Over the past year, questions regarding where the hosts file is located have been asked more and more often.
In fact, this file is very useful when making all sorts of settings related to Internet access.
In fact, for any problem with the Internet, the hosts file, one way or another, will be used. But we will talk about this further. The main question is where to find this most useful file.
If you simply enter the query “hosts” into the system search, then you will not be able to find the desired file - not everything is so simple. At least it rarely works, if at all.
Yes, a post was recorded on one of the domestic forums, where a person found this very file using the most common search, but the rest of the users could not find it in this way.
In any case, it would be useful to consider how to find the hosts file on a particular OS.
Location on the computer
Let's start, perhaps, with the still popular Windows 7 system. Here, to find the hosts file, you need to do the following:
- Go to "My Computer", then go to "Local Disk C". Next, go to the "Windows" folder, which is highlighted in Figure 1.
Note: If the system drive is with a different designation (not C:, although most often it is C :), then the aforementioned folder called “Windows” is located on it. In any case, you should check everywhere. There is only one such folder on the computer, so this process will certainly not take much time.
- After that, go to the "System32" folder. It will also not be difficult to find it, because there is only one such there and it is simply impossible to confuse it with anything.
No. 2. Folder "System32" in "Local drive C"
- After going to the "System32" folder, you need to find the "drivers" folder and go to it. It will also be very easy to complete this step.
No. 3. Folder "drivers" in "Local drive C"
- Next, you should find another folder - called "etc". It is highlighted in the figure below.
No. 4. Folder "etc" in "Local drive C"
- Actually, in the folder called "etc" there will be the hosts file we are looking for. Perhaps it will be there only one, or other files will be located with it, which are also responsible for connecting to the Internet. Specifically, these are "networks", "services" and "protocol".
Often they become the cause of disturbances in the network operation of the operating system, and they have to be completely removed. Therefore, you can remember the location of all these files - this will definitely be needed in future work.
In any case, the name "hosts" of the two files will definitely not be.
Thus, you can find the hosts file in Windows 7 if you go along the path C:\Windows\System32\drivers\etc. By the way, you can open this file very simply, even if you do not follow the path indicated above.
To do this, you need a command prompt, run as administrator. It opens very easily.
You just need to open the "Start" menu, then open "All Programs", select the "Standard" folder (underlined with a red line in Figure No. 5), right-click on the "Command Prompt" item.
In the drop-down menu, you need to select the item "Run as administrator" (highlighted with a green frame in the same figure).
After that, on the command line, it remains just to write the command "notepad [path of the hosts file, that is, C:\Windows\System32\drivers\etc\hosts]" and press the Enter button on the keyboard.
It all looks as shown in Figure 6.
Accordingly, with this approach, you do not need to find anything. The system will open everything automatically. But we'll talk about opening the file in question.
As for opening hosts in other systems, such as Windows 8 and Windows 10, everything is also quite simple there. As for the eighth version of the above OS, the path is no different there.
This means that to find the desired file, you just need to go to exactly the same path - C:\Windows\System32\drivers\etc.
The only difference from the above screenshots is that there will be a slightly different interface, but otherwise everything remains exactly the same.
In the end, you can not look for it at all, but open it through the command line in the way described above.
The same situation with Windows 10 - the path remains exactly the same. Again, the difference from the above photos is only in the interface.
Below you can see a screenshot of the same file in the Windows 10 system folder.
If we are not talking about Windows familiar to us, but about Ubuntu, then the file we need is also located in the folder called “etc”.
Accordingly, to open it, you should enter a simple command: sudo gedit /etc/hosts.
Output! From all of the above, one simple conclusion can be drawn - the hosts file is always located in the "etc" folder in all operating systems.
The only exceptions are the old versions of Windows - 95, 98 and ME. There it can be found right in the folder called "Windows".
So, we already know where to find this file. Now it’s worth knowing how to edit it, and why it is needed at all.
Purpose of the hosts file
To put it simply, it is needed to maintain a database of domain names.
If more complicated, then this file is needed to convert symbolic domain names (example: yandex.ru) into IP addresses that correspond to them.
The fact is that before each transition to a specific site, the computer needs to convert the symbolic name of the site into its digital designation.
And here hosts comes to the rescue. In TCP / IP networks, the same function is assigned to DNS, that is, the domain name system.
The problem is that very often attackers and all kinds of Internet content blockers, such as Roskomnadzor, use this same file to block access to various sites.
A full-fledged software is being written that makes a change to it and thereby creates significant problems when entering the World Wide Web.
However, for the aforementioned "networks", "services" and "protocol" files, this is also true.
But they can be completely removed, but such a trick will not work with hosts. So we need to know how to edit it.
How to open hosts file
One way to do this has been described above.
It consists in opening a command prompt as an administrator and writing the command “notepad [hosts file location path, that is, C:\Windows\System32\drivers\etc\hosts]” there.
As you can see, Notepad is used to open here, that is, in fact, a text editor. It is an ordinary notepad, but with a lot more variety of functions.
The problem is that it is not installed on every modern computer.
Although installing it is very simple - for this there are hundreds of sites that post Notepad installation files on their repositories, opening the file we are considering can be many times easier.
The fact is that in this case we will not need all the functionality of Notepad and you can open hosts with the most ordinary notepad.
To do this, you need to follow these steps:
- From the very beginning, you need to right-click on the file itself and select the “Open with” item in the drop-down menu (it is highlighted with a red frame in Figure No. 8).
Note: Usually the filehostshas no extension and looks as shown in Figure 7, that is, as an icon of an empty sheet. But sometimes the system can still give it some kind of extension. This is exactly what we can see in Figure 8. Regardless of whether it has an extension or not, you should still open it only through Notepad orNotepad.
- Next, you need to select the item "Select a program". If there is a “Notepad” in the list that opens, as in Figure No. 9, then you need to click on it and click on the “OK” button.
If not, you should use the "Browse" button (highlighted with a red frame in Figure No. 9) and select a notepad there.
As you can see, everything is done very simply. After that, the file we need opens.
As for editing it, there are no special instructions here, everything is done in the same way as in a regular notepad.
This means that you can select some part, delete it with the Backspace button on the keyboard, and perform other actions provided by a regular text editor.
Visually, the process of finding, opening and editing the hosts file can be seen in the video below.
How to change the hosts file
Where is the hosts file - Examples for different OS
Not every user of the Windows operating system can find, know how to open and how to save the hosts file with changes. This article shows an example of how this can be done in Windows 7. In Windows XP, this file is located in the same place, I hope that in Windows Vista and Windows 8 it has not changed its location. It's just that I've never worked in whist and I'm not going to install windows 8 yet, so try to find and change it yourself. I hope that the way to open and make changes also remain similar to Windows 7.
And so the file hosts in the system is located in the system folder Windows, which is located on the "C" drive, unless, of course, you installed the system on another drive. In the Windows folder look for the folder "system 32", then folder drivers, then a folder "etc", here is the file you are looking for.
If you did not find it, then do some actions, obviously the parameter is set in the settings "Do not show hidden files, folders and drives".
Open folder "A computer", press the key Alt, an additional menu will appear in which you need to select "Tools", "Folder Options". A small window will open with folder options. In section "View" point to be noted "Show hidden files, folders and drives". Next, click "OK" and try again to look into the "etc" folder. The file must be in place.
Now the question arises: "How or with what to open it?", because the extension of this file is not known. It turns out that everything is very simple, you can open this file using notepad. To do this, double-click on the file name, an additional window will open with programs to open it, from which you need to select "Notepad" and click OK.
A text document will open with the following content:
This is where you will make changes. All entries below the lines with the first "#" sign indicate blocked addresses and Internet sites.
Let's experiment by blocking access to the VKontakte website. To do this, add the following to the file:
The site is now closed. In a similar way, you can restrict access to other sites that for some reason you do not want to view or, for example, want to hide pornographic sites from children.
Now close notepad and try to open the VKontakte website.
That does not work? Naturally, because access to it is closed. To open access, do the opposite, remove the line with the specified site from the hosts file. Don't forget to save your changes.
1. If you are a complete teapot, then first think a few times before changing something, or don’t touch anything at all, but contact a specialist who can help you. If you still decide to make changes yourself, then in case of any problems, blame yourself. With this file jokes are bad.
2. If you really want to try it, at least make a copy of the file before making changes by copying it to another location. If something goes wrong, it will be possible to move the copy of the file back to the folder with the original file, with the consent to replace it.
3. If you did not make a copy of the file and after your self-confidence, the computer began to act naughty, try to find an identical file on the Internet, download it and replace it with your own, or delete all lines in the hosts file up to the lines with the “#” sign. Don't forget to save.
4. Before each attempt to make any changes or settings, first think about whether it is really necessary and how much you want it!
The hosts file is a rather vulnerable place in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The task of this file is to store a list of domains and their corresponding ip-addresses. The operating system uses this list to convert domains to IP addresses and vice versa.
Every time you enter the address of the site you need in the address bar of the browser, a request is made to convert the domain to an ip address. Now this conversion is performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.
Even now, this file has a direct effect on the translation of symbolic names. If you add an entry to the hosts file that will associate the ip address with the domain, then such an entry will work fine. This is exactly what developers of viruses, trojans and other malicious programs use.
As for the file structure, the hosts file is a plain text file with no extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual text editor Notepad (Notepad).
The standard hosts file consists of several lines that begin with the "#" character. Such lines are ignored by the operating system and are simply comments.
Also in the standard hosts file there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.
Fraud with the hosts file
There are two classic ways to benefit from making changes to the hosts file. Firstly, it can be used to block access to sites and servers of anti-virus programs.
For example, after infecting a computer, a virus addsthe following entry in the hosts file: "127.0.0.1 kaspersky.com". When you try to open the kaspersky.com website, the operating system will connect to the IP address 127.0.0.1. Naturally, this is the wrong ip-address. This leads to access to this site is completely blocked.As a result, the user of the infected computer cannot download antivirus or anti-virus database updates.
In addition, virus developers can use another trick. By adding entries to the hosts file, they can redirect users to a fake site.
For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the ip address of the attacker's server. As a result, when trying to access a well-known site, the user gets to a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can get logins, passwords and other personal information of the user.
So in case of any suspicion of a virus infection or site spoofing, the first thing to do is to check the HOSTS file.
The malware masks modification of the hosts file in the following way:
To make it difficult to detect lines added by a virus, they are written to the end of the file.
After a vast empty area formed as a result of repeated line feeds;
After that, the original hosts file is assigned the Hidden attribute (by default, hidden files and folders are not visible);
A fake hosts file is created, which, unlike the real hosts file (which has no extension), has a .txt extension (by default, extensions are not displayed for registered file types):
Where is the hosts file
Depending on the version of the Windows operating system, the hosts file can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, the file is located in the folderWINDOWS\system32\drivers\etc\
On Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT\system32\drivers\etc\
Editing the hosts file
You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to start notepad in Administrator mode, and then open the file C:\Windows\System32\drivers\etc\hosts.
How to clean the hosts file
So, point by point.
Click "Start".
Choose "All programs".
Then select the item "Standard".
Click on Notepad right mouse button and select "Run as administrator".
In the Notepad window that opens, select the File menu, then the item "Open..."
In the window that opens, select "Computer" on the left side of the window. 
Then open the disk FROM:.
Windows directory. 
system32 directory. 
The drivers directory. 
directory etc. 
When you open the etc directory, you will have an empty directory. In the lower right corner of the window, select "All files".
Select the hosts file and click the button "Open".
Check for the necessary content: at the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then some examples of how to enter various commands are given. All this, simple text and it does not carry any functions! Let's skip it and get to the end. The teams themselves should go next. Unlike comments (i.e. plain text), they must begin not with "#" sign, and with specific numbers, denoting the ip address.
Malicious commands can be any commands that appear in your hosts file after the following lines:
- On Windows XP: 127.0.0.1 localhost
- On Windows Vista: ::1 localhost
- On Windows 7/8: # ::1 localhost
As you can see, the host files in different operating systems are slightly different.
In order not to clean up anything superfluous, you need to know how commands are decrypted. There is nothing complicated here. At the start of each command is digital ip address, then (separated by a space) the letter associated with it Domain name, and after it there may be a small a comment after the "#" sign.
Remember!
All commands starting from numbers 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various websites and Internet services. To which ones, see in the next column after these numbers.
Teams that start with any other numbers ip addresses, redirect(make a redirect) to fraudulent sites instead of the official ones. Which sites have been replaced by fraudulent ones, also look in each column after these numbers.
Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear - look at the screenshot below.
Take note of this moment. Many virus commands can be hidden far at the very bottom of the file by cunning Internet intruders, so be sure to scroll the slider all the way down!
After you do the "cleanup", don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad will only do it instead of saving in the hosts file text copy of hosts.txt, which is not a system file and does not perform any functions!
After a successful save, do not forget to restart your computer.
How to block websites in hosts
So, the hosts file is already open and you can see that it is built in the form of a regular text document.
At the beginning, you will see comments (plain text that does not carry any functionality) starting with the symbol "#" . They may be followed by some functional commands prescribed by the system.
But we don't need them. We skip them and get to the very end of the document. We make a retreat. And now, here, it is already possible to prescribe the commands we need!
When finished working with the file, open the File menu, select the item "Save".
To understand how to correctly enter web resource blocking commands, you need to know that each PC has its own so-called. loopback address A that sends any request back to itself. For any computer running Windows, Linux or Mac systems, this address is always the same - 127.0.0.1 . Here, with the help of just this ip-address, you can block any request to an unwanted site so that it is directed not to the requested resource, but to to the local computer.
This command in hosts is written as follows: " 127.0.0.1 blocked domain name ". Here, real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.
That's all. Now access to all unwanted sites is securely blocked. The main thing after the changes made is to resave the hosts file! See above for detailed instructions.
Restoring the hosts file after a virus infection
As already mentioned, today a large number of malicious programs use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking sites, malware redirects the user to pages that look like popular resources (social networks, mail services, etc.), where an inattentive user enters credentials, which thus get to attackers.
If the file contains entries like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for "malware", and then restore the file hosts
Many hacked users are interested in where they can download the hosts file. However, you do not need to search and download the original hosts file at all. You can fix it yourself, for this you need to open it with a text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update the antivirus.
Let's take a closer look at the process of restoring the hosts file:
1. Open the folder where this file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press key combination Windows+R to open the menu "Run". In the window that opens, enter the command "%systemroot%\system32\drivers\etc"and click OK.
2. After that, a folder will open in front of you in which the hosts file lies.
3. Next, you need to make a backup copy of the current file. In case something goes wrong. If the hosts file exists, just rename it to hosts.old. If the hosts file is not in this folder at all, then this item can be skipped.
4.Create a new empty hosts file. To do this, right-click in the etc folder and select"Create a text document"
5. When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without an extension. Close the warning window by clicking the OK button.
6. After the new hosts file has been created, it can be edited. To do this, open the file with Notepad.
7. Depending on the version of the operating system, the contents of the standard hosts file may differ.
This is how all, without exception, "clean" hosts files should look like. 
Note!
- For Windows XP and Windows Server 2003, add "127.0.0.1localhost"
- Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and "::1 localhost"
If you ever find missing or, conversely, extra entries in such a file, then it is better to delete them as soon as possible. Especially if they are not made by you or without your consent. Most likely, this is the result of the work of viruses!
Restoring the default hosts file in Windows 7: Copy the following text to a file.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# ::1 localhost
Save and close the file.
Many users often hear about the hosts file. Especially often this is due to viruses or the inability to open a particular site. Yes, in fact, mappings of IP addresses to hostnames are registered in this file. All that can be found in it is a list consisting of the IP address and the name of the site that is assigned to it. By default, there is only one entry in the file - 127.0.0.1 localhost.
This entry tells the system that when accessing 127.0.0.1, it should look for a host not on the Internet or local network, but in the system, locally. All other entries can be created by the user manually or by various programs, including viruses.
To open a file hosts enough to open Notebook, on the menu File select item Open and walk along the path C:\WINDOWS\system32\drivers\etc, one by one going into the folder where it is installed Windows, in it a folder system32, then drivers And etc.
Don't forget to select from the dropdown File type paragraph All files, since the hosts file has no extension and is invisible to Notepad, which displays by default txt .
Opening the hosts file, we see something like this:
As you can see, there is text here, at the beginning of each line marked with # . This text is entered as a comment. And the only record used by the system is 127.0.0.1 localhost. If there are others in the text besides this entry, then you need to carefully study them, because they could be introduced not only by useful programs, but also by viruses. So, many users are faced with the problem of opening their favorite sites, social networks (for example, VKontakte, classmates, etc.). And the whole reason is that the names of the sites are associated with other IP addresses or the address 127.0.0.1. Thus, when you try to open a site in a browser, it either does not open at all, or it is redirected to another, possibly malicious site:
127.0.0.1 site1.ru
157.98.34.78 site2.ru
In the example, the first entry directs site1.ru to an internal address, and it simply will not open, and the second entry maps site2.ru to the address 157.98.34.78, and a completely different website will open instead.
Some recommend in such cases to simply delete the hosts file, but it is still advisable to leave it, and only erase the extra entries in the text, and then save it. If the file manager Total Commander or any other equivalent is installed, then you can also go through the folders and open the hosts file by pressing the key F4 . In this case, by the way, the file will not necessarily be opened by Notepad, but possibly by another text editor.
Finally, we note one more condition: after editing the hosts file, it is advisable to restart the computer so that the system works with the changed data.
Apparently, many users very often face the fact that sometimes when a virus infection of a computer occurs, when installing hacked or illegal software, it is recommended to make some changes to the hosts file. What kind of system component this is, ordinary users usually do not even guess, not to mention the knowledge of how to open the hosts file and what changes can (and can) be made to it. That is why it is worth dwelling on understanding its functional purpose in more detail.
What is the hosts file, and what information is stored in it?
For now, let's leave aside the questions related to how to open the hosts file, and let's see what kind of object it is and why it is generally needed in the system.
If we give the simplest explanation, we can immediately note the fact that this file, in its essence and content, is the most common text document, although it does not have an extension. Yes Yes exactly! Even if the extensions for all registered file types are set in the Explorer, it will not be indicated for this object. And it's not just done. The fact is that the information stored in this file is designed to match domain names with the IP addresses of the requested Internet resources.
Roughly speaking, when you enter a website address in a browser, the system first accesses this particular file, and only then does it validate at the DNS server level. In general, this component can to some extent be called a kind of local DNS server built into Windows or any other system. As for the information that is written in the file, the main content is by and large just a descriptive part, and the main interest is the commands that are specified for the local host, which in all cases has the address 127.0.0.1. What does this mean? This means that by changing the parameters specified in this file, you can either redirect to other resources, or generally restrict access to some sites, prohibiting both the system and programs that try to access them from connecting. Thus, its priority is higher than even the DNS server.
Why do viruses most often attack this file?
From the point of view of the security of any computer system that has access to the Internet, this component, due to its priority parameters, is almost one of the main targets that are attacked by various types of virus threats. Why is that? Yes, only because after changing some records, the threat can gain control not only over the connection, but also redirect the user to various dubious, advertising or fake resources on the Internet, for example, in order to steal personal data. And the presence of advertising seems to be far from the worst possible consequences.
Let's assume that the virus has registered in the hosts file a redirect to a fake banking page. The user seems to enter the legal (official) address of the resource, but then, without guessing anything, he gets to a completely different page, which may look like the original one. Then he enters his logins and passwords to access personal banking operations, and as a result, say, all funds disappear from his card. That is why access to the hosts file for the purpose of editing is blocked by default in the system, even if you are an administrator at least three times (for Windows 7 and higher). But how to open the hosts file if it is really necessary? There are several ways to do this, which we'll talk about a little later, but for now let's see where this object is located.
Where is the hosts file in Windows?
In all Windows systems, finding this object is not difficult. For convenience, we will consider modifications of system 7 and higher. It is enough to go to the “Explorer” in the main directory of the system, go to the System32 directory, open the drivers folder and enter the etc directory.
If you need to do it easier, you can set the search through the Run menu using the % systemroot% or % WinDir% attributes, after which all the folders that are navigated through are sequentially indicated through the left slash.
How to open the hosts file in Windows 7 or any other OS of this family for viewing?
So, with the content and location of the file sorted out a bit. Now, based on the fact that this is really a text document, let's see how to open the hosts file using Notepad or any other text editor. If we are talking only about viewing, and not about editing the content, you can open it either in an already running program, selecting all files from the list of types of objects to be opened, or open it through the "Explorer", where the item "Open with" is selected in the RMB menu on the file. help…”, followed by the standard Notepad application or any other similar application of this class.
Please note that despite the fact that this object belongs to text files, it will not be possible to open it in editors like Word, since even the etc folder will not be displayed in the list. But if you use the item "Open with ...", you can perform such an operation without problems. But in both cases, saving the changes will not work.
How to open hosts file as administrator?
But sometimes you really need to edit the file. But how can I open the hosts file with Notepad so that the changes can be saved? In this case, the text content processing program itself must be run exclusively as an administrator. For Notepad in Windows 7, this can be done through the Run console by typing the notepad command and ticking the start item with admin rights. If there is no such item, you can run the Notepad.exe file as an administrator in the "Explorer" (it is located in the root directory of the Windows system).
Another technique is to create a new task in the "Task Manager" and enter the above command in the console marked as "start as administrator". After making changes, you can save the hosts file with the standard shortcut Ctrl + S.
How and what changes can be made to the contents of the hosts file?
As for the changes, they basically boil down to blocking a site by entering its address after the last two lines using a hash symbol and the address of the local host.
So, for example, if some program with a hacked license (or offline registration using a key generator) constantly accesses the official website of the developer, there is nothing easier than blocking the connection. In this case, the application will “think” that there is no Internet connection and will not check the license.
Finally, speaking about how to open the hosts file, we should not forget that some portable antivirus programs, when threats are detected, make changes to the contents of this object on their own. Therefore, deleting entries created under the auspices of such security applications is not recommended. And in general, without the need for this object, it is better not to touch it at all.
