How to: Check and repair the Hosts file

Applies to: Microsoft Windows (all versions)

Symptoms

Your computer may have trouble accessing certain websites, or you are concerned that it may be displaying "fake" banking and other sites in order to steal your login details.

Explanation

When you visit a web site using an address like "www.tech-pro.net" your web browser must first convert this "host name" to a numeric IP address like 64.22.81.112. Normally this is done by querying a special server called a DNS (Domain Name System) server. However, the first place the software looks to find the numeric address of a host is a file called the hosts file. This is a text file containing a list of host names and IP addresses. The hosts file exists principally to allow computers to be accessed by name on simple networks that don't have a DNS server. But because it is checked first, the hosts file can be used by malware to hijack browsers and other web applications so that they visit another server instead of the real one. Because it is so easy to do, it is a common exploit.

Solution

Checking the hosts file

Checking the hosts file in Windows XP

The lines beginning with # are just comments, and their actual content is unimportant. The lines that cause names to be associated with IP addresses are the ones that do not start with #. Normally there is only one such line, which reads: 127.0.0.1 localhost.

Note that some anti-spyware packages may replace the hosts file with one containing other items. The only way to be sure if this is the case is to ask the publisher of the software. However, if in doubt, it is very unlikely that any harm would be done by replacing a modified hosts file with one containing the original contents.

Repairing the hosts file

If the hosts file contains more entries than the one for localhost, and especially if it contains host names that look like banking sites or other well-known sites, it is likely that the file has been altered by malware. In this case, you should restore the hosts file to its default state. If you have not already done so, you should run a good anti-virus or anti-spyware to remove the malware, otherwise when you repair the file it may be changed back at the next restart.

Method 1

Since you already have Notepad open, you can simply edit the hosts file to delete all the unwanted entries, leaving only the one for localhost, as in the screenshot above.

Method 2

Restoring settings

Upon completion of the check and repair, you may restore the "Hide Extensions for Known File Types" and "Show hidden files and folders" settings to their original state, if you wish.