What if the Hosts file in the Windows system is hijacked?

Source: Internet
Author: User
Tags file permissions

Hosts files hijacked, the Internet will be abnormal, not open the normal site, but also open the bad Web site.

1, the Hosts file is a file without an extension, the usual path in the C:windowssystem32driversetc folder.

The role of the file is to speed up the domain name resolution, especially the frequently visited Web site, users can configure the domain name and IP mapping relationship in the hosts, improve the speed of domain name resolution. Because of the mapping relationship, the input domain name computer can resolve the IP quickly without requesting a DNS server on the network. This shows that hosts permissions are higher than DNS server resolution. Because of this, they are often hijacked by viruses, trojans and bad programs.

2, screen site (domain redirection):

There are a lot of web sites without user consent to install a variety of plug-ins to the computer, some of which are Trojans or viruses. For these sites can take advantage of the Hosts file permissions, the site's domain name map to the wrong IP or local computer IP, so do not have to visit the bad site. In Windows systems, the Convention 127.0.0.1 as the IP address of the local computer, and 0.0.0.0 is the wrong IP address. The image below is a hijacked hosts file.

3. If, in hosts, write the following:

127.0.0.1 # to screen site A

0.0.0.0 # to screen the site B

In this way, when the computer resolves domain A and b, it resolves to the native IP or the wrong IP, and achieves the purpose of shielding the Web site A and B. The following figure is the modified Hosts file (shielding the bad Web site).

4, because the Hosts file is hidden files, if not found, you can display the system files, the steps are:

Start → control Panel → folder Options → view → remove "Hide protected operating system files" before the check, select "Hidden files and folders" → "Show All files and folders" → OK

5, different operating systems, the host may not be the same location. You can set up a batch file, double-click to open the Hosts file, to deal with it, so more convenient. The procedure is: Use the right mouse button click on the desktop space, in the pop-up menu select the new → text document

6, copy (CTRL + C) The following command, paste it (Ctrl + V) in the new Notepad. Notepad "%systemroot%system32driversetchosts" Ipconfig/flushdnsexit

7, file → Save as: hosts.bat→ Save

8, need to see the time, double-click the batch file can be viewed (garbled because of which there is Chinese).

9, if the Hosts file is hijacked, you can empty all the contents of the file, then paste a sentence:127.0.0.1 localhost Save as hidden file.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.