How to: Check and repair the Hosts file
Applies to: Microsoft Windows (all versions)
Your computer may have trouble accessing certain websites, or you are concerned that it may be displaying "fake" banking and other sites in order to steal your login details.
When you visit a web site using an address like "www.tech-pro.net" your web browser must first convert this "host name" to a numeric IP address like 188.8.131.52. Normally this is done by querying a special server called a DNS (Domain Name System) server. However, the first place the software looks to find the numeric address of a host is a file called the hosts file. This is a text file containing a list of host names and IP addresses. The hosts file exists principally to allow computers to be accessed by name on simple networks that don't have a DNS server. But because it is checked first, the hosts file can be used by malware to hijack browsers and other web applications so that they visit another server instead of the real one. Because it is so easy to do, it is a common exploit.
Checking the hosts file
- Open Windows Explorer
- Click on Tools, Folder Options, View tab
- Uncheck Hide Extensions for Known File Types
- Select Show hidden files and folders
- Click OK
- Navigate to \Windows\System32\Drivers\etc
- Open the file hosts (no extension) in Notepad (for example, right-click hosts and select Send To, Notepad)
- Verify that it looks like this:
The lines beginning with # are just comments, and their actual content is unimportant. The lines that cause names to be associated with IP addresses are the ones that do not start with #. Normally there is only one such line, which reads: 127.0.0.1 localhost.
Note that some anti-spyware packages may replace the hosts file with one containing other items. The only way to be sure if this is the case is to ask the publisher of the software. However, if in doubt, it is very unlikely that any harm would be done by replacing a modified hosts file with one containing the original contents.
Repairing the hosts file
If the hosts file contains more entries than the one for localhost, and especially if it contains host names that look like banking sites or other well-known sites, it is likely that the file has been altered by malware. In this case, you should restore the hosts file to its default state. If you have not already done so, you should run a good anti-virus or anti-spyware to remove the malware, otherwise when you repair the file it may be changed back at the next restart.
Since you already have Notepad open, you can simply edit the hosts file to delete all the unwanted entries, leaving only the one for localhost, as in the screenshot above.
- Download the file fixhosts.exe and save it to your desktop.
- Run the file fixhosts.exe (in Windows Vista, right-click the file and select Run as administrator)
- Accept all the warnings (including those from Vista User Access Control, if applicable.)
- Check that the hosts file has been updated by repeating the steps given above.
Upon completion of the check and repair, you may restore the "Hide Extensions for Known File Types" and "Show hidden files and folders" settings to their original state, if you wish.