Of course, it is very unpleasant to realize that a “stranger” is in charge of your territory, but do not despair, everything is in our hands!

To remove the virus you need to find the hosts file on your computer at these addresses: Click the button Start - Computer - Local disk (C:) and further -

Windows95/98/ME:WINDOWS\hostsWindowsNT/2000:

WINNT\system32\drivers\etc\hostsWindowsXP/2003/Vista:

WINDOWS\system32\drivers\etc\hosts

Attention!

Before opening the file, click at the top Tools - Folder Options - View - Advanced Options. Scroll the window and find the option at the very bottom Show hidden folders, files, drives.

This is very important, since the virus hosts file enters our computer in hidden form.

I discovered two “extra” hosts files. These hidden “virus” files need to be removed. Open the file using the Notepad editor (right-click - “open with”).

If you do not have this editor, then open it using Notepad or WpordPad.

A “clean” hosts file should look like this:

For Windows XP

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a ‘#’ symbol.

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

For Windows Vista system

#

#

#space.
#

#
# For example:
#

127.0.0.1 localhost::1 localhost

For Windows 7 system

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

In Russian:

# (C) Microsoft Corp., 1993-1999

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains mappings of IP addresses to hostnames.

# Each element must be on a separate line. The IP address must

# should be in the first column and must be followed by the appropriate name.

# The IP address and hostname must be separated by at least one space.

# Additionally, some lines may contain comments

# (such as this line), they must follow the node name and be separated

# from it with the ‘#’ symbol.

# For example:

# 102.54.94.97 rhino.acme.com # origin server

# 38.25.63.10 x.acme.com # client node x

127.0.0.1 localhost

When you have compared the “clean version” with yours and found extra entries - get rid of them - they are garbage! Also remove unnecessary hidden hosts files, in which you will find links to Odnoklassniki, My World, VKontakte and many other nasty things. You will understand everything yourself.

This is what an infected hosts file looks like:

If you are afraid to make any changes, then simply restore the hosts file. To do this, create an empty hosts.txt file on drive C (it was selected to make subsequent steps easier), open it in Notepad and enter the file template corresponding to your operating system (see above).

After this, copy the created file to the directory C:\Windows\System32\Drivers\etc or to C:\Windows\SysWOW64\drivers\etc for 64-bit Windows 7.

If there are no hidden files and your only file contains more than the above, delete everything in it and insert one of the texts above.

Attention!

The hosts file is saved without an extension (there should not be a hosts.txt format) After everything done, be sure to restart your computer.

What is the Hosts file for?
The purpose of this system file is to assign certain website addresses to a specific IP.
This file is very popular with all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of “insertion” of a site into browsers, which will ask to send an SMS when opening the browser, or blocking of various sites, at the discretion of the creators of the virus.

Where is the hosts file in windows?
For different versions of Windows OS, the location of the hosts file is slightly different:

Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts

Moreover, the ending hosts, this is already the final file, not a folder. He doesn't have it.

What should the correct hosts file look like?
The “contents” of the hosts file are also slightly different for different versions of Windows, but not much. It “writes” in English why it is needed and how to make exceptions, giving one example. All lines starting with a # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:

#

#

#space.
#

#
# For example:
#

127.0.0.1 localhost

Contents of the original hosts file for Windows Vista:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost

Contents of the original hosts file for Windows 7:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Contents of the original hosts file for Windows 8:

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

As you can see, there are no significant differences in the contents of the host file for different versions of Windows.

How to open and edit the hosts file?
The hosts file can be found in standard Windows Notepad.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and writing the site address into it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.

For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:

notepad %windir%\system32\drivers\etc\hosts

As a result, this file will open in Notepad.

In order to block access to the site(let's assume it will be test.ru), you just need to add a line with this site at the very bottom:

127.0.0.1 test.ru

As a result, the file will have the following content:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# This HOSTS file created by Dr.Web Anti-rootkit API

# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru

Each new site that you want to block must be started on a new line and entered, not forgetting the local IP address 127.0.0.1

Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The way it works is that it helps edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.

After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).

You can also change this file for good purposes, for example speed up site loading.
How it works?
When you visit a site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I won’t go into details of this process; that’s not what the article is about. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:

91.218.228.14 website

This speeds up page loading in a couple of seconds, and sometimes can give access if you cannot access the site using standard means.

Still possible redirect to another site using hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:

91.218.228.14 test.ru

And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address..

If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text from the description above (under spoilers).

Some nuances in the hosts file:

Always make sure you have a scroll bar on the side and always scroll to the bottom of the window. This is due to the fact that some viruses are registered in an area hidden outside the window.

In some cases, usually if you cannot save the file, you need to log in under the Administrator account.

Sometimes, due to viruses, this file may be hidden. Read the article.

The two methods described (redirection and acceleration) may not produce the desired result. The fact is that several sites can be located on one IP address, this is especially true for external IP addresses provided by services.

Due to the fact that viruses love this file, its attributes can be changed to Hidden And Read-only.

Check the file attributes if the hosts file cannot be saved.

Thus, you can easily and free of charge block access to sites in Windows by editing the hosts file.

The hosts file is designed to match domain names (sites), which are written using symbols, and the corresponding IP addresses (for example, 145.45.32.65), which are written as four numerical values. You can open any website in your browser not only after entering its name, but also after entering the IP address of this site.

On Windows, a request to the hosts file takes precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.

Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?

They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown an advertisement, and at worst, a fake page of a popular resource will be opened (social network, email service window, online banking service, etc.), asking him to enter data from his account.

Thus, due to the user's carelessness, an attacker can gain access to the user's data and cause damage to him.

Where is the hosts file located?

The hosts file is located in the folder with the Windows operating system, usually the “C” drive on the user’s computer.

The path to the hosts file will be like this:

C:\Windows\System32\drivers\etc\hosts

You can manually go through this path, or immediately open the folder with the host file using a special command.

To quickly access a file, press the “Windows” + “R” key combination on your keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above) or one of these commands:

%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc

This file has no extension, but can be opened and edited in any text editor.

Standard contents of the hosts file

In the Windows operating system, the "hosts" file has the following standard contents:

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost

This file is similar in content to the operating systems Windows 7, Windows 8, Windows 10.

All entries that begin with the hash character # and continue to the end of the line are largely irrelevant to Windows because they are comments. These comments explain what the file is for.

It says here that the hosts file is designed to map IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Next, after the hash (#), you can write a comment to the entry inserted into the file.

These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.

You can download the standard hosts file from here to install on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.

What to pay attention to

If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malicious programs.

Pay special attention to the contents of the file, which are located after these lines:

# 127.0.0.1 localhost # ::1 localhost

Additional entries can be inserted into the host file, which are added here by some programs.

For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries were inserted to perform certain actions. This was done so that during the installation of programs on my computer, this utility would cut off unwanted software.

There may be additional lines of this type: first, “a set of numbers”, and then after a space, “site name”, added in order, for example, to disable advertising in Skype, or block access to a site.

If you yourself have not added anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the hosts file.

Why do they change the hosts file?

The hosts file is modified in order to block access to a certain resource on the Internet, or in order to redirect the user to another site.

Typically, malicious code is initially executed after running a program downloaded from the Internet. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.

To block a site (for example, the VKontakte site), lines of this type are entered:

127.0.0.1 vk.com

For some sites, two versions of the site name may be entered with “www” or without this abbreviation.

You yourself can block unwanted sites on your computer by adding a similar entry to the host file:

127.0.0.1 site_name

In this entry, the IP address (127.0.0.1) is the network address of your computer. Next comes the name of the site that you need to block (for example, pikabu.ru).

As a result, after entering the site name, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.

When using redirection, after entering the name of the desired site, a completely different site will be opened in the user’s browser, usually this is a web page with advertising, or a fake page of a popular resource.

To redirect to another site, entries of the following type are added to the host file:

157.15.215.69 site_name

First there is a set of numbers - the IP address (I wrote random numbers here as an example), and then, after a space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.

The way this method works is something like this: bad people deliberately create a fake (fake) website with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user’s computer, and after launching it, changes are made to the hosts file.

As a result, when a user types the name of a popular site in the address bar of the browser, instead of the desired site, he is redirected to a completely different site. This could be a fake social network page that is designed to steal user personal data, or a site with intrusive advertising. Very often, from such a fake site, there are redirects (redirections) to many other specially created pages with advertising.

How to edit the hosts file

You can change the contents of the host file yourself by editing it using a text editor. One of the easiest ways to be able to change a file is to open the hosts file in Notepad, opening the program as administrator.

To do this, create a shortcut for the Notepad utility on the Desktop, or launch the application in standard programs that are located in the Start menu. To run, first click on the program shortcut with the right mouse button, and then select “Run as administrator” from the context menu. After this, the Notepad text editor window will open.

C:\Windows\System32\drivers\etc

After opening the "etc" folder, you will not see the "hosts" file, since Explorer will be selected to display text files. Select the All Files setting. After this, the hosts file will be displayed in this folder. You can now open the hosts file in Notepad to edit it.

After editing is complete, changes to the hosts file. Please note that the file type when saving should be “All files”.

Conclusions of the article

If the malicious program has changed the entries in the hosts file, you can replace the modified file with a standard one, or edit the contents of this file, removing unnecessary entries from there.

How to change the hosts file (video)

The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after your computer is infected with viruses.

The purpose of this file is to store a list of domains and their corresponding IP addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need into the address bar of your browser, a request is made to convert the domain to an IP address. Currently, this translation is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific IP address.

Even now, this file has a direct impact on the transformation of symbolic names. If you add an entry to the hosts file that will associate the IP address with the domain, then such an entry will work perfectly. This is exactly what developers of viruses, Trojans and other malicious programs use.

As for the file structure, the hosts file is a regular text file with an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the regular text editor Notepad.

The standard hosts file consists of several lines that begin with the “#” character. Such lines are not taken into account by the operating system and are simply comments.

Also in the standard hosts file there is an entry “127.0.0.1 localhost”. This entry means that when you access the localhost symbolic name, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of antivirus programs.

For example, having infected a computer, the virus adds in the hosts file the following entry: “127.0.0.1 kaspersky.com”. When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is an incorrect IP address. This leads toAccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or antivirus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, having infected a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru.” Where “90.80.70.60” is the IP address of the attacker’s server. As a result, when trying to access a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else’s server. As a result of such actions, fraudsters can obtain logins, passwords and other personal information of the user.

So, in case of any suspicion of virus infection or site substitution, the first thing you need to do is check the HOSTS file.

Where is the hosts file located?

Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the WINDOWS\system32\drivers\etc\ folder.

In the Windows NT and Windows 2000 operating systems, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many users who have been hacked are interested in where they can download the hosts file. However, there is no need to search for and download the original hosts file. You can fix it yourself; to do this, you need to open it with a text editor and delete everything except the line except “127.0.0.1 localhost”. This will allow you to unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

Open the folder in which this file is located. In order not to wander through directories for a long time in search of the desired folder, you can use a little trick. Press the Windows key combination + R to open the Run menu" In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
After the folder in which the hosts file is located opens in front of you, make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it to hosts.old. If the hosts file is not in this folder at all, then you can skip this item.
Create a new empty hosts file. To do this, right-click in the etc folder and select "Create a text document".
When the file is created, it must be renamed to hosts. When renaming, a window will appear with a warning that the file will be saved without an extension. Close the warning window by clicking OK.
Once the new hosts file has been created, it can be edited. To do this, open the file using Notepad.
Depending on the version of the operating system, the contents of the standard hosts file may differ.
For Windows XP and Windows Server 2003 you need to add "127.0.0.1 localhost".
Windows Vista, Windows Server 2008, Windows 7 and Windows 8 you need to add two lines: "127.0.0.1 localhost" and "::1 localhost".