Trusted host. How to remove virus settings from the system hosts file. Restrictions using the hosts file

One of the suggested methods was to check the hosts file. Then this issue was covered briefly, but now we will consider it in more detail.

Virus programs very often edit the hosts file, writing certain commands. As a result, access to Odnoklassniki or VKontakte may be lost (sometimes the user opens the “left” VKontakte website with a request to send an SMS to unblock the page), the antivirus will stop updating, or the Internet connection will disappear altogether. It also happens that instead of one site, another one loads. For example, you open the start page of Yandex or Google, and an advertising site appears.

In all these cases, cleaning the hosts file is required. If the reason is the appearance of ad viruses or blocking access in it, then the problem will disappear. Can be done in 2 ways: manually and using programs. And below are instructions on how to fix the hosts file using each of these methods.

How to clear the hosts file manually

Manual cleaning is very simple, as you will now see for yourself.

Click Win + R and copy the line into the window that appears: notepad %SystemRoot%\system32\drivers\etc\hosts. As a result, notepad will launch with the contents of this file.

There is another way to open it:

Ready. This is what the hosts file should look like:

First there are explanations from the Windows developers about what this file is. Then a couple of examples are given on how to correctly write commands. Comments are written in plain text and do not perform any action (this is indicated by the hash icon # at the beginning of all lines).

But in your case, there will most likely be a lot more text. And without the hash mark, of course. For example, like this:

Line 127.0.0.1 denies access to the specified website. In the example above, these are Odnoklassniki, Meil.ru and the Kaspersky portal. If other numbers are written there, then there is a redirection to some kind of fake site.

To clean the file you need to remove these extra lines. But be sure to look at what the original version should look like so as not to erase anything unnecessary.

By the way, sometimes these extra lines are hidden at the very bottom. That is, when you open the file, it seems that there is nothing there, but if you scroll to the bottom, you can find several virus commands.

Then save the accepted changes. To do this, click File – Save in the notepad.

Restart your computer or laptop – and the problem with ad viruses or site blocking should disappear. If that was the reason, of course.

What to do if you do not have rights to edit the hosts file? Copy it to your desktop, delete the extra lines, save the changes, and then put it in the same folder and replace the previous version. And then restart your PC.

If the problem persists, first check if the changes to the host file have been saved. After all, this is a fairly common mistake of inexperienced users.

The instructions are universal for all operating systems, so its version does not matter here.

How to fix the hosts file via AVZ

AVZ is great for this - a powerful anti-virus utility that helps clean your PC from viruses and all sorts of advertising nonsense. This program will find the file, even if it is hidden or completely renamed. It's free and you can download it.

To open AVZ, select the shortcut, right-click and run it as administrator.

After that:

The AVZ utility will clean the host file, after which all you have to do is restart your laptop or computer. Everything will take 5-10 seconds. Plus, the program works on any OS: Windows 10, 8.1, 7 and XP.

Restoring the default hosts file

As a bonus, I’ll give you another way - official instructions from Microsoft on how to restore the hosts file. You can get acquainted with it. This option is suitable for those who accidentally deleted the hosts file and want to restore it. The instructions are also universal and suitable for Windows 7, 8 and 10.

Hello, dear readers of the blog site. Today I want to talk about something quite simple in its design, like Hosts file.

What is noteworthy is that it lives on almost all operating systems (and therefore all computers of Internet users), from Linux to Windows 7. Another distinctive property of it is that it does not have an extension, but this is due precisely to the fact that it works it should be in any OS, which means it must be universal.

But this is not the main thing. Although he is a relic of the past, there are still a lot of ways to use Hosts both for good purposes and not so good. For example, viruses and virus writers love it very much and often use it either to replace official sites with their phishing duplicates, or to block the ability to update your antivirus program.

However, network equipment needs IP-based devices and nothing else. Therefore, a list of correspondence between the host name and its IP address () was manually generated. This list was called Hosts and was sent to all nodes on the local network. Everything was great until the moment when it was no longer possible to use this method due to the huge number of records contained in this file. Sending it out has become problematic.

In this regard, we decided to approach this issue differently, namely, to place on the Internet an entire (domain name system) that would store all these correspondence tables and user computers would contact the nearest one with the question of what kind of IP source corresponds to the Vasya.ru domain.

At the same time, everyone happily forgot about the Hosts file, but it still existed in all operating systems, except that its content was extremely meager. Usually there was and is still present only one entry:

127.0.0.1 localhost

For some reason, this IP address (more precisely the range 127.0.0.1 - 127.255.255.255) was chosen to designate the local host (private IP), i.e. the very computer you are sitting at (literally localhost - “this computer”). But, really, this is all for the old IPv4 (fourth version).

And in IPv6, which is now coming into use (due to the fact that the number of addresses included in the previous version is no longer enough for everyone), such an entry will look a little different:

::1 localhost

But the essence is the same. Because Now both standards for specifying an IP address are still used or can be used, then in the Hosts file Usually both of these lines are present. True, there can be any kind of billboard written above them (depending on the OS used), but all those lines contain at the beginning the hash symbol # (hash), which means that these lines are comments and should not be taken into account.

On my old Windows Vista, the Hosts file now looks like this:

# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # This HOSTS file created by Dr.Web Anti-rootkit API 127.0.0.1 localhost:: 1 localhost

Recording syntax very simple - first indicate the IP address, and then, through any number of spaces (tab characters), enter the name of the host (computer, node or domain). A separate line is used for each entry of this kind.

Here the main question arises: what place does Hosts currently take in the process of establishing a correspondence between the domain names entered in the browser and the IP addresses that are hidden behind these domains? Well, as it turned out, it occupies a very important place, namely the first one. But first things first.

So, you enter Url address () into the address bar of your browser, or follow a link from your browser bookmarks, or from any web page open in it. In any case, the browser receives from you the path to the document you want to see.

In any case, the URL will contain the domain name of the site on which the document you are interested in is located (the site in our example). However, this domain corresponds to a very specific server (maybe virtual) where this very site is hosted. And this server must have must be an IP address, so that it is visible on the network and can be accessed.

Your browser cannot know which IP corresponds to the domain name contained in the Url (well, unless you have enabled caching of DNS records in this very browser and you have previously visited this node). Therefore he addresses first For clarification, refer specifically to the Hosts file on your computer.

If this domain is not found there (and the corresponding IP), then the browser will begin to torture DNS record caching service from Windows. If you previously accessed this domain and not much time has passed since then, then the DNS cache will give the browser this same IP address. The browser will receive it and open the document you requested.

If there are no records for this domain in the cache, then the browser will send a request to the nearest DNS server (most likely, it will be your server) and receive the required information from it. True, in this case there may be a slight delay in opening the web page you requested, but with modern Internet speeds this will be practically unnoticeable.

And this happens with absolutely any request to open a document from the Internet from your computer. Do you get it? Empty Hosts does not create any problems, but if you fill it out, and even with malicious intent, it may turn out that you enter the password for your Yandex wallet not on the official website of this payment system, but on a phishing resource with a similar design (see) .

How can this be? Well, no one is safe from virus infection (), and a virus can easily add the IP address of a phishing resource to Hosts and assign it the domain name money.yandex.ru, for example. This is where the danger lies.

On a fake social networking site, they may intercept the passwords you enter, they may require a fee for entry, or something else more creative. The saddest thing is that it is impossible to notice the substitution, because the correct domain name will appear in the address bar of the browser.

Where is the Hosts file located and how can I remove virus entries from it?

On the other side remove changes made by the virus even an absolute noob in computers can use the Host file. Usually the problem is to find where this file is located.

In older versions of Windows, such as XP or 2000, it was open to everyone and lived in the system folders at the following address:

Windows\System32\drivers\etc\

You won’t believe it, but he lives at the same address in both Windows 7 and Vista, but everything is somewhat more complicated there, because following the path:

C:\Windows\System32\drivers\

You won't find any etc folders there. The developers decided that ordinary mortals should not touch this file to avoid problems.

However, the hosts file in windows 7 and vista still exists, you just need to look for it, having received Administrator rights. Personally, I never even tried to figure out all this nonsense with rights, but I found a very simple way for myself to get around this limitation.

So, go to the “Start” button menu - “All Programs” and find the “Accessories” folder there. There are shortcuts inside it, among which it’s easy to see “Notepad”. Right-click on it and select from the context menu that appears "Run as Administrator":

Well, actually, half the battle is done. Now in notepad, select “File” - “Open” from the top menu. In a standard Windows Explorer window, find the desired etc folder (inside the Windows\System32\drivers\ directory), select “All files” from the drop-down list in the lower right corner and watch with happy eyes the appearance of this top-secret file:

It will be exactly without expansion, and the rest will be rubbish, it seems hosts.txt, viruses are very often created to distract your attention and ultimately confuse you. For a real file, they set the “Hidden” attribute, which can be checked or unchecked by simply right-clicking on the file and selecting the bottom “Properties” item:

And because in Windows, by default, extensions are not displayed for registered file types (that’s why they did this - I don’t understand), then the user finds hosts.txt without seeing either its extension, or the fact that there is another hosts in the same folder, but it is hidden from his eyes.

Making changes to the fake, he still achieves nothing, begins to tear out his hair, wring his hands and goes to the store to buy a new laptop in order to finally get into his favorite Contact, which the virus blocked on the old computer. Ahh, horror.

Although, of course, the user may be advanced and enable the display of hidden and system files in the settings. In Windows Vista, to do this, go to “Control Panel” - “Folder Options” - “View” tab and move the checkbox to the “Show hidden folders and files” line. By the way, it would be better to uncheck the “Hide extensions...” line above:

Eat a very simple way to open this file. It will be enough to press the Win + R key combination on your keyboard (or select “Run” from the “Start” button menu), then enter the following line in the window that opens and press Enter:

Notepad %windir%\system32\drivers\etc\hosts

But that's not the point. We still found where this secret (for Windows 7 and vista) file is located, and we must carefully examine it for possible abuse. If the initial examination of the patient does not reveal any pathologies, then look to the page scroll area in Notepad.

Sometimes the virus makes its entries after several hundred empty lines, thereby reducing the risk of your detection. If there is no scroll bar, then everything is great, but if there is, then use it and bring your Hosts to the form it should have from birth, i.e. It will be enough to have just two lines in it (no one needs comments):

127.0.0.1 localhost::1 localhost

Well if spoofing addresses in this file it is quite simple to represent, for example it might look like this:

127.0.0.1 localhost::1 localhost 77.88.21.3 site

How, in this case, is it carried out? blocking certain sites through Hosts? Well, just assign the private IP address 127.0.0.1 to the domain that needs to be blocked, for example, like this:

127.0.0.1 localhost::1 localhost 127.0.0.1 vk.com 127.0.0.1 odnoklassniki.ru

The smart browser finds this match and tries to get the desired document (web page) from your own computer, which, naturally, it fails and about which it will immediately inform you. By the way, this is a good way to block your children’s access to sites that you think they should not visit. Of course, you will still need to create a list of such sites or get them somewhere, but if you wish, you can try.

As I already mentioned, in ancient times, when the Internet for most users was still slow, to speed up the opening of sites, they registered their IP names in Hosts. Another thing is that these same resources periodically changed their hosting and, along with it, their IP addresses. And the user, having forgotten about what he did six months ago to speed up the Internet, tries in vain to understand why his favorite resources are not available to him.

How to use Hosts when moving a website to a new hosting?

Well, and finally, I would like to talk about how, by making changes to the Hosts file, you can work with a site that has moved to a new hosting even before a new record is registered on all DNS servers (assigning a new IP address to your domain ). The method is very simple but effective.

So, you change hoster. Naturally, the IP address of your site also changes. How will people find out about this on the Internet? Everything is correct, using a network of DNS servers. By the way, you will take the first and most important step yourself by going to the control panel of your registrar and registering there the addresses of the NS servers of your new hoster.

It is from them that the new DNS will spread throughout the Internet. But this process is lengthy and in the worst case scenario it can take a couple of days. During this time, the site should be available on both the new and old hosting, so that users from all over the world would not be deprived of the opportunity to view it.

However, you yourself will be interested to know how your resource actually feels with the new hoster? Check the operation of all plugins and other things. Do you really have to wait from several hours to two days? After all, this is unbearable.

Firstly, you can try resetting the DNS cache on your own computer, because it may prevent you from seeing your resource on the new hosting if external DNS servers have already received a new record. How to do it? Again, everything is very simple. Press the Win+R key combination on your keyboard (or select “Run” from the Start button menu), then enter in the window that opens:

A very scary window called Command Prompt will open, where you will need to paste this command:

Ipconfig /flushdns

The regular paste buttons in the Command Prompt window don't work, so just right-click in the Command Prompt window and select Paste.

After that, click on “Enter”, the DNS cache will be cleared on your computer and you can try to open your site again. By the way, there may be a DNS cache in the browser itself, so clear it, or refresh the window while holding down the Shift button on the keyboard.

By the way, if you are interested, you can view the contents of the DNS cache by entering the following command into the command line:

Ipconfig /displaydns

Does the site still open on the old hosting? No problem. We find the Hosts file using the method described just above and add just one line to it:

109.120.169.66 website

Where 109.120.169.66 - this will be IP address of your new hosting, and then the domain name of your site will follow. All. While the rest of the world is admiring your resource on the old hosting, you have the opportunity to correct possible problems on the engine that has already been transferred to the new hosting. The thing is wonderful and I always use it.

Good luck to you! See you soon on the pages of the blog site

why is it needed?

In general, if anyone paid attention, the file itself is located in the etc directory, if you sequentially move along the tree from the Windows folder, through System32 to the drivers directory on the system drive. Not everyone, however, goes into such a thicket of the system; by and large, this is not necessary. On the other hand, if you pay attention, the object itself does not have an extension, although, in fact, it is an ordinary text document.

But let's take a closer look at Windows 7. Its content is that it is this object that is responsible in the system for the relationship between host names (sites, nodes, etc.) and determining their IP addresses to provide the end user with access to the resource. Roughly speaking, we do not need to enter combinations consisting of numbers in the browser, but we can only specify the names of resources.

And one more small clarification about the HOSTS file (Windows 7). Its content may change. Depending on what changes have been made, this can help block certain sites, speed up access to certain resources, or, on the contrary, can play a cruel joke by redirecting the user to dubious sites. However, first let's look at the original file.

(Windows 7): Contents

So, first, let's try to open It must be said that if you use the standard double-click method, nothing will work, because, as mentioned above, this object does not have an extension. In addition, the file may be hidden, so you should first select show hidden objects in the view menu. But the system will offer several applications to open. We choose the simplest thing - standard Notepad and look at the contents of the HOSTS file (Windows 7). Before us is something incomprehensible: descriptive text, some examples and a line indicating the local IP (# 127.0.0.1 localhost). That's how it should be.

Attention! There should be nothing below the line indicating the reserved local address, unless, of course, the user wants some resource to be blocked!

In general, everything above localhost is allowed resources. Everything below is blocked. It is not difficult to guess that many viruses, in particular programs that distribute spam or advertising (Malware, Adware, etc.) independently edit the contents of this file. So it turns out that when requesting one resource, the user receives a redirect (redirection) to a completely different one.

Default HOSTS in Windows 7

We reviewed the original file. Now let's look at the changed content. To correct it, you can take the contents of a “clean” file for the “seven” from another computer or from the Internet, copy it, then paste it into the original and save it.

But there is one problem. The fact is that sometimes, after removing everything unnecessary, it is not possible to save the file as the original (the system simply does not allow this to be done).

What to do in this case? First, delete the original completely (Shift + Del), bypassing the Trash. Then we right-click on the empty space inside the etc directory and create a new file with the same name, but do not specify the extension. Now we insert the necessary content into it and save the object. After this, you need to find the lmhosts.sam file there and delete it, as indicated earlier.

That's it, it's done. In both the first and second cases, a system reboot is required. Only then will everything work as expected. And, of course, editing should be done exclusively with administrator rights.

Bottom line

Overall, a very brief summary of the HOST file has been provided here. If you look at the issues of blocking some unwanted resources or, on the contrary, allowing access to them with faster access, editing must be done exclusively manually and according to certain rules. Here you need to remember that the key role of the separator is played by the line indicating the reserved local IP. Well, then, as they say, it’s a matter of technique. By the way, the above technique will also help if the contents of the object have been changed due to the influence of virus programs.

Entries made by virus programs in the hosts file can easily block access through your browser to any Internet site, redirect your request instead of the official site to a false page to scammers, or block any applications on your computer from accessing the Internet network and, accordingly, “jam” all their online features. So, at one moment the antivirus may stop updating, the game will not be able to connect to the server, the site with your favorite Odnoklassniki will not open, and instead of your VKontakte page, you will suddenly find yourself on the “left” portal, where you will be charged via SMS ki will extort money for restoring access to the account.

To avoid such unpleasant situations, always keep track of what you download and install on your computer, and of course, do not forget to monitor the hosts file and periodically clean out various “garbage” in it.

To access the hosts file, you must first find it in the system folders. Its location may vary slightly on different Windows operating systems. And sometimes it can even be hidden, depending on the operating system settings.

In Windows 95/98/ME it is located: C:\WINDOWS\hosts
In Windows NT/2000 OS it is located: C:\WINNT\system32\drivers\etc\hosts
In Windows XP/2003/Vista/7/8 it is located: C:\WINDOWS\system32\drivers\etc\hosts

After you gain access to the host, you can begin cleaning the file from virus commands. There are two ways to do this.

1. Manual editing (via Notepad)

A.) Launch Notepad ( "Start" --> "All programs" --> "Standard") on behalf of administrator(right-click on the program icon --> Run as administrator) and add the hosts file to it ( "File" -- >"Open").

You can do it differently.

B.) We find the hosts file at one of the above addresses and simply click on it. book mouse, then select the option "Open" / "To open with", then select "Notebook", click "OK" and look at the contents of the file.

At the beginning there are explanatory comments from Microsoft about what this file is and how to use it. Then there are several examples of how to enter various commands. All this is just plain text and does not carry any functions! We skip it and reach the end. Next should come the teams themselves. Unlike comments (i.e. plain text), they should begin not with the "#" sign, but with specific numbers indicating the IP address.

Any commands in your hosts file after the following lines can be malicious:

On Windows XP: 127.0.0.1 localhost
On Windows Vista: ::1 localhost
On Windows 7/8: # ::1 localhost

As you can see, host files are slightly different in different operating systems. You can read more about what hosts files should look like here.

In order not to clean up anything unnecessary, you need to know how the commands are deciphered. There is nothing complicated here. At the beginning of each command there is digital ip address, then (separated by a space) the alphabetic domain name associated with it, and after it there may be a small comment after the “#” sign.

Remember! All commands starting with 127.0.0.1 (except 127.0.0.1 localhos t) block access to various sites and Internet services. Which ones exactly, look in the next column following these numbers. Teams having at the beginning any other numbers IP addresses redirect (redirect) to fraudulent sites instead of official ones. Which sites have been replaced with fraudulent ones, also look in each column following these numbers. Thus, it will not be difficult to guess which commands in your hosts file are malicious! If something is still not clear, look at the screenshot below.

Please keep this point in mind. Many virus commands can be hidden far at the very bottom of the file by cunning Internet attackers, so don’t be lazy to scroll the slider all the way down!

After you do the cleanup, don't forget to save all changes ( "File" --> "Save"). If you opened the hosts file from Notepad itself ( option A.), when saving changes, in the column "File type" be sure to select an option "All files", otherwise notepad, instead of saving in the hosts file, will only make it text copy of hosts.txt, which is not a system file and does not perform any functions!

After a successful save, do not forget to restart your computer.

2. Automated editing (through special utilities)

AVZ- an anti-virus application that can work with the hosts file, even if it is hidden and replaced by attackers with a fake file with the correct values, which has a similar name, for example, “hosts” - in which instead of the English letter “o” a Russian letter is written.

Download the AVZ utility and run the application from them administrator(click on the launch file with the right mouse button and select the appropriate option).

From the program menu, select "File" --> "System Restore" and in the window that opens check the box function "13. Cleaning the Hosts file", then click the button "Perform marked operations".

That's it! Now all that remains is to restart the computer.

HijackThis- another good analogue to the previous application, which allows you to edit hosts even manually!

Download the HijackThis utility and do the same run as administrator. Next, click on the options sequentially: "Config" --> Misc Tools --> "Open hosts file manager".

The entire contents of our hosts file will open in front of us in an internal window. Let's highlight everything in it viral command lines left keyboard mouse and click on the button "Delete line(s)" to permanently remove them from our file. Next, click "Back" to exit.

As you can see, everything is extremely simple. And don't forget to restart your computer!

Some terminology

DNS(English abbreviation for Domain Name System) – Domain Name Service. Establishes correspondence between numeric IP-addresses and text names.

DNS(English abbreviation for Domain Name Server) – domain name server; a service computer on a local or global network that translates computer names in domain records into .

DNS cache(resolver cache DNS) – temporary storage of previous DNS-requests on local . Reduces request execution time, reduces network and Internet traffic.

host(English) – main computer; host, any device connected to the network and using protocols TCP/IP.

IP(English) Internet Protocol) – Internet protocol; a network layer protocol from the Internet protocol suite.

IP address(English) IP address) – used to identify a node on a network and to determine routing information. Consists of the network identifier ( network ID) and host ID ( host ID).

Name Resolution(English) – domain name resolution; the process of converting a computer name to the appropriate one.

Name Resolution Service– name resolution service; in networks TCP/IP converts computer names to and vice versa.

TCP/IP(English abbreviation for Transmission Control Protocol/Internet Protocol) – information transfer control protocol, the main protocol of the transport and session layers, providing reliable full-duplex streams.

Designed for use in the Global Network and for combining heterogeneous networks.(English abbreviation for URL Uniform Resource Locator

) – unified information resource index; a standardized string of characters indicating the location of a resource on the Internet. What's happened hosts

-filehosts -file in Windows (and other operating systems is used to associate (map) host names (nodes, servers, domains) with their).

name resolution What's happened IN(127.0.0.1), reserved for localhost, that is, for local.

File What's happened is a regular text file (without extension).

Disk address of the file What's happened:

-file in 95\98\M.E. – \WINDOWS\;

Windows NT\2000\ \ \ – \Windows\System32\drivers\etc\.

When an Internet user types the address ( Designed for use in the Global Network and for combining heterogeneous networks.) of any site (web page) and clicks Enter:

– the user’s browser checks What's happened-file, whether the entered name is the proper name of the computer ( localhost);

– if not, then the browser looks for the requested address (hostname) in the file What's happened;

– if a hostname is found, the browser accesses the corresponding hostspecified in What's happened-file;

– if the hostname is not found in the file What's happened , then the browser accesses ( DNS-cache);

– if a hostname is found in the cache, the browser accesses the corresponding host, saved in cache DNS;

– if the hostname is not found in the resolver cache DNS, the browser accesses DNS-server;

– if the requested web page (site) exists, DNS-server translates user-specified Designed for use in the Global Network and for combining heterogeneous networks.-address in ;

– The web browser loads the requested resource.

History of origin What's happened-file

#space.

# For example:

127.0.0.1 localhost

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

#space.

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a "#" symbol.

# For example:

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

Usage What's happened-file

What's happened-file can be used to speed up work on the Global Network and reduce traffic - due to reduced requests to DNS-server for frequently visited resources.

For example, you often download resources google.ru And google.com. Open the file What's happened and after the line127.0.0.1 localhost enter lines

209.85.229.104 google.ru

74.125.232.20 google.com

This will prevent the web browser from having to contact the server DNS, and immediately establish a connection to sites google.ru And google.com.

Sometimes What's happened-file is used to block unwanted resources (for example, those that send malware). To do this you need after the line 127.0.0.1 localhost enter string

127.0.0.1 URL_of_resource_blocked

The essence of this manipulation is that the blocked resource is mapped to127.0.0.1, which is the address of the local computer - so the unwanted resource will not be loaded.

Editing rules What's happened-file

1. Each element must be on a separate line.

2. must begin at the first position of the line and must be followed (on the same line) by its corresponding hostname.

3. and hostname must be separated by at least one space.

4. Comments must be preceded by the symbol # .

5. If comments are used in domain name matching strings, they must follow the host name and be separated by # .

Usage What's happened-file by virus writers

Attackers have long chosen What's happened-file, – with its help the real addresses of web resources are replaced on the infected one. After this, the web browser redirects the user to sites with malicious software, or, for example, blocks access to the sites of antivirus manufacturers.

Malicious disguises modification What's happened-file as follows:

– to make it difficult to detect lines added by a virus, they are written to the end of the file - after a large empty area formed as a result of repeated line translations;

– after that to the original What's happened-the file is assigned an attribute Hidden(by default, hidden files and folders are not visible);

– a false one is created What's happened- a file that, unlike a real file What's happened(without extension) has extension .txt(by default, extensions are not displayed for registered file types):

What's happened-file: how to eliminate the consequences of a virus attack

Open What's happened-file (if the virus installed the fileattribute Hidden, will be required in Folder properties enable option Show hidden files and folders) ;

– a window will appear -file in with a message "The following file could not be opened...";