How to remove hosts virus (clear hosts file)? How to delete the hosts file? How to recover hosts? I can not get rid of the virus in the host file.

Windows hosts file- this is a file that does not even have an extension, it is designed to link the site and its ip-address. By default, this file contains only one address, which is reserved for the computer itself. In a word, the hosts file means little to the average user, and is generally uninteresting.

Using the hosts file, you can deny access to any site, and viruses often take advantage of this. So be careful, the virus often changes the hosts file so that we either simply cannot get to some sites, or we actually download some kind of clone under the guise of real sites, like Odnoklassniki or VKontakte. And all these are fakes of the hosts file, so in this case it is easier to either clear it completely or even delete it.

If you suddenly need delete hosts file, which of course you can rightfully do, and this will not adversely affect the operation of the system, then I will show you how to do it. More precisely, I will show where the hosts file is located.

This file can be found in the following path:

Open the system drive (C :), then the Windows folder - System32 - Drivers - Ets and here it is our treasured file.

Delete hosts if we want.

This is how easy it is remove hosts opening a few folders.

Restoring the hosts file

And if you have a different task, and you need to restore the hosts file, then this can be done according to the instructions below.

By default, the hosts file looks like this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
#space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1localhost
# ::1 localhost

That is, this text should be in the hosts file. If you deleted the hosts file, and now you want to restore it, then create a plain text document, open it in notepad, preferably in Notepad, install it separately and copy the above lines there.

Our article is devoted to various aspects of how to remove hosts - a virus, a file or a folder. I will tell you about removing the virus, the hosts file and folder. And now about each method in order. Let's start with the most difficult (at least in appearance) task of removing a virus in the hosts file. Although it should be noted that all these methods are closely related, since they are various manipulations to remove the same Trojan - a virus that makes it impossible to visit some popular sites normally.

How to remove hosts virus

There are viruses that write parameters to a file called hosts. In this case, a situation often arises in which, when launching various sites, for example, "VKontakte" or "Yandex", the system will require you to send SMS to activate your account. The usual reboot of the system most often does not give results. However, in this case, a few simple methods will help. For example, the hosts virus can be renamed to any other - for example, XHosts. This will not affect the network and operating system in any way, however, since Windows will no longer be able to access this file, respectively, and the running Trojan will also not be able to edit it to block protection updates for your computer. There is also another simple way (and more effective, so as not to block the possibilities of the hosts file) how to remove the hosts virus. In this case, the file needs to be opened with a simple text editor such as Notepad or WordPad. Entries with links must be deleted from the file - for example, vkontakte.ru, odnoklassniki.ru, yandex.ru, etc., moreover, you need to delete them along with dots and numbers that are written along with the site names. Ideally, all that should remain in the file after system entries like 102.54.94.97 rhino.acme.com source server and 38.25.63.10 x.acme.com x client host is the 127.0.0.1 localhost entry. After it, in the infected hosts file, there is all sorts of “garbage”, which is subject to immediate removal. Well, then we save the changes in the file and simply restart the Internet browser. As a rule, as a result of these simple actions, the hosts virus problem is eliminated in the vast majority of cases. And, of course, it is useful to know that in no case should you send SMS to any unfamiliar numbers, since this is how you most likely will bring this Trojan into your computer, the sole purpose of which will simply be to get money from you.

How to delete the hosts file

This question usually arises for those who cannot edit the hosts file in the above ways - sometimes this really happens, for example, when a virus creates several files. At the same time, sites such as Odnoklassniki, Vkontakte, Yandex and My World can be blocked on the computer at the same time. In order to remove such a virus, you first need to find the hosts file. In various older systems, it is located in different ways, but starting with Windows XP and inclusive of Windows 7, its address is unchanged: Windows\system32\drivers\etc\hosts. The Windows folder is located on the drive where your operating system is installed, and it does not have to be drive ”C” (for example, my system drive has the letter ”I”). Did you find a file? And now you might be in for a surprise. In order to see it, you need to turn on show hidden folders and files. To do this, open a folder and select the “Tools” item in the top menu of the folder, then click “Folder Options” and “View”, and then “Advanced Options”. After that, scroll down the menu list and check the box "Show hidden files and folders". This must be done in order to detect hidden system files, among which, it is quite possible, there will be redundant ones - the very ones that the Trojan created in your system for its criminal purposes. Some even have not one, but two hidden hosts files - they are subject to immediate removal. Now we open the "real" hosts and edit it, as indicated in the previous chapter, using a text editor, if necessary. That's the whole procedure.

How to delete the hosts folder

Strictly speaking, there is no hosts folder as such, but there are files called hosts. If the computer is not infected, then there will be only one such file in the corresponding folder (at least it's good that there is one). There may be several such files in an infected computer and they are present in a hidden form, so they need to be “declassified” (see the previous chapter for how). Here we will describe another fairly common situation with two hosts files. Here is a description of the problem from a user question on the internet:

“I have two hosts folders, one of which has the signature "system file", and the second just the signature "file", while in the hosts "system file" I have the VKontakte and My World viruses. I know that they need to be removed and only one line 127.0.0.1 localhost should be left, but when I remove the other lines with viruses and select "save", the file is not saved for me. As for the second folder (actually just a file - ed.) hosts, there is only the correct line there and there are no viruses. Is it possible to just delete the system hosts, where the viruses are located, and leave only the correct hosts file?

Here is such a situation. And the solution is simple. Firstly, users are often unaware that if there are two or more hosts files, the "wrong" hosts files are not edited, which means they just need to be deleted. As for the file in which there are no extra entries, it is logical that it should be left. It is important for the system to have access to at least one hosts file for normal operation on the Internet, so feel free to delete all others with extra entries or without them. And one more note: do these manipulations only when it is really necessary. If you're just curious, think about how much you risk, as deleting some files (for example, boot.ini) can cause the system to stop starting altogether.

Hello everyone! Today we will talk about the DFH.HOSTS.corrupted threat, you will find out what it is and how to fix or remove these notifications from the system.

The DFH.HOSTS.corrupted file is not a virus. It is located only by one antivirus of all possible - Dr. Web. What is it? In simple words, this is an ordinary notepad hosts present on your system. It is defined as dangerous because of its modified state, that is, a certain program has entered its data into it. SpIDer Guard, respectively, finds such actions invalid and indicates this to the user.

Some recommend changing the notebook itself and removing everything unnecessary from its contents. But such actions can harm other applications on the computer. After all, it’s not so easy to enter data into a notepad, which means that they are needed for the normal operation of Windows. You are suggested to perform alternative troubleshooting steps. First of all, hosts should be entered in antivirus exceptions and his scanner, but everything is in order.

How to treat the DFH.HOSTS.corrupted threat?

Once added, you can move on to another action. Now you need to do the same with a regular scanner.

  1. By clicking on the Dr.Web shortcut with the right button, you can find "Scanner".
  2. In the settings you need to take actions to change its work, we are looking for "Change settings".
  3. Again we add the etc folder to the excluded paths. It is enough to specify the entire folder, you do not need to select files from it.
  4. Click OK.

If these actions still did not help, although this is practically impossible, the only correct option remains: you must completely remove Dr.Web from the computer, otherwise it will not be possible to remove the dfh.hosts.corrupted threat.

But there are some options when Dr. Web may indicate changes in the hosts file related to the redirect ip addresses entered in it. This video will show you how to properly clean the Hosts file in Windows.

Host - a system text file designed to translate domain names into specified network addresses, or IPs. It is a kind of special network add-on, but it can be used for both good and malicious purposes. There is a certain category of viruses that modify the hosts file in order to block access to certain web resources (for example, to offsite antivirus companies) or redirect the user to malicious or advertising pages.

Behavior and symptoms of "hosts" viruses

Viruses, like their other "relatives", penetrate through infected program installers, special boot scripts on web pages, and other hacker tricks. Quite often, the installation of an “infection” is disguised as system errors. A window appears on the screen with a message that supposedly an error occurred while executing a script or command. The puzzled user, confused, presses “OK” (there are no other buttons!) and personally opens the “doors” to the malware in the operating system. The file called hosts is instantly modified, and a series of troubles begins for the user ...

In appearance, the system works stably - does not slow down, does not freeze. But as soon as the user opens a web browser, all the "ailments" crawl out. And they manifest themselves as follows:

  • when you try to access a social network or some other popular Internet resource, the error “Page is not available” appears;
  • the domain (name) of the site is not true: for example, when typing vk.com in the address bar, a page opens with many advertising banners or another site that has nothing to do with the social network.

Many users, having seen one of these pictures on the screen, do not attach any importance to it at all. They comfort themselves with the thoughts “something happened on their server”, “today the Internet is bad” and stuff like that…

Well, if so. What if the file is infected? Then the problem will not disappear by itself in an hour or ten. You need to act: remove virus modifications from hosts, in other words, give it its previous look.

Treatment of the hosts file

How to find and what program to open?

Before you can remove the hosts virus, you must first get to it. Open the directories in sequence in the given order (for Windows 7 and XP):

Drive C (or whatever drive the OS is on) → Windows → System32 → drivers → etc

It is in the "etc" directory that host is located. But do not rush to remove it from the computer! It is not removed, but treated, and easily. And then, perhaps, it will serve you well more than once or twice (see the last chapter of this article).

Host has no extension, but contains textual information. Therefore, it can be easily opened by the Notepad system application and, accordingly, restored in an appropriate way.

Let's do that.
1. While in the "etc" folder, right-click on the hosts file.

2. Select "Open" or "Open With" from the context menu.

3. In the list of programs that can open the file, click Notepad and click OK.

Notepad will display the contents of hosts. It must be reviewed, analyzed and removed all virus add-ons.

How to check?

In a clean, that is, in a "healthy" hosts, there is nothing else except for the lines starting with the "#" character. With a rare exception, when some trusted programs leave their settings in it.

But when a virus attack occurs, you need to be especially vigilant.

  • The line with the IP address and domain name of the site (VK.com, ok.ru, etc.) redirects to another site.
  • The line starting with 127.0.0.1 blocks access to the site.

    • If any are found, they should definitely be removed.

    How to clean?

    1. Holding down the left mouse button, select with the cursor all entries made by the virus.

    2. Right click on the entries. Click on the "Delete" menu.

    3. Save the file for the changed settings to take effect. At the top of the Notepad window, click: File → Save.

    4. Close Notepad. Reboot OS. Open a browser and check access to sites.

    Additional measures and prevention

    Unfortunately, it may also happen that a virus can nullify all your efforts to clean hosts (the sites still won’t come off). But, nevertheless, you should not give up.

    Additionally, perform the following procedure:
    1. Check the partitions of the disk (the system one is a must!) with Dr.Web CureIt!, Free Anti-Malware or Virus Removal Tool (Kaspersky).

    Set the scan settings of the anti-virus program to check boot sectors (MBR), memory, detect rootkits and turn on a high level of virus detection (detection).

    2. Update the signature databases of the main antivirus that protects your PC from malware intrusions constantly. Also check its basic settings.

    For example, Avira antivirus pays special attention to protecting hosts. In its settings panel there is a special setting "protect the host file".

    Why is hosts useful?

    Hosts is included in the group of user settings and is indispensable for solving the following tasks:

    Network connection blocking - software application - server/site

    Many programs periodically access their "native" resources to update, send data. For the user, this mode of operation is not always convenient: traffic is wasted, page loading is slowed down, there is no control over data loading.

    Bypassing all software settings and firewall rules, you can restrict access to them directly in hosts by adding the following line:

    127.0.0.1 <доменное имя ресурса>(e.g. 127.0.0.1 adobe.com)

    Exercising control over visits to web resources

    Similarly, access to certain sites is blocked: pornographic, dubious, social networks, etc. It all depends on the purpose of the restriction - parental control, office or educational PCs.

    host has priority over DNS servers (services that assign IP addresses to domain names), so the PC will initially follow its instructions when creating a network connection.

    Keep track of the host file, configure it correctly, and everything will be “OK” with your PC. Have fun using the internet!

Entries made by virus programs in the hosts file can easily block access through the browser to any Internet site, redirect your request instead of the official site to a false page to scammers, or block any applications on your computer from accessing the Internet and, accordingly, "mute" all their online features. So, at one moment the antivirus may stop updating, the game will not be able to connect to the server, the site with your favorite Odnoklassniki will not open, and instead of your Vkontakte page, you will instantly find yourself on the "left" portal, where you will be sent via SMS- ki will extort money for restoring access to the account.

To avoid such unpleasant situations, always watch what you download and install on your computer, and, of course, do not forget to watch the hosts file and periodically clean up various "garbage" in it.

To get access to the hosts file, you first need to find it in the system folders. In different Windows operating systems, its location may vary slightly. And sometimes it can even be hidden, depending on the settings of the operating system.

  • On Windows 95/98/ME it is located: C:\WINDOWS\hosts
  • On Windows NT/2000, it is located: C:\WINNT\system32\drivers\etc\hosts
  • On Windows XP/2003/Vista/7/8 it is located: C:\WINDOWS\system32\drivers\etc\hosts

After you get access to the hosts, you can start cleaning the file from virus commands. This can be done in two ways.

1. Manual editing (via Notepad)

A.) Launch Notepad ( "Start" --> "All programs" --> "Standard") on behalf of the administrator(right-click on the program icon --> Run as administrator) and add the hosts file to it ( "File" -- >"Open").

You can do it differently.

B.) We find the hosts file at one of the above addresses and simply click on it right. book. mouse, then select the option "Open" / "To open with", then choose "Notebook", press "OK" and look at the contents of the file.

At the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then some examples of how to enter various commands are given. All this, simple text and it does not carry any functions! Let's skip it and get to the end. Next, the teams themselves should go. Unlike comments (i.e. plain text), they should not begin with the "#" sign, but with specific numbers indicating the ip address.

Malicious commands can be any commands that appear in your hosts file after the following lines:

  • On Windows XP: 127.0.0.1 localhost
  • On Windows Vista: ::1 localhost
  • On Windows 7/8: # ::1 localhost

As you can see, the host files in different operating systems are slightly different. You can read more about what hosts files should look like here.

In order not to clean up anything superfluous, you need to know how commands are decrypted. There is nothing complicated here. At the start of each command is digital ip address, then (separated by a space) the literal domain name associated with it, and after it there may be a small comment after the "#" sign.

Remember! All commands beginning with the numbers 127.0.0.1 (except for 127.0.0.1 localhos t) block access to various websites and Internet services. To which ones, see in the next column after these numbers. Teams that start with any other numbers ip-addresses redirect (redirect) to fraudulent sites instead of official ones. Which sites have been replaced by fraudulent ones, also look in each column after these numbers. Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear - look at the screenshot below.

Take note of this moment. Many virus commands can be hidden far at the very bottom of the file by cunning Internet intruders, so be sure to scroll the slider all the way down!

After you do the "cleanup", don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from Notepad itself ( option A.), when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad will only do it instead of saving in the hosts file text copy of hosts.txt, which is not a system file and does not perform any functions!

After a successful save, do not forget to restart your computer.

2. Automated editing (through special utilities)

AVZ- an anti-virus application that can work with the hosts file, even if it is hidden and replaced by attackers with a fake file with the correct values, which has a similar name, for example, "hosts" - in which the Russian letter is written instead of the English letter "o".

Download the AVZ utility and run the application from them. administrator(right click on the launcher file and select the appropriate option).

From the program menu select "File" --> "System Restore" and in the opened window tick function "13. Cleaning up the Hosts file", then click the button "Perform marked operations".

Here, that's all! Now it remains only to restart the computer.

HijackThis- another good analogue of the previous application, allowing you to edit hosts even manually!

Download the HijackThis utility and do the same run as administrator. Next, click sequentially on the options: "config" --> "MiscTools" --> "Open host file manager".

Before us, all the contents of our hosts file will open in the inner window. We select everything in it virus command lines left key. mouse and click on the button "Delete line(s)" to permanently remove them from our file. Next, press back to exit.

As you can see, everything is extremely simple. And don't forget to restart your computer!

RELATED ARTICLES