|
-
February 1st, 2007, 10:23 PM
#1
[RESOLVED] I cannot get google
Everytime I try to go to www.google.com I receive a dns error saying page not found. This strikes me as kind of odd, and I am wondering if some kind of "bug" has got me? I have scanned with Norton AV 2007 and I downloaded a virus removal tool from Grisoft (vcleaner.exe)and ran from safe mode as directed. Neither have come up with anything. Any help would be appreciated and if I have put this in wrong forum then please move . Thanks, and cheers
-
February 2nd, 2007, 08:58 AM
#2
Clear your browsers cache & cookies and try once more..
If still no success then do a file search for hosts on your computer (just hosts not hosts.sam or anything else) and open it with notepad and see if there are any references to google (or any other site/search engine/antivirus site). If so copy paste it into a post here and let us see it.
Then as a test try copy/pasting this into your browser address bar... 216.239.37.104 ..and see if that works.
Thirdly it is possible that some malware has hijacked your computer and is unsuccesfully trying to get you to use another search site (an altered hosts file would be a sign that this has happened). Have a look through this thread...
http://discussions.virtualdr.com/sho...d.php?t=167915
and do all of the things it suggests then copy the Hijackthis log into this thread and then we'll move it to the Hijack forum where one of our experts can have a look at it and advise further.
Pls make sure that hijackthis is installed into it's own permanent folder.. eg- C:/program files/hijackthis.
Vcleaner only works with a very limited number of viruses so it would not be a good tool to use unless you already knew you were specifically infected with one of them.
-
February 2nd, 2007, 12:02 PM
#3
Hi fink, Thanks for your response. I followed your advice and deleted cookies and TIF. tried again no luck. Found the hosts file and it looks like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 forums.techguy.org
127.0.0.1 www.castlecops.com
127.0.0.1 castlecops.com
127.0.0.1 www.microsoft.com
127.0.0.1 siri.urz.free.fr
127.0.0.1 www.majorgeeks.com
127.0.0.1 majorgeeks.com
127.0.0.1 www.spywareinfo.dk
127.0.0.1 spywareinfo.dk
127.0.0.1 www.superantispyware.com
127.0.0.1 superantispyware.com
127.0.0.1 www.compu-docs.com
127.0.0.1 compu-docs.com
127.0.0.1 www.pandasoftware.com
127.0.0.1 pandasoftware.com
127.0.0.1 download.bleepingcomputer.com
127.0.0.1 www.bleepingcomputer.com
127.0.0.1 bleepingcomputer.com
127.0.0.1 www.google.com
127.0.0.1 google.com
127.0.0.1 www.google.ca
127.0.0.1 google.ca
127.0.0.1 www.ewido.net
127.0.0.1 ewido.net
127.0.0.1 www.greyknight17.com
127.0.0.1 greyknight17.com
127.0.0.1 help.lockergnome.com
127.0.0.1 cleanup.stevengould.org
127.0.0.1 stevengould.org
127.0.0.1 www.tomcoyote.org
127.0.0.1 tomcoyote.org
127.0.0.1 www.depannetonpc.net
127.0.0.1 depannetonpc.net
127.0.0.1 www.wilderssecurity.com
127.0.0.1 wilderssecurity.com
I notice it does mention Google, as well as Anti virus sites. I typed in the ip address that you mentioned and was able to get into google. Followed the link you gave and followed the advice there. none of the scans i ran found anything. Downloaded Hijack this and ran it, results as follows:
Logfile of HijackThis v1.99.1
Scan saved at 7:53:31 AM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SYS
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com...veXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167461531421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167841730359
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
thanks for your help hope this info can aid in any suggestions you may have. Cheers
-
February 2nd, 2007, 01:03 PM
#4
I think you must have been infected with something for your Hosts file to be set like that, so I'll move this over to the specialist HJT log forum
Nick.
-
February 2nd, 2007, 01:11 PM
#5
-
February 2nd, 2007, 03:22 PM
#6
Radar1--In the mean time, you should delete all entries in that HOSTS file after 127.0.0.1 localhost and click Save. With luck it will not be re-created and you should be able to access all the sites mentioned. Of course, whatever malware installed those entries in the first place, may just put them all back.
Jim
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
-
February 2nd, 2007, 10:03 PM
#7
Welshjim, I have deleted the entries after 127.0.0.1 as per your suggestion. So far so good as i am able to get to www.google.com or www.google.ca .Hopefully this has got it solved, Thanks for your help!
-
February 2nd, 2007, 10:59 PM
#8
Hi Radar, looks like the party started without me. Your log is clean, although there are a couple of entries you can remove. Run HJT again and check the boxes next to the following items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Unless you set this deliberately with Spybot Search and Destroy or similar program, remove this one also:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
With your browser window(s) closed, click fix checked.
-----------
If the original problem with the host file returns, post back and we'll replace it with the "armored" version.
-
February 3rd, 2007, 02:52 AM
#9
lgbpop, Thanks, I will do as you suggest and hope that the armored version is not required.
-
February 3rd, 2007, 02:57 PM
#10
Radar1--Armoring the HOSTS file is no big deal. Scroll about 60% down this page (to "Locking the HOSTS file")
http://mvps.org/winhelp2002/hostsfaq.htm#Locking
for two .bat files. (One to lock, the other to unlock.)
The only problem is the few seconds it takes to lock and unlock--but it is pretty simple. You just click the appropriate .bat file. (You will want to unlock to make any changes you want to make.)
Similar tools are in Spybot S&D and ZoneAlarm.
Jim
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
-
February 3rd, 2007, 03:07 PM
#11
That's not what I meant, but it may be helpful too.
If you have any problem, Radar1, please post back and we'll go from there.
-
February 3rd, 2007, 11:50 PM
#12
Thanks to all of you, the problem seems to be resolved (touch wood). Thanks again folks for your assistance it is most appreciated!
-
February 4th, 2007, 03:08 PM
#13
Radar1--You are welcome for whatever small amount of help I have been.
BTW--I do not lock my HOSTS file. But I do have a backup copy created by SpywareBlaster (HOSTS Safe) if I ever needed to replace a hijacked version.
lgbpop--I would like to learn your method for armoring HOSTS.
Jim
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
-
February 4th, 2007, 04:11 PM
#14
Not armoring a host file, an "armored" host file. A free download with scores of malware sites ready to be blocked. About the most comprehensive one I've come across.
-
February 4th, 2007, 08:13 PM
#15
lgbpop--Thanks.
Yes, that is a good site (and the Hosts.zip file very easy to use), but unless the site that hijacked Radar1's HOSTS file is on it, I am not sure it will prevent reoccurence of problems such as Radar 1 experienced. And viruses, etc., can be spread by means other than surfing the web.
Jim
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|