Download the original hosts file for windows 7. HOSTS file
The hosts file is responsible for establishing a correspondence between the domain and the site's IP address. Contacting the host has priority over sending a request to the DNS server, and the file is stored on the computer and controlled by the administrator, which makes it an important element of security Windows operation. In some cases, users are faced with the need to restore host file s to the initial state. Delete extra entries from it you can do it in two ways: manually and automatically, using special software.
Manual recovery
Typically, restoration of the hosts file is required after malicious applications add new entries to it. A typical attack looks like this: you open Odnoklassniki or VKontakte, and the site reports that your account is blocked and asks you to send an SMS to confirm your login. As a result, money is withdrawn from the phone, and you later find out that instead of VKontakte, the hosts file redirected you to a fake page.
But the host has nothing to do with it: it only turned out to be a tool in the hands of a malicious software. Therefore after Windows cleaning You need to use your antivirus to start restoring the hosts.
Another option is to go to C:\Windows\System32\drivers\et and simply open hosts via Notepad. Inside you will see a lot of text on English language. You need to make sure there are no extra entries in the host. By default, the text should end with the line "# ::1 localhost". Everything after it should be deleted, especially if you yourself did not enter anything into the file.
However, this cleaning may not be complete, so we strongly recommend that you match the contents of your host with the information provided on the support page at https://support.microsoft.com/ru-ru/kb/972034. On Windows 7, the contents of hosts should look like this:
To make sure there are no extra entries, delete the old host and create new file:
Now the old host will not function, and there will definitely be nothing unnecessary inside the new one, so you don’t have to worry about the safety of your money and personal data.
Automatic recovery
If manual recovery seems difficult, you can fix the host using special utilities. For example, technical support Microsoft, in an article about fixing the hosts file on different versions of Windows, suggests downloading Fix utility It, after launching which unnecessary entries will be deleted without user intervention. 
Another way is to use an antivirus AVZ program. This powerful tool research and Windows recovery, but we will consider only one of its functions - clearing the hosts file.
Hello, dear readers of the blog site. Today I want to talk about something quite simple in its design, like Hosts file.
What’s remarkable is that he lives on almost everyone operating systems(and therefore all computers of Internet users), starting from Linux and ending with Windows 7. Another distinctive property of it is that it does not have an extension, but this is due precisely to the fact that it must work in any OS, and therefore must be universal.
But this is not the main thing. Although he is a relic of the past, there are still a lot of ways to use Hosts both for good purposes and not so good. For example, viruses and virus writers love it very much and often use it either to replace official sites with their phishing duplicates, or to block the ability to update your antivirus program.
However network equipment IP specialists are needed and nothing else. Therefore, a list of correspondence between the host name and its IP address () was manually generated. Such a list was called Hosts and was sent to all nodes local network. Everything was great until the moment when it was no longer possible to use this method due to the huge number of records contained in this file. Sending it out has become problematic.
In this regard, we decided to approach this issue differently, namely, to place on the Internet an entire (domain name system) that would store all these correspondence tables and user computers would contact the nearest one with the question of what kind of IP-ish corresponds to the Vasya.ru domain.
At the same time, everyone happily forgot about the Hosts file, but it still existed in all operating systems, except that its content was extremely meager. Usually there was and is still present only one entry:
127.0.0.1 localhost
For some reason, this IP address (more precisely, the range 127.0.0.1 - 127.255.255.255) was chosen to designate the local host (private IP), i.e. the very computer you are sitting at (literally localhost - “this computer”). But, really, this is all for the old IPv4 (fourth version).
And in IPv6, which is now coming into use (due to the fact that it is embedded in previous version the number of addresses is no longer enough for everyone) such an entry will look a little different:
::1 localhost
But the essence is the same. Because Now both standards for specifying an IP address are still used or can be used, then in the Hosts file Usually both of these lines are present. True, there can be any kind of billboard written above them (depending on the OS used), but all those lines contain at the beginning the hash symbol # (hash), which means that these lines are comments and should not be taken into account.
On my old lady Windows Vista The Hosts file now looks like this:
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # This HOSTS file created by Dr.Web Anti-rootkit API 127.0.0.1 localhost:: 1 localhost
Recording syntax very simple - first indicate the IP address, and then, through any number of spaces (tab characters), enter the name of the host (computer, node or domain). A separate line is used for each entry of this kind.
It gets up here main question, and what place does Hosts currently occupy in the process of establishing a correspondence between domain names entered in the browser and those IP addresses that are hidden behind these domains? Well, as it turned out, very much so important place occupies, namely the first. But first things first.
So you enter in address bar browser URL address () or follow a link from your browser bookmarks, or from any web page open in it. In any case, the browser receives from you the path to the document you want to see.
In any case, there will be a presence in Urla Domain name the site on which the document you are interested in is located (the site in our example). However, this domain corresponds to a very specific server (maybe virtual) where this very site is hosted. And this server must have must be an IP address, so that it is visible on the network and can be accessed.
Your browser cannot know which IP corresponds to the domain name contained in the URL (well, unless you have enabled caching in this very browser DNS records and this node has been previously visited by you). Therefore he addresses first For clarification, refer specifically to the Hosts file on your computer.
If this domain is not found there (and the corresponding IP), then the browser will begin to torture DNS record caching service from Windows composition. If you previously accessed this domain and not much time has passed since then, then the DNS cache will give the browser this same IP address. The browser will receive it and open the document you requested.
If there are no records for this domain in the cache, then the browser will send a request to the nearest DNS server (most likely, it will be the server of your Internet provider) and receive the required information from it. True, in this case there may be a slight delay in opening the web page you requested, but with modern Internet speeds this will be practically unnoticeable.
And this happens with absolutely any request to open a document from the Internet from your computer. Do you get it? Empty Hosts does not create any problems, but if you fill it out, and even with malicious intent, it may turn out that you enter the password for your Yandex wallet not on the official website of this payment system, and on a phishing resource with a similar design (see).
How can this be? Well, no one is safe from virus infection (), and a virus can easily add the IP address of a phishing resource to Hosts and assign it the domain name money.yandex.ru, for example. This is where the danger lies.
On a fake site social network they may intercept the passwords you enter, they may demand an entrance fee, or something else more creative. The saddest thing is that it is impossible to notice the substitution, because the correct domain name will appear in the address bar of the browser.
Where is the Hosts file located and how can I remove virus entries from it?
On the other side remove changes made by the virus even an absolute noob in computers can use the Host file. Usually the problem is to find where this file is located.
In older versions of Windows, such as XP or 2000, it was open to everyone and lived in the system folders at the following address:
Windows\System32\drivers\etc\
You won’t believe it, but he lives at the same address in both Windows 7 and Vista, but everything is somewhat more complicated there, because following the path:
C:\Windows\System32\drivers\
You won't find any etc folders there. The developers decided that ordinary mortals should not touch this file to avoid problems.
However, the hosts file in windows 7 and vista still exists, you just need to look for it, having received Administrator rights. Personally, I never even tried to figure out all this nonsense with rights, but I found a very simple way for myself to get around this limitation.
So, go to the “Start” button menu - “All Programs” and find the “Accessories” folder there. There are shortcuts inside it, among which it’s easy to see “Notepad”. Click on it right click mouse and from the appeared context menu choose "Run as Administrator":
Well, actually, half the battle is done. Now in the notepad you select from top menu items “File” - “Open”. In a standard window Windows Explorer find the desired folder etc (inside the Windows\System32\drivers\ directory), select “All files” from the drop-down list in the lower right corner and watch with happy eyes the appearance of this top-secret file:
It will be exactly without expansion, and the rest will be rubbish, it seems hosts.txt, viruses are very often created to distract your attention and ultimately confuse you. For a real file, they set the “Hidden” attribute, which can be checked or unchecked by simply right-clicking on the file and selecting the bottom “Properties” item:
And because in Windows, by default, extensions are not displayed for registered file types (that’s why they did this - I don’t understand), then the user finds hosts.txt without seeing either its extension, or the fact that there is another hosts in the same folder, but it is hidden from his eyes.
Making changes to the fake, he still achieves nothing, begins to tear out his hair, wring his hands and goes to the store to buy a new laptop in order to finally get into his favorite Contact, which the virus blocked on the old computer. Ahhh, horror.
Although, of course, the user may be advanced and enable the display of hidden and system files in the settings. In Windows Vista, to do this, go to “Control Panel” - “Folder Options” - “View” tab and move the checkbox to the “Show” hidden folders and files." By the way, it would be better to uncheck the “Hide extensions...” line above:
Eat a very simple way to open this file. It will be enough to press the Win+R key combination on your keyboard (or select “Run” from the “Start” button menu), and then enter in the window that opens next line and press Enter:
Notepad %windir%\system32\drivers\etc\hosts
But that's not the point. We still found where this secret (for Windows 7 and vista) file is located, and we must carefully examine it for possible abuse. If the initial examination of the patient does not reveal any pathologies, then look to the page scroll area in Notepad.
Sometimes the virus makes its entries after several hundred empty lines, thereby reducing the risk of your detection. If there is no scroll bar, then everything is great, but if there is, then use it and bring your Hosts to the form it should have from birth, i.e. It will be enough to have just two lines in it (no one needs comments):
127.0.0.1 localhost::1 localhost
Well if spoofing addresses in this file it is quite simple to represent, for example it might look like this:
127.0.0.1 localhost::1 localhost 77.88.21.3 site
How, in this case, is it carried out? blocking certain sites through Hosts? Well, just assign the private IP address 127.0.0.1 to the domain that needs to be blocked, for example, like this:
127.0.0.1 localhost::1 localhost 127.0.0.1 vk.com 127.0.0.1 odnoklassniki.ru
The smart browser finds this match and tries to get required document(web page) from your own computer, which, of course, he cannot do and about which he will immediately inform you. By the way, this good way block your children’s access to sites that you think they should not visit. Of course, you will still need to create a list of such sites or get them somewhere, but if you wish, you can try.
As I already mentioned, in ancient times, when the Internet for most users was still slow, to speed up the opening of sites, they registered their IP names in Hosts. Another thing is that these same resources periodically changed their hosting and, along with it, their IP addresses. And the user, having forgotten about what he did six months ago to speed up the Internet, tries in vain to understand why his favorite resources are not available to him.
How to use Hosts when moving a website to a new hosting?
Well, and finally, I would like to talk about how, by making changes to the Hosts file, you can work with a site that has moved to a new hosting even before everyone DNS servers a new entry will be registered (assigning a new IP address to your domain). The method is very simple but effective.
So, you change hoster. Naturally, the IP address of your site also changes. How will people find out about this on the Internet? Everything is correct, using a network of DNS servers. By the way, the first and most important step You can do it yourself by going to the control panel of your registrar and registering there the addresses of the NS servers of your new hoster.
It is from them that the new DNS will spread throughout the Internet. But this process is lengthy and in the worst case scenario it can take a couple of days. During this time, the site should be available on both the new and old hosting, so that users from all over the world would not be deprived of the opportunity to view it.
However, you yourself will be interested to know how your resource actually feels with the new hoster? Check the operation of all plugins and other things. Do you really have to wait from several hours to two days? After all, this is unbearable.
Firstly, you can try resetting the DNS cache on your own computer, because it may prevent you from seeing your resource on the new hosting if external DNS servers have already received new entry. How to do it? Again, everything is very simple. Press the Win+R key combination on your keyboard (or select “Run” from the Start button menu), then enter in the window that opens:
A very scary window called Command Prompt will open, where you will need to paste this command:
Ipconfig /flushdns
The regular paste buttons in the Command Prompt window don't work, so just right-click in the Command Prompt window and select Paste.
After that, click on “Enter”, the DNS cache will be cleared on your computer and you can try to open your site again. By the way, there may be a DNS cache in the browser itself, so clear it, or refresh the window while holding down the Shift button on the keyboard.
By the way, if you are interested, you can view the contents of the DNS cache by entering command line the following command:
Ipconfig /displaydns
Does the site still open on the old hosting? No problem. We find the Hosts file using the method described just above and add just one line to it:
109.120.169.66 website
Where 109.120.169.66 - it will be IP address of your new hosting, and then the domain name of your site will follow. All. While the rest of the world is admiring your resource on the old hosting, you have the opportunity to correct possible problems on the engine that has already been transferred to the new hosting. The thing is wonderful and I always use it.
Good luck to you! See you soon on the pages of the blog site
You can watch more videos by going to");">
You might be interested
What is DNS and how DNS servers ensure the Internet works VPS from NeoServer - become the owner of your own virtual universe
How to make a backup and restore from backup copy, as well as the nuances of transferring a site (Joomla, WordPress) to a new hosting 
Buying a domain (domain name) using the example of the Reghouse registrar 
Local server Denwer - how to create a website on a computer - installation, configuration and removal of Denver
Few users who work with the "seven" and surf the Internet realize the true meaning of the HOSTS file (Windows 7). Its content will be shown a little later, but for now let’s dwell a little on the theory.
why is it needed?
In general, if anyone paid attention, the file itself is located in the etc directory, if you sequentially move along the tree from the Windows folder, through System32 to the drivers directory on system disk. Not everyone, however, goes into such a thicket of the system; by and large, this is not necessary. On the other hand, if you pay attention, the object itself does not have an extension, although, in fact, it is an ordinary text document.
But let's take a closer look at Windows 7. Its content is that it is this object that is responsible in the system for the relationship between host names (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to enter combinations consisting of numbers in the browser, but we can only specify the names of resources.
And one more small clarification about the HOSTS file (Windows 7). Its content may change. Depending on what changes have been made, this can help block certain sites, speed up access to certain resources, or, on the contrary, can play a cruel joke by redirecting the user to dubious sites. However, first let's look at original file.
(Windows 7): Contents
So, first, let's try to open. I must say that if you use standard method double click, nothing will work, because, as mentioned above, this object does not have an extension. In addition, the file may be hidden, so you should first select show hidden objects in the view menu. But the system will offer several applications to open. We choose the simplest thing - standard Notepad and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). That's how it should be.
Attention! Below is a line indicating reserved local address there should be nothing at all, unless, of course, the user wants some resource to be blocked!
In general, everything above localhost is allowed resources. Everything below is blocked. It is not difficult to guess that many viruses, in particular programs that distribute spam or advertising (Malware, Adware, etc.) independently edit the contents of this file. So it turns out that when requesting one resource, the user receives a redirect (redirection) to a completely different one.
Default HOSTS in Windows 7
We reviewed the original file. Now let's look at the changed content. To correct it, you can take the contents of a “clean” file for the “seven” from another computer or from the Internet, copy it, then paste it into the original and save it.
But there is one problem. The fact is that sometimes, after removing everything unnecessary, it is not possible to save the file as the original (the system simply does not allow this to be done).
How to enter in this case? First, delete the original completely (Shift + Del), bypassing the Trash. Then use the right click on empty space inside the etc directory and create a new file with the same name, but do not specify the extension. Now we insert the necessary content into it and save the object. After this, you need to find the lmhosts.sam file there and delete it, as indicated earlier.
That's it, it's done. In both the first and second cases, a system reboot is required. Only then will everything work as expected. And, of course, editing should be done exclusively with administrator rights.
Bottom line
Overall, a very brief summary of the HOST file has been provided here. If you look at the issues of blocking some unwanted resources or, on the contrary, allowing access to them with faster access, editing must be done exclusively manually and according to certain rules. Here you need to remember that the key role of the separator is played by the line indicating the reserved local IP. Well, then, as they say, it’s a matter of technique. By the way, the above technique will also help if the contents of the object have been changed due to the influence of virus programs.
For everyone who has problems with this file!!! The file was checked by Kaspersky, Nod 32, Doctor Web antiviruses - everything is clean! Download the file, unzip it, copy it to the Windows/system32/drivers/etc directory (if Windows asks for permission to replace files, we agree; if it writes an error that you are not an Administrator, try replacing the file using the Total Commander program) and enjoy life. The file is suitable for all latest operating systems:- Windows XP
- Windows Vista
- Windows 7
- Windows 8 and 8.1
Also, one of the users provided us with his host file so that you can use it.It blocks all malicious and advertising sites that can harm your computer. We express our gratitude to the user Diman8369 for providing such a file.
Creating and editing a host file in Windows XP
Windows 7, 8, 8.1 and 10
About 8 thousand computers per day are infected with Trojan Hosts
The Doctor Web company reported increasing cases of sites being hacked in order to download them to users’ computers malware Trojan.Hosts family. The scale of the spread of this threat at the beginning of 2013 became almost epidemic. The peak of the distribution of Trojan.Hosts occurred in January and mid-February, when about 9,500 cases of infection were recorded on user computers every day. In March, Trojan.Hosts infect about 8,000 computers per day.
To hack websites, attackers use FTP protocol, connecting to resources using previously stolen logins and passwords. Then a special command interpreter (shell) is loaded onto the hacked site, using which the .htacess file is modified, and a malicious script is placed on the site.
As a result, when visiting an infected site, the script gives the visitor a web page containing links to various malicious applications. In particular, this is how Trojans from the Trojan.Hosts family have recently begun to spread widely.
The main purpose of the Trojan.Hosts family of malware is to modify the hosts file located in the system Windows folder and responsible for broadcasting network addresses of sites. As a result of malicious actions, when trying to go to one of the popular Internet resources, the user of the infected computer is redirected to a web page belonging to the attackers.What is the Hosts file for?
The purpose of this system file- assigning certain website addresses a specific IP.
This file is very popular with all kinds of viruses and malware in order to write their data into it or simply replace it.
The result of these actions may be signs of “insertion” of a site into browsers, which will ask to send an SMS when opening the browser, or blocking of various sites, at the discretion of the creators of the virus.
Where is the hosts file in windows?
For different versions OS Windows location hosts file is slightly different:
Windows 95/98/ME: WINDOWS\hosts
Windows NT/2000: WINNT\system32\drivers\etc\hosts
Windows XP/2003/Vista/Seven(7)/8: WINDOWS\system32\drivers\etc\hosts
Moreover, the ending hosts, it already is final file, not a folder. He doesn't have it.
What it should look like correct file hosts?
The "contents" of the hosts file are also slightly different for different windows versions, but not really. It “writes” in English why it is needed and how to make exceptions, giving one example. All lines starting with a # sign mean that they are commented out and do not affect the file.
Contents of the original hosts file for Windows XP:
#
#
#space.
#
#
# For example:
#
127.0.0.1 localhost
Contents of the original hosts file for Windows Vista:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost::1 localhost
Contents of the original hosts file for Windows 7:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
Contents of the original hosts file for Windows 8:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
#127.0.0.1 localhost
# ::1 localhost
As you can see, the contents of the host file for different versions Windows, there are no special differences.
How to open and edit the hosts file?
The hosts file can be standard Notepad Windows.
This is probably the most interesting part of the article.
First of all, you need to understand why change this file at all? Yes, in order to deny access to certain sites. Thus, by changing this file and having entered the site address into it, the user will not be able to access it through any .
In order to change the hosts file, it is advisable to open it as administrator () by right-clicking on the file and selecting "Run as administrator". Or open Notepad this way and open the file in it.
For quick action, you can simply click the Start button and select Run ( win+r) () and enter in the line:
notepad %windir%\system32\drivers\etc\hosts
As a result, this file will open in Notepad.
In order to block access to the site(let's assume it will be test.ru), you just need to add a line with this site at the very bottom:
127.0.0.1 test.ru
As a result, the file will have the following content:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# This HOSTS file created by Dr.Web Anti-rootkit API
#127.0.0.1 localhost
# ::1 localhost
127.0.0.1 test.ru
Every new site you want to block must start with new line and register, not forgetting the local IP address 127.0.0.1
Also, to edit the hosts file, there is a program HOSTS EDITOR, which you can download and read the description from.
The way it works is that it helps edit the hosts file.
From the screenshot below the principle of its operation is clear; everything is done in a couple of clicks. Adding is done by clicking on +.
After editing, do not forget to click on the save button (2 button "Save changes" to the left of the "+" button).
You can also change this file for good purposes, for example speed up site loading.
How it works?
When you visit a site, you see its domain name, which has letters. But all sites on the Internet have an IP address, and names are already assigned using DNS. I won’t go into details of this process; that’s not what the article is about. But here you need to know that the hosts file has priority when accessing sites, and only after it does a request to DNS occur.
In order to speed up the loading of a site, you need to know its IP address and domain.
The IP address of a site can be found using various services, for example or.
A domain is the name of a website.
For example, let's speed up the loading of this site where you are reading an article by explicitly specifying the IP address and domain to the file.
Then the added line will be:
91.218.228.14 website
This speeds up page loading in a couple of seconds, and sometimes can give access if standard means You cannot access the site.
Still possible redirect to another site using hosts file.
To do this, you need to know the IP address of the site and its domain (as in the case described above), then the added line will be like this:
91.218.228.14 test.ru
And now, after entering test.ru into the address bar of your browser, you will be redirected to the site specified in the IP address..
If you want to clean hosts file, then you can do this by simply deleting the content and inserting the original text from the description above (under spoilers).
Some nuances in the hosts file:
This way you can easily and free of charge block access to sites in Windows by editing the hosts file.