home  /  Blogging  /  Hosts windows 7 what should be there. What does the hosts file do and how can I find it? Original Hosts in Windows XP

Hosts windows 7 what should be there. What does the hosts file do and how can I find it? Original Hosts in Windows XP

Blogging
27.05.2022

Altered Windows hosts files may prevent game client installation, or cause issues with patching. The hosts file is a Windows system file that can override DNS and redirect URLs or IP addresses to different locations. A typical home internet user will not have a modified hosts file.

Checking for Modifications

  1. Press Windows Key + R.
  2. type OK.
  3. Open the hosts file with a text editor such as Notepad. Hosts will not have a file extension.
  4. Compare your hosts file with the Microsoft defaults listed below. If yours is different, it has been modified. Remove any lines that contain Blizzard URLs or addresses.
  5. Save the file.

Note: If your hosts file was modified, run a virus scan . Viruses and malware can modify the hosts file to try to redirect your computer to malicious websites.

Common Problematic Modifications

These modifications negatively affect Blizzard games. If you find them, remove them:

  • 127.0.0.1 eu.actual.battle.net
  • 127.0.0.1 us.actual.battle.net
  • 127.0.0.1 enGB.nydus.battle.net

Resetting the Hosts File to Microsoft Defaults

To reset the Hosts file back to the default, follow these steps:

  1. Press Windows Key + R.
  2. type notepad into the Run window.
  3. Click OK.
  4. Copy the following text to the Notepad window: # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # ::1 localhost
  5. On the file menu, select Save as, type "hosts" (including the quotation marks) in the file name box, and then save the file to the desktop.
  6. Press Windows Key + R again.
  7. type %WinDir%\System32\Drivers\Etc into the Run window and click OK.
  8. Rename the Hosts file to "Hosts.old".
  9. Copy or move the Hosts file that you created from your desktop to the %WinDir%\System32\Drivers\Etc folder. If you are prompted to enter an administrator password, select Continue.

The hosts file is a rather vulnerable place in the Windows operating system. This file is the number one target for almost all viruses and trojans that manage to infect a computer. In this article, we will talk about what the hosts file is, where it is located, what it is used for, and how to restore it after a computer is infected with viruses.

A task given file store a list of domains and their corresponding ip-addresses. The operating system uses this list to convert domains to IP addresses and vice versa.

Every time you enter the address of the site you need in the address bar of the browser, a request is made to convert the domain to an ip address. Now this conversion is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.

Even now, this file has a direct effect on the translation of symbolic names. If you add an entry to the hosts file that will associate the ip address with the domain, then such an entry will work fine. This is exactly what developers of viruses, trojans and other malicious programs use.

As for the file structure, the hosts file is normal text file Booze expansion. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual text editor Notepad (Notepad).

The standard hosts file consists of several lines that begin with the "#" character. Such lines are ignored by the operating system and are simply comments.

Also in the standard hosts file there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.

Fraud with the hosts file

There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of anti-virus programs.

For example, after infecting a computer, a virus adds the following entry in the hosts file: "127.0.0.1 kaspersky.com". When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is the wrong ip-address. This leads toaccess to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or anti-virus database updates.

In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the ip address of the attacker's server. As a result, when trying to access a well-known site, the user gets to a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can get logins, passwords and other personal information of the user.

So in case of any suspicion of a virus infection or site spoofing, the first thing to do is to check the HOSTS file.

Where is the hosts file

Depending on the version of the Windows operating system, the hosts file can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7, or Windows 8, the file is located in the WINDOWS\system32\drivers\etc\ folder.

In operating rooms Windows systems NT and Windows 2000, this file is located in the WINNT\system32\drivers\etc\ folder.

In very ancient versions of the operating system, for example, in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.

Restoring the hosts file

Many hacked users are interested in where they can download the hosts file. However, you do not need to search and download the original hosts file at all. You can fix it yourself, for this you need to open it with a text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update the antivirus.

Let's take a closer look at the process of restoring the hosts file:

  1. Open the folder where this file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press combination Windows keys+R to open the "Run" menu". In the window that opens, enter the command "%systemroot%\system32\drivers\etc" and click OK.
  2. After the folder in which the hosts file is located opens in front of you, do backup current file. In case something goes wrong. If the hosts file exists, just rename it to hosts.old. If the hosts file is not in this folder at all, then this item can be skipped.
  3. Create a new empty hosts file. To do this, right-click in the etc folder and select "Create a text document".
  4. When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without an extension. Close the warning window by clicking the OK button.
  5. After the new hosts file has been created, it can be edited. To do this, open the file with Notepad.
  6. Depending on the version of the operating system, the contents of the standard hosts file may differ.
  7. For Windows XP and Windows Server 2003, "127.0.0.1 localhost" must be added.
  8. Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and "::1 localhost".

The hosts file is designed to match domain names (websites), which are written using characters, and corresponding IP addresses (for example, 145.45.32.65), which are written as four numbers. You can open any site in the browser not only after entering its name, but also after entering the IP address of this site.

On Windows, requests to the hosts file take precedence over requests to DNS servers. At the same time, the contents of this file are controlled by the computer administrator himself.

Therefore, quite often malware tries to change the contents of the hosts file. Why are they doing this?

They do this to block access to popular sites, or to redirect the user to other sites. There, at best, he will be shown an advertisement, and at worst, a fake page of a popular resource (social network, email service window, online banking service, etc.) will be opened, asking him to enter data from his account.

Thus, due to the carelessness of the user, an attacker can access the user's data and cause damage to him.

Where is the hosts file located?

The hosts file is located in the folder with the Windows operating system, usually it is the "C" drive on the user's computer.

The path to the hosts file will be:

C:\Windows\System32\drivers\etc\hosts

You can manually follow this path, or directly open the folder with the host file, using a special command.

For quick access to the file, press the key combination "Windows" + "R" on the keyboard. This will open the Run window. In the "Open" field, enter either the path to the file (see above), or one of these commands:

%systemroot%\system32\drivers\etc %WinDir%\System32\Drivers\Etc

This file does not have an extension, but it can be opened and edited with any text editor.

Default contents of the hosts file

On the Windows operating system, the "hosts" file has the following standard content:

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost

This file is similar in content to Windows 7, Windows 8, Windows 10 operating systems.

All entries that start with the pound sign # and continue to the end of the line are largely irrelevant to Windows, as they are comments. These comments explain what this file is for.

It says here that the hosts file is for mapping IP addresses to site names. Entries in the hosts file will need to be made according to certain rules: each entry must begin on a new line, the IP address is written first, and then the site name after at least one space. Further after the pound sign (#), it will be possible to write a comment to the entry inserted into the file.

These comments do not affect the operation of the computer in any way, you can even delete all these entries, leaving only an empty file.

You can download the standard hosts file from here to install it on your computer. It can be used to replace the modified file if you don't want to edit the hosts file on your computer yourself.

What to pay attention to

If this file on your computer is no different from this standard file, then this means that there are no problems on your computer that could arise due to modification of this file by malware.

Pay special attention to the contents of the file after these lines:

# 127.0.0.1 localhost # ::1 localhost

Additional entries can be inserted into the host file, which are added here by some programs.

For example, in this image, you can see that the program has added some entries to the standard contents of the hosts file. Between the commented lines, additional entries have been inserted to perform certain actions. This was done so that during the process of installing programs on my computer, this utility would cut off unwanted software.

There may be additional lines, of this type: first a “set of numbers”, and then after a space, “site name”, added in order, for example, to disable ads in the Skype program, or block access to some site.

If you yourself did not add anything to the hosts file, and do not use the program mentioned in this article (Unchecky), then you can safely remove incomprehensible entries from the host file.

Why change the hosts file?

The hosts file is modified in order to block access to a specific resource on the Internet, or in order to redirect the user to another site.

Typically, malicious code is initially executed after a program downloaded from the Internet is launched. At this point, changes are automatically made to the properties of the browser shortcut, and quite often additional lines are added to the hosts file.

To block a site (for example, the VKontakte site), lines of the following type are entered:

127.0.0.1 vk.com

For some sites, two variants of the site name can be entered with or without "www", or without this abbreviation.

You yourself can block unwanted sites on your computer by adding an entry like this to the host file:

127.0.0.1 site_name

In this entry, the IP address (127.0.0.1) is the address on your computer's network. Next comes the name of the site that you need to block (for example, pikabu.ru).

As a result, after entering the name of the site, you will see a blank page from your computer, although the name of this web page will be written in the address bar of the browser. This site will be blocked on your computer.

When using a redirect, after entering the name of the desired site, a completely different site will be opened in the user's browser, usually a web page with advertising, or a fake page of a popular resource.

To redirect to another site, entries like this are added to the host file:

157.15.215.69 site_name

First comes a set of numbers - the IP address (I wrote random numbers here for an example), and then, after a space, the name of the site will be written in Latin letters, for example, vk.com or ok.ru.

The scheme of this method is something like this: bad people deliberately create a fake (fake) site, with a dedicated IP address (otherwise this method will not work). Next, an infected application gets onto the user's computer, after launching which changes are made in the hosts file.

The Windows operating system (OS) (like other operating systems) has the ability to accelerate the transition to the IP address you typed on the site without contacting the DNS domain name system - DomainNameSystem. For this, a special operating system file called hosts is used (used without any extension). The question arises: "The hosts file - what should be there?"

What is it for and what does the hosts file contain

If this file matches the site name with its actual IP address, then redirection occurs without contacting the DNS service of your provider. The hosts file is a plain text file that can be opened by anyone like Notepad (but requires administrator rights). By default, the file contains several lines of explanations (comments) in English or Russian and a single executable line that redirects calls to the localhost name to the IP address of the computer itself.

Where is the hosts file

You can usually find the hosts file:

  • in Windows versions 95/98/ME - in the WINDOWS directory;
  • in Windows versions NT/2000 - at WINNT\system32\drivers\etc;
  • Windows 7 hosts file (and Windows XP/2003/Vista/8 versions) - in the WINDOWS\system32\drivers\etc directory.

Other Operating Systems also have a hosts file with similar functions. Where the hosts file is located in these OSes must be considered separately.

Why file is important for virus protection

The importance of addressing the issue of hosts, what should be there, is that the special properties of this file are used by some to protect against anti-virus programs and to block certain files from being called. After all, if you write redirection of anti-virus programs to a false IP address in the hosts file, then the computer will not be able to carry out the work of these programs, and, for example, anti-virus databases simply will not be updated.

Therefore, if your computer has problems with the operation of antivirus programs, one of the reasons may be an unauthorized change to the hosts file of your computer.

What can the hosts file be used for

Some users use it to prevent the use of certain sites, such as pornographic or annoying social networking sites. To implement such a task, you can simply enter at the end of the file for each site one line like: 127.0.0.1 "site name". At the same time, the sites by the name of which users are trying to go to this computer, just won't be called.
You can also do this trick: redirect those trying to call an unwanted site to a site, for example, the Mashkov library, by entering the string: 81.176.66.163 "site name".

Ad exclusion

Also, the question of hosts, what should be there, is important because by making some additions to it, you can avoid showing annoying contextual and / or banner advertising, which in some sites is added not only along the perimeter of the information content of the pages, but also interspersed in the middle of the texts articles. To do this, you need to redirect sites that host these types of ads to the address 127.0.0.1, as indicated above. And these are sites such as, for example, "Google" contextual advertising AdSense. To exclude its display, enter the following lines in the hosts file:

  • 127.0.0.1pagead.googlesyndication.com;
  • 127.0.0.1pagead2.googlesyndication.com.

On the Internet, you can find ready-made texts for inserting into the hosts file, containing many such lines that exclude unnecessary display. In addition, there are ready-made texts for setting up faster work with some search engines, for example, hosts google. However, such materials must be used with caution. It is undesirable that the size of the hosts file exceeds 10 KB. Otherwise, he himself will slow down the system. Although these 10 KB can accommodate many such redirect strings.

Possible difficulties

First you need to make sure that the file you want to edit. The fact is that some cunning creators of virus programs mask the hosts file used by the system by placing it in a different place where it is registered by default. The system accesses the Windows 7 hosts file, the path of which is specified in the registry in the DataBasePath parameter located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\.

The correct path value looks like: %SystemRoot%\system32\drivers\etc\hosts. You can check this by calling the registry editor regedit.exe from the Start menu - Run.

If the specified variable contains a different value, you must restore the value that should be.

Another trick of malware is to place another file with a similar name, such as host, in the etc directory along with the hosts file. Be careful, make sure that you check and edit the exact file that is used by the system.

The third trick is to hide the file from view. They just state that it is hidden. In this case, it is simply not visible in the directory, although it is present there. To be able to view it, you must first set the item "Show hidden files". In Windows XP, this option is set in the "View" tab of the "Properties" panel of the "Control Panel" menu folder. After that, viewing hidden files will be possible, and it will be possible to reset the "hidden" attribute in the properties of this file. At the same time, check if the "Read Only" flag is set for this file. If set, you will not be able to edit it. It is necessary to uncheck the corresponding field of the file properties panel.

The next trick might be to use a proxy. If the manual proxy setting is set, then the hosts files do not work. To fix this shortcoming, check your browser settings. For example, for Firefox, you need to open "Settings", then "Advanced", then in the "Network" tab, select "Configure". In the menu that appears, if the item “Use system proxy settings” was selected, select the item “No proxy” and save the settings. But if the item “Manually configure the proxy service” was selected, and you did not set it, then you need to do more work. First you need to remember the set proxy server address, set the “No proxy” item, save the settings. Then you need to open the registry editor, call the search, insert the remembered address and search, deleting the value of your address assigned to them in the found keys.

Simple Defense

By the way, in order to prevent malicious programs from changing the settings of your computer's hosts file, it is useful to set the "Read only" attribute in its properties (after all your changes in it).

Thus, in this article, we dealt with the question of Hosts, what should be there, and found out what kind of file it is, where it is located, what functions it performs, how it can harm a computer under the influence of malware, and how to use it in your purposes.

Few users who work with the "seven" and surf the Internet are aware of the true meaning of the HOSTS file (Windows 7). Its content will be shown a little later, but for now let's dwell on the theory.

why is it needed?

In general, if anyone paid attention, the file itself is located in the etc directory, if you sequentially go through the tree from Windows folders, via System32 to the drivers directory on the system drive. Not everyone, however, goes into such a jungle of the system, by and large, this is not necessary. On the other hand, if you pay attention, the extension object itself does not have, although, in fact, it is a regular text document.

But let's take a closer look at Windows 7. Its content is such that it is this object that is responsible in the system for the relationship between host names (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to prescribe combinations consisting of numbers in the browser, but we can only indicate the names of resources.

And one more small clarification about the HOSTS file (Windows 7). Its content may change. Depending on what changes were made, this can help block certain sites, speed up access to some resources, or, on the contrary, play a cruel joke by redirecting the user to dubious sites. However, first let's look at the original file.

(Windows 7): contents

So, for starters, let's try to open. I must say that if you use the standard double-click method, nothing will work, because, as mentioned above, this object does not have an extension. In addition, the file may be hidden, so you must first select the display of hidden objects from the view menu. But the system will offer several applications to open. We choose the simplest - the standard "Notepad" and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). That's the way it should be.

Attention! There should be nothing at all below the line indicating the reserved local address, unless, of course, the user wants some resource to be blocked!

In general, everything above localhost refers to allowed resources. Anything below is blockable. It is not difficult to guess that many viruses, in particular programs that distribute spam or advertising (Malware, Adware, etc.), edit the contents of this file on their own. So it turns out that when requesting one resource, the user receives a redirect (redirect) to a completely different one.

HOSTS by default in Windows 7

We have reviewed the original file. Now let's take a look at the modified content. To fix it, you can take the contents of a “clean” file for the “seven” from another computer or from the Internet, copy it, then paste it into the original and save.

But there is one problem here. The fact is that sometimes after deleting everything unnecessary, it is not possible to save the file as the original (the system simply does not allow this to be done).

How to proceed in this case? First, delete the original completely (Shift + Del), bypassing the "Recycle Bin". Then we use the right click on an empty space inside the etc directory and create a new file with the same name, but do not specify the extension. Now we insert the necessary content into it and save the object. After that, you need to find the lmhosts.sam file in the same place and delete it, as mentioned earlier.

Everything, it's done. What is in the first, what in the second case, a system reboot is required. Only then everything will work as expected. And, of course, editing should be done exclusively with admin rights.

Outcome

In general, very brief information about the HOST file has been given here. If you look at the issues of blocking some unwanted resources or, on the contrary, permissions to visit them with faster access, editing should be done exclusively manually and according to certain rules. Here you need to remember that the line indicating the reserved local IP plays the key role of the separator. Well, then, as they say, it's a matter of technology. By the way, the method described above will also help if the contents of the object have been changed due to the impact of virus programs.