Changes to the Hosts file in the operating room Windows system may cause problems installing, updating and launching games. The Hosts file is a Windows system file that takes precedence over DNS that redirects URLs or IP addresses. Typically, the average user does not need to make changes to this file.

Checking a file for changes

1. Press the keyboard shortcut Windows + R.
2. Enter OK.
3. Open up Hosts file using a text editor such as Notepad. This file does not have a specific extension.
4. Compare the content of your file with the Microsoft-assigned default content below. If the content is different, then it has been changed. Remove all lines that contain Blizzard URLs.
5. Save the file.

Note: if the content of the Hosts file has been changed, run a virus scan. Malicious programs can modify the contents of the file to redirect connections from your computer to malicious sites.

Common changes that cause problems

Here are examples of the most common changes affecting Blizzard games. If you find these lines in your Hosts file, remove them:

• 127.0.0.1 eu.actual.battle.net
• 127.0.0.1 us.actual.battle.net
• 127.0.0.1 enGB.nydus.battle.net

Restoring the default settings assigned by Microsoft for the Hosts file

To restore the default settings for the Hosts file, follow these steps:

1. Press the keyboard shortcut Windows + R.
2. Enter notepad in the Run window.
3. Click on OK.
4. Copy the following text into Notepad: # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # :: 1 localhost
5. On the menu File select an option Save as, enter "hosts" (including quotes) in the line File name, and then save the file to your Desktop.
6. Press the keyboard shortcut again Windows + R.
7. Enter % WinDir% \ System32 \ Drivers \ Etc in the Run window and click OK.
8. Rename the Hosts file to "Hosts.old".
9. Copy or move the Hosts file you created from the Desktop to the% WinDir% \ System32 \ Drivers \ Etc folder. If you are prompted for an administrator password, click Continue.

The hosts file is a rather vulnerable part of the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer.
The task of this file is to store a list of domains and their corresponding ip-addresses. The operating system uses this list to translate domains to ip addresses and vice versa.

Every time you enter the address you need a site into the address bar of your browser, a request is made to convert the domain to an ip-address. This translation is currently performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.
Even now, this file has a direct impact on the conversion of symbolic names. If you add an entry in the hosts file that will associate an ip-address with a domain, then such an entry will work fine. This is exactly what developers of viruses, Trojans and others use. malware.

As for the file structure, then hosts file it is a plain text file without an extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual Notepad text editor.

The standard hosts file consists of several lines that begin with a "#" character. Such lines are ignored by the operating system and are simply comments.

Also in the standard hosts file there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.

Hosts file fraud

There are two classic ways to benefit from making changes to the hosts file. First, it can be used to block access to websites and servers of anti-virus programs.

For example, after infecting a computer, the virus addsin the hosts file the following entry: "127.0.0.1 kaspersky.com". When trying to open the kaspersky.com website operating system will connect to ip address 127.0.0.1. Naturally, this is the wrong ip address. This leads to access to this site is completely blocked.As a result, the user of the infected computer cannot download the anti-virus or anti-virus database updates.

In addition, virus developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.

For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the ip-address of the attacker's server. As a result, when trying to go to a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can get logins, passwords and other personal information user.

So in case of any suspicion of a virus infection or site spoofing, the first thing to do is to check the HOSTS file.

The malicious software masks the modification of the hosts file as follows:

To make it difficult to detect lines added by a virus, they are written to the end of the file.

After a long empty area formed as a result of multiple newlines;

After that, the Hidden attribute is assigned to the original hosts file (by default, hidden files and folders are not visible);

A false hosts file is created, which, unlike the real hosts file (which does not have an extension), has the .txt extension (by default, extensions are not displayed for registered file types):

Where is the hosts file

Depending on the version of the operating system Windows file hosts can be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7 or Windows 8, then the file is located in the folderWINDOWS \ system32 \ drivers \ etc \

In Windows NT and Windows 2000 operating systems, this file is located in the folder WINNT \ system32 \ drivers \ etc \

Editing the hosts file

You can edit the file hosts and in Notepad, delete unnecessary lines, or add your own.
In order to edit the hosts file, you need to launch notepad in Administrator mode, and then open the file C: \ Windows \ System32 \ drivers \ etc \ hosts in it.

How to clean the hosts file

So, point by point.

Push "Start".

We choose "All programs".

Then we select the item "Standard".

On the "Notepad" item, click right click the mouse and select the item "Run as administrator".

In the notepad window that opens, select the File menu, then the item "Open..."

In the window that opens, select "Computer" on the left side of the window.

Then open the disc WITH:.

Windows directory.

System32 directory.

The drivers directory.

Directory etc.

When you open the etc directory, you will have an empty directory. In the lower right corner of the window, select "All files".

Select the hosts file and click the button "Open".

Make sure you have the required content: first there are explanatory comments from Microsoft about what the file is and how to use it. Then there are some examples of how to enter the various commands. All this is a simple text and it does not carry any functions! We skip it and reach the end. Then the commands themselves should go. Unlike comments (i.e. plain text), they must begin with not with a "#", but with specific digits representing the ip address.

Any commands that appear in your hosts file after the following lines can be malicious:

• On Windows XP: 127.0.0.1 localhost
• On Windows Vista: :: 1 localhost
• On Windows 7/8: # :: 1 localhost

As you can see, host files differ slightly on different operating systems.

In order not to clean anything superfluous, you need to know how commands are decrypted. There is nothing complicated here. At the beginning of each command comes digital ip address, then (separated by a space) the corresponding letter Domain name, and after it there may be a small a comment after the "#" sign.

Remember! All commands starting with with digits 127.0.0.1(with the exception of, 127.0.0.1 localhos t) block access to various sites and internet services. For which ones, see the next column after these numbers.
Commands having at the beginning any other numbers ip-addresses, redirect(redirect) to fraudulent sites instead of official ones. What sites you have changed for fraudulent, also look in each column following these numbers.
This way, it shouldn't be difficult to guess which commands in your host file are malicious! If, nevertheless, something is not clear - look at the screenshot below.

Consider another such moment. Many viral commands by cunning Internet intruders can be hidden far at the very bottom of the file, so don't be too lazy to scroll down to the bottom of the slider!

After you have done the "cleanup", do not forget to save all changes ( "File" --> "Save"). If you opened the hosts file from the Notepad program itself, while saving the changes, in the column "File type" be sure to choose an option "All files", otherwise notepad will only do it instead of saving it in the hosts file a text copy of hosts.txt which is not system file and does not perform any functions!

After successfully saving, do not forget to restart your computer.

How to block sites in hosts

So, the hosts file is already open and you can see that it is built in the form of an ordinary text document.

At the beginning, you will see comments (ordinary text that does not carry any functionality) starting with the symbol "#" ... They may be followed by some functional commands prescribed by the system.

But we don't need them. We skip them and reach the very end of the document. We make an indent. And now, here, you can already register the commands we need!

When you are finished with the file, open the File menu, select "Save".

To understand how to correctly enter commands for blocking web resources, you need to know that each PC has its own so-called. loopback address that sends any request back to itself. For any computers running Windows, Linux or Mac systems, this address is always the same - 127.0.0.1 ... Here, with the help of just this ip-address, you can block any request to an unwanted site so that it is directed not to the requested resource, but about back to the local computer.

This command in hosts is written as follows: " 127.0.0.1 name of the blocked domain ". Here, real examples: 127.0.0.1 mega-porno.ru, 127.0.0.1 odnoklassniki.ru, 127.0.0.1 vk.com etc.

That's all. Access to all unwanted sites is now securely blocked. The main thing, after the changes made, is to re-save the hosts file! Detailed instructions see above.

Recovering the hosts file after a virus infection

As already mentioned, today a large number of malicious programs use the file hosts to block access to websites of popular portals or social networks. Often, instead of blocking websites, malware redirects the user to pages that look similar to popular resources (social networks, email services, etc.), where an inattentive user enters credentials, which thus get to the attackers.
If the file contains records like 127.0.0.1 odnoklassniki.ru 127.0.0.1 vkontakte.ru or the addresses of your sites that you cannot access, then first check your computer for "malware", and then restore the file hosts

Many hacked users are interested in where you can download the hosts file. However, there is no need to search and download the original hosts file. You can fix it yourself, for this you need to open text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update your antivirus.

Let's take a closer look at the process of restoring the hosts file:

1. Open the folder where the file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press the key combination Windows + R to open the menu "Run"... In the window that opens, enter the command "% Systemroot% \ system32 \ drivers \ etc"and click OK.

2. After that, a folder will open in front of you in which the hosts file is located.

3. Next, you need to do backup the current file. In case something goes wrong. If the hosts file exists, then simply rename it hosts.old. If the hosts file does not exist at all in this folder, then you can skip this item.

4.Create a new empty hosts file. To do this, right-click in the etc folder and select the item"Create Text Document»

5. When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without the extension. Close the warning window by clicking OK.

6. After the new hosts file is created, you can edit it. To do this, open the file using Notepad.

7. Depending on the version of the operating system, the contents of the standard hosts file may differ.

This is how all, without exception, "clean" hosts files should look like.

Note!

• For Windows XP and Windows Server 2003, add "127.0.0.1 localhost"

• Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and ":: 1 localhost"

If you ever find missing or unnecessary records in such a file, it is better to delete them as soon as possible. Moreover, if they were not made by you or without your consent. Most likely, this is the result of viruses!

Restoring the default hosts file in Windows 7: Copy the text below to the file.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# :: 1 localhost

Save and close the file.

Hello everyone!!! I promise to tell you now a very interesting and useful topic about how you can block or unblock access to such social. networks like Vkontakte and Odnoklassniki.
There are cases when a user does not suspect that his computer has been infected with a virus and access to all his favorite sites, such as Vkontakte, Odnoklassniki, or sites of antivirus publishers have been blocked. In most cases, a window appears on the computer of such a user, where it is proposed to send only a paid SMS to restore access to a favorite site, and sometimes access to a favorite site is simply blocked without any extortion of money and restoration of access.
What to do in this case? How to regain access to your favorite site?

○ first, you need not to panic and in no case send SMS.

○ scan your computer for viruses.

○ clear browser cache, cookie (for Google chrome: configuring and managing Google Chrome => Tools => Deleting browsing data ... ).

○ clear the contents of the hosts file. Here, from this place I will tell you in more detail.

There is way to unblock access to your favorite sites through clearing the hosts file, but cleaning the hosts file will be of little effect if you do not clean your computer from viruses.
So, file cleaning is necessary when the user cannot access the sites Vkontakte, Odnoklassniki and sites of well-known antivirus publishers, etc.

Let's start modifying the hosts file.

one). Open the hosts file.

☻ If your computer has an operating system installed on drive "C", then the path to the hosts file will be as follows:

Find in the folder "etc" hosts file, and open this file with the program "Notebook"

☻ you can open the hosts file in another quick way.

=> for windows 7:

Start => All Programs => Accessories => Run

=> for windows XP

Start => Run

=> or press hotkeys "WIN + R".

You will see such a window as in the image below, where you need to enter or copy into the field "Open" Here is the line:

Click on the "OK" button.
Next, a text notepad will open - this will be your hosts file.

modified hosts file by virus

I circled in red the place to which you need to pay attention: if any sites are registered here (for example, "VKontakte", "Odnoklassniki" or any other), then they are blocked for you, therefore you cannot go to these sites.

2). Change the hosts file to standard content by doing the following:

☻ clear the contents of the old hosts file;

☻ copy the ready-made standard sample, which corresponds to your operating system, and paste it into a clean hosts file.

I give you ready-made standard samples of the hosts file for windows7 / XP / Vista systems.

☼ Sample hosts file for Windows 7

# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # :: 1 localhost

☼ Sample hosts file for Windows XP

# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost

☼ Sample hosts file for Windows Vista.

# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP / IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost :: 1 localhost

Save the file.

3). The picture below shows what a standard non-infected hosts file should look like:

standard hosts file

No site is currently being blocked. If the file is opened in this form, then you have free access to all your favorite sites.

If you saved the modified hosts file, tried to open blocked sites, but there are still no changes, then a virus lives and actively operates in the system, which checks the contents of the hosts file. You need to find the virus and destroy it with an antivirus program or manually if you have experience and knowledge.

♦ Attention! There are times when, on the contrary, you need to block access to certain sites (for example, parents do not want their child to visit Odnoklassniki). To do this, you again need to resort to the hosts file.

In order to block the necessary sites, the hosts file must be changed with a virus in the following way:

register these lines, where opposite the numbers write the site you need. For instance:

127.0.0.1 vk.com
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 odnoklassniki.ru
each line "127.0.0.1 site address" blocks access to a specific site, except for "127.0.0.1 localhost".

Now, now you know how to unblock or block websites via clearing the hosts file.

♦ Attention: it may also happen that changes to the hosts file are still not saved, even if you cleaned the viruses. So the problem needs to be fixed in this way:

○ right-click on the hosts file and in the window that opens, click on "Properties".

○ in the Properties window on the tab "General" uncheck the attribute "Only reading".

○ click on the "OK" button.

After you have corrected this attribute, you will have to repeat all the procedures for editing the hosts file, i.e. go through all the points from the beginning to unblock sites or to block.

If, after the operations performed, you cannot save the file in Windows 7, Windows Vista and Windows XP, then try running Notepad as Administrator and editing the file.

Let's say you went to the folder C: \ WINDOWS \ system32 \ drivers \ etc, but you didn't find the hosts file there. What to do?

The hosts file may just have been hidden from your view.
If you are running Windows XP, then do the following so that invisible files are displayed:

○ open folder "etc" "Service" => "Folder properties".

○ Go to the tab "View".
Uncheck the box next to the following items:

- "Hide protected system files"
- "Hide extensions for registered file types"
Now push the switch "Show hidden files and folders".

○ Click on the "OK" button.

If you are running Windows 7, then do the following:

○ open folder "etc", in the window that opens, click on the tab "Arrange" => Folder and Search Options .

○ Go to the tab "View".
Now push the switch "Show hidden files, folders and drives".
Click the "OK" button.

Now hidden file hosts is visible for fix.

Also you can try to press hotkeys "WIN + R", and in the field "Open" insert this line:

Notepad% windir% \ system32 \ drivers \ etc \ hosts

If after the above steps there is no hosts file, then create it.

Create hosts file.

How do I create a hosts file?

○ Go to the folder "etc", along the way C: \ WINDOWS \ system32 \ drivers \ etc.

○ right-click on an empty space inside the folder "etc"

○ will open context menu... Please select "New" => "Text Document" .

○ you will have a file named "Text document.txt" .

○ remove the complete name along with the file extension and write simply hosts. In the request to change the extension, click on the "Yes" button.

That's all. Your computer is no longer blocking the Vkontakte site, classmates or other favorite sites. It is worth noting

Regards WebMasterok2009

Did you like the post? Help others learn about this article by clicking on the social media button ↓↓↓

Get Blog Updates !!! Subscribe:

Very often, or after a virus attack, after which, for example, social network to restore access to your page, or after unsuccessful editing, you have to restore the default content. To do this, you need to know what is the content of the original hosts file. The situation is complicated by the fact that in each operating system from Microsoft, it is different, although the basic remains the same. Below is the original contents of the hosts file for some of the now popular Windows operating systems, which I will list in descending order of popularity (personally, I believe that the most popular system Is the most new system... Who thinks that Windows XP is immortal, and Windows 7 is the best creation of Microsoft, I think people are lagging behind in development. I do not want to offend anyone, I will only be glad to hear that I am wrong).

For those who don't know, the Hosts file is used to translate domain names to network names. More details about this file are written in the article, the link to which I gave just above.

Original Hosts in Windows 8

#

#




# space.
#


#
# For example:
#
# 102.54.94.97 rhino.acme.com #source server
# 38.25.63.10 x.acme.com #x client host

# 127.0.0.1 localhost
#: 1 localhost
127.0.0.1 localhost

Original Hosts file in Windows 7

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
#: 1 localhost

Original Hosts File in Windows Vista

# Copyright © 1993–2006 Microsoft Corp.
#

#




# space.
#


#
# For example:
#


127.0.0.1 localhost: 1 localhost

Original Hosts in Windows XP

# Copyright © 1993–1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

Using the templates provided, you can easily replace the current content of the Hosts file with its original content. In addition to the above files, I would like to clarify a little what is what. The main content of the original Windows Hosts file is the commented English manual for using the Hosts file. In addition to describing the functionality of the Hosts file, there are also various examples of using it for its intended purpose. And if you still have not figured out where the comments are, and where the functional part of this file is, then get acquainted: the sign # is a special character that means that everything on the given line after this character is comments. And this means that in almost all original Hosts files, the working part is really the working part - this is the last line indicating the loopback interface, which is one of and indicate the computer itself. And on this basis, you can completely remove all comments from the Hosts file without losing its functionality. That is why the title of the article is - Original hosts file in Windows, but not Correct Hosts for Windows... After all, the correct Hosts file will be any beleberd like this:

# Before you is the most correct of all
# the most correct Hosts files, which
# ever existed on computers
# on which it was ever installed
# operating system from a known
# Microsoft Corporation!
127.0.0.1 localhost
# As you can see, comments are everywhere!
# And here,
# and there. But from this the hosts file
# doesn't get wrong!

Using this file, you can establish a mapping between domain names and their IP addresses. In the general case, this correspondence is determined by the DNS service (server), but if this service needs to be "bypassed", that is, to set a non-standard (sometimes useful, and sometimes harmful) match, then they resort to setting it in the hosts file. This system object appeared with the advent of the Internet, before DNS existed, and was the only way for Windows to map the symbolic name of a site to its physical network address.

File format

This file is a system file and is located in system partition drive in the Windows \ System32 \ drivers \ etc \ folder. By its format, it is a plain text file named hosts, but without the name extension. It consists of lines of text and can be edited by any text editor. Each of its lines can be either a comment (in this case, its first character is #), or a match, having the format <имя домена>... There must be one or more spaces between the address and the name. For example, line 102.54.81.91 rh.com binds host rh.com to its address 102.54.81.91. During its Windows installations 7 generates the standard content of this document, which looks like:

How to restore hosts

Sometimes a situation may arise when you want to restore the initial state of this file. It can arise either after its accidental deletion or distortion, or as a result of the influence of malware. It should be said right away that to access this file (including when restoring it), you need administrator rights. Its content can be generated manually in a text editor or downloaded from the Internet.

Editing a file

Of course, in order to edit hosts, you need to have administrator rights. You can edit it with any text editor. As an example, we will use the standard Notepad, which is always installed in Windows 7. You can start it in two ways - from command line and by calling Notepad directly:

After any changes to this document, be sure to reboot, otherwise its new content will not be known to Windows 7, since it becomes known only during the reboot.

Benefits and harms of changing hosts

Useful changes to this file can be considered, for example, the following:

• Setting the correspondence between the IP address and the domain in order to speed up access to the site by bypassing the DNS server.
• Changes to block access to a specific site, for example, to block Windows authentication or the availability of program updates. To do this, 127.0.0.1 is specified as the IP address, which the operating system perceives as a call to this computer rather than a real site.
• Changes to "advertise" this computer local server, since the DNS service knows nothing about it. Of course, the IP address must be static for this.

Hosts are a prime target for most malware. There are two main, one might say "classic" methods of modifying this file, which are used by cybercriminals in order to take advantage of this. These are the changes:

• Blocking access to the servers of anti-virus programs to prevent the computer from downloading such a program or updating the virus syndrome databases. For example, if a line like "127.0.0.1 esetnod32.ru" appears in hosts as a result of a virus or trojan, then any attempts to enter the site with this antivirus will be blocked.
• Replacing the real address of the site registered on the DNS server with a fake one. Suppose a malicious application that has penetrated a computer writes in this file the line "91.81.71.61 vk.com", where the address of the computer of the author of this program is set. This is done with the goal of trying to enter everyone's favorite site, leading to a call to the attacker's server, whose interface completely repeats its real counterpart, but is used to collect confidential information about site users, for example, their logins and passwords.

Therefore, if you suspect the presence of viruses in the system, you should first check the status of this file, and that is why many antivirus software tirelessly monitor its status and notify the user of all attempts to change it.