Custom Search

Resolved Can't load Google.com but can load every other website?

Discussion in 'Am I infected? What do I do?' started by inTHEsane, Feb 18, 2012.

Thread Status:
Not open for further replies.
  1. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7
    Hello, this is my first post, and I figured I would see if anyone here may be able to help me with a problem I have had recently on my new laptop. The initial Norton ran out, and I wasn't downloading anything new that I know of, but out of the blue, I can not load www google com in any browser. I can load any other site, I can even load mail google com but nothing on www google com. It just says page can not be displayed as if I typed in a wrong address in the toolbar. I have tried running Malware Bytes, no luck, a svchost exe warning comes up on the computer now every so often and I hit quarantine, but it doesn't go away for good, nor does the problem with google com. I have tried a few of the fixes I found online but nothing so far. Any idea if the svchost thing is related, either way if you know how to fix that would be helpful as well. Appreciate the help, and helping others in the future!
  2. Makcalable I Only Know What I Know

    Message Count:
    8,532
    Likes Received:
    1,041
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    (Thread moved to Am I infected? What do I do forum)

    Hi inTHEsane welcome to fixitwizkid.com :wink:

    Can you tell us more about the svhost.exe error you have been receiving?

    It is important that you remove Google Redirect virus as soon as possible If this is what you have..... To remove Google Redirect Virus..........

    Click on Start > Run > Type in "devmgmt.msc" and Click on OK. This will open the Device Manager, In the Device Manager Click on View > Show Hidden Devices.

    Expand all the devices by click on the "Plus" sign. Now try to find "TDSSserv.sys" Right Click & Disable. Do not uninstall.

    If you do not find the TDSSser.sys continue with the guides below regardless!



    Also from what you have said it does seem like you have been infected with a virus of some sort if not the Google Redirect Virus so I am going to suggest you follow the guides carefully from the links provided below and then when completed the guides can you please post the Scan Logs here please....?

    • Also if your AV Software has expired then please uninstall and then Install one of the free Anti Virus Softwares from the first Guide......


    Guide 1 = http://fixitwizkid.com/threads/do-you-think-you-have-malware-virus.144/
    Guide 2 = http://fixitwizkid.com/threads/kaspersky-tdsskiller-roots-out-rootkits.2231/
    Guide 3 = http://fixitwizkid.com/threads/removing-viruses-and-malware-using-superantispyware.6283/


    • It is important that you follow the guides as instructed to ensure the proper removal and clean up and so we can view your logs to find out more.


    • At this point from the Elevated Command line run and execute the following;

    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns


    In your next post please post all errors you have received and your Scan Logs please :wink:
  3. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7
    Thanks for such a quick response.

    I went to device manager and tried finding the TDSSser you mentioned but as far as I can tell it's not there.
    I am not sure if I have the Google Redirect Virus, because it does not redirect anywhere. I had a virus like that
    once before on another computer that would redirect to weird/crappy search engines, or just other websites all together.
    I managed to get rid of that one, but this one seems different. It's like google is being blocked solely.

    As far as the svchost exe, almost once a day, was twice the last two days, for the past two weeks or so now,
    Malware Bytes will find a c windows svchost.exe file and then I quarantine it. Just delete all in the quarantine again
    from the last week, but it seems like it always comes back, will see what happens today. Thanks for the links to your
    guides hopefully they will help but want to reply back with some more insight, in case it helps you... help me... :help:
    Much appreciated - inTHEsane
  4. Makcalable I Only Know What I Know

    Message Count:
    8,532
    Likes Received:
    1,041
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1

    Ok well it comes back because most likely your AV is no longer working at full potential as you stated it is not updating any more (expired) :wink:

    Everything will be fine, you just need to follow the guides as exactly instructed within in them and these must be completed too to ensure a successful removal and clean up.

    Once complete please post your Scanning Log Results here :wink:
  5. TazDevilLooney Admin

    Message Count:
    4,205
    Likes Received:
    612
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    Locate your hosts file C:\Windows\System32\drivers\etc\hosts

    Open it with notepad and can you paste the contents here.:happy:
  6. NBK*Twitch Person Of All Kinds

    Message Count:
    3,225
    Likes Received:
    396
    Trophy Points:
    101
    Operating System:
    Windows 7 & Opensuse 12.1
    Just to be sure you don't have google blocked lets check your hosts file.

    It is located in C:\Windows\system32\drivers\etc

    Right click the hosts file and choose open with. Open the file with notepad and copy&paste whatever is in the file here.

    Edit : Darn taz beat me to it
  7. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7

    I had read something on another forum that detailed checking this file and seeing if there was anything in it.
    However when I go to that directory or the system64 directory the only files i see in there are

    lmhosts.sam
    networks
    protocol
    services
  8. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7
    I replied to taz as well but if you beat him to it check out my last post. I am not sure if the file is hidden, or non existent? Seems like whenever I find anyone giving advice to check that file, whoever is asking has the closest issue to mine as I can find.
  9. NBK*Twitch Person Of All Kinds

    Message Count:
    3,225
    Likes Received:
    396
    Trophy Points:
    101
    Operating System:
    Windows 7 & Opensuse 12.1
    Okay try doing this to see if it is hidden.

    Open Control Panel > Appearance and Personalization > Folder Options

    Click the view tab and click the button for "Show hidden files" . Then go back to the etc folder and see if the hosts file is now showing.
  10. Makcalable I Only Know What I Know

    Message Count:
    8,532
    Likes Received:
    1,041
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    You don't need to show all files and folders to view this folder just need to paste into the explorer address bar and then open with Notepad then save it.

    Also you might be best going through the guides and other methods first just so we can see if you have been infected and what with :wink:
  11. TazDevilLooney Admin

    Message Count:
    4,205
    Likes Received:
    612
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    Your hosts file is hidden? :thinking: I smell a rat :whistle:

    Capture-rat.PNG
  12. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7

    Thanks been a few operating systems since I've really had to try to "show hidden files" had a good track record of virus or anything free
    for years. Anyways, no luck I clicked it and nothing is showing still.





    I tried typing it in the address bar, both before and after I had the hidden files shown, and no luck with that either Windows can't find....

    I am currently going threw the guides as you suggested, just the first step of the first guide involves a full system scan in MalwareBytes,
    which it is currently 154,XXX files and 33 minutes deep into, so far O objects detected. Will keep you posted on that as it goes.



    In the meantime anymore suggestions as to why I'm having the problem with google com and why I can't find this hosts file feel free to input.
    Makcalable likes this.
  13. Makcalable I Only Know What I Know

    Message Count:
    8,532
    Likes Received:
    1,041
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    Ok let the scans finish and then regarding your Host file see here to reset it http://support.microsoft.com/kb/972034


    Host file should look something like this

    Code:
    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97    rhino.acme.com          # source server
    #      38.25.63.10    x.acme.com              # x client host
     
    # localhost name resolution is handle within DNS itself.
    #      127.0.0.1      localhost
    #      ::1            localhost


    EDIT


    I trust your Scans are being done in Safe Mode?
    TazDevilLooney likes this.
  14. TazDevilLooney Admin

    Message Count:
    4,205
    Likes Received:
    612
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    Unzip and copy this file to the correct location C:\Windows\System32\drivers\etc\


    Edit : Just beat me Makcalable :happy:

    Attached Files:

  15. androidz Well-Known Member

    Message Count:
    235
    Likes Received:
    42
    Trophy Points:
    46
    Operating System:
    Windows XP, Windows Vista, Windows 7, Ubuntu 12.10
    If you're still having trouble opening your hosts file. try pinging Google.com if the IP address that's returned is 127.0.0.1 (localhost, meaning it's bad news) if not then post us the IP address returned so we could verify that it indeed is a Google IP address that you're getting.
    Makcalable likes this.
  16. Makcalable I Only Know What I Know

    Message Count:
    8,532
    Likes Received:
    1,041
    Trophy Points:
    131
    Operating System:
    Windows 7 Ultimate X64 SP1
    Just following on from androidz comment, should you get 127.0.0.1 then of course that wouldn't be a good result :happy:

    To Ping Google just simply open command prompt and type in ping google.com and then hit enter for the result.

    1.png

    2.png





    Don't forget to post the scan log results too just so we can take look at anything that may be causing you grief :wink:
    androidz likes this.
  17. androidz Well-Known Member

    Message Count:
    235
    Likes Received:
    42
    Trophy Points:
    46
    Operating System:
    Windows XP, Windows Vista, Windows 7, Ubuntu 12.10
    :duh: I totally forgot to put in how to do a ping. Just goes to show, more heads are better than one -- and I've got only have of one, it seems. :happy:
    Makcalable likes this.
  18. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7
    alright well i ran the fix it on the microsoft website that you sent me to.
    it seems like now it connects with google for a second now only to end up not loading again.

    here is the log from my last scan

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.17.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    [administrator]

    Protection: Enabled

    2/18/2012 11:21:03 AM
    mbam-log-2012-02-18 (17-01-31).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 561623
    Time elapsed: 1 hour(s), 47 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    C:\Users\777\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> No action taken.

    (end)
  19. inTHEsane Member

    Message Count:
    14
    Likes Received:
    2
    Trophy Points:
    6
    Operating System:
    Win 7
    Ohh and also I just typed in the ping into a cmd prompt from that directory and I didn't get the 127.0... mentioned above, but here is what I got from pinging google.com and yahoo.com.


    Pinging google.com [72.14.204.100] with 32 bytes of data:
    Reply from 72.14.204.100: bytes=32 time=51ms TTL=55
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 72.14.204.100:
    Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 51ms, Average = 51ms

    C:\Windows\System32>ping yahoo.com

    Pinging yahoo.com [98.139.127.62] with 32 bytes of data:
    Reply from 98.139.127.62: bytes=32 time=560ms TTL=44
    Reply from 98.139.127.62: bytes=32 time=204ms TTL=44
    Reply from 98.139.127.62: bytes=32 time=703ms TTL=44
    Reply from 98.139.127.62: bytes=32 time=348ms TTL=44

    Ping statistics for 98.139.127.62:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 204ms, Maximum = 703ms, Average = 453ms

    C:\Windows\System32>

    C:\Windows\System32>ping google.com

    Pinging google.com [72.14.204.102] with 32 bytes of data:
    Reply from 72.14.204.102: bytes=32 time=54ms TTL=55
    Reply from 72.14.204.102: bytes=32 time=51ms TTL=55
    Reply from 72.14.204.102: bytes=32 time=53ms TTL=55
    Reply from 72.14.204.102: bytes=32 time=51ms TTL=55

    Ping statistics for 72.14.204.102:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 54ms, Average = 52ms
  20. androidz Well-Known Member

    Message Count:
    235
    Likes Received:
    42
    Trophy Points:
    46
    Operating System:
    Windows XP, Windows Vista, Windows 7, Ubuntu 12.10
    That there might mean you have a zombie in your machine. I'd be highly suspicious if your machine is opening and closing a lot of ports. Also, have you tried pinging Google.com? I want to know if you're being redirected and/or being phished. The timeouts for Google could be a symptom of a proxy timing out. Please check the IP addresses if you've pinged Google.com.

    If it checks out by doing a whois (try http://tools.whois.net/whoisbyip/), do a trace route by (typing in tracert www.google.com in a sufficiently privileged cmd box) that will enable you to figure out where your packets are being dropped.

    Edit: why is everyone else so darn fast when posting?
Thread Status:
Not open for further replies.

Share This Page

(Users: 0, Guests: 0)