What if the Hosts file in the Windows system is hijacked?

Hosts files hijacked, the Internet will be abnormal, not open the normal site, but also open the bad Web site.

1, the Hosts file is a file without an extension, the usual path in the C:windowssystem32driversetc folder.

The role of the file is to speed up the domain name resolution, especially the frequently visited Web site, users can configure the domain name and IP mapping relationship in the hosts, improve the speed of domain name resolution. Because of the mapping relationship, the input domain name computer can resolve the IP quickly without requesting a DNS server on the network. This shows that hosts permissions are higher than DNS server resolution. Because of this, they are often hijacked by viruses, trojans and bad programs.

2, screen site (domain redirection):

There are a lot of web sites without user consent to install a variety of plug-ins to the computer, some of which are Trojans or viruses. For these sites can take advantage of the Hosts file permissions, the site's domain name map to the wrong IP or local computer IP, so do not have to visit the bad site. In Windows systems, the Convention 127.0.0.1 as the IP address of the local computer, and 0.0.0.0 is the wrong IP address. The image below is a hijacked hosts file.

3. If, in hosts, write the following:

127.0.0.1 # to screen site A

0.0.0.0 # to screen the site B

In this way, when the computer resolves domain A and b, it resolves to the native IP or the wrong IP, and achieves the purpose of shielding the Web site A and B. The following figure is the modified Hosts file (shielding the bad Web site).

4, because the Hosts file is hidden files, if not found, you can display the system files, the steps are:

Start → control Panel → folder Options → view → remove "Hide protected operating system files" before the check, select "Hidden files and folders" → "Show All files and folders" → OK

5, different operating systems, the host may not be the same location. You can set up a batch file, double-click to open the Hosts file, to deal with it, so more convenient. The procedure is: Use the right mouse button click on the desktop space, in the pop-up menu select the new → text document

6, copy (CTRL + C) The following command, paste it (Ctrl + V) in the new Notepad. Notepad "%systemroot%system32driversetchosts" Ipconfig/flushdnsexit

7, file → Save as: hosts.bat→ Save

8, need to see the time, double-click the batch file can be viewed (garbled because of which there is Chinese).

9, if the Hosts file is hijacked, you can empty all the contents of the file, then paste a sentence:127.0.0.1 localhost Save as hidden file.