| Author |
Topic: Can't Access Google |
Allan Jirik
From:
Wichita Falls TX
|
Posted 26 Aug 2011 7:20 pm |
|
| I use Firefox as my browser but occasionally use Google to search. Yesterday I noticed that I could not access Google- not from the toolbar, typing it in or doing a web search. I get 404 Not Found. I thought it might be a site problem but I can't access Google today, either. I recently upgraded to the latest version of Firefox, could that have something to do with it? Thank you. |
|
|
|
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 26 Aug 2011 11:11 pm
|
|
| What happens when you put in 74.125.53.106 ? |
|
|
|
Allan Jirik
From:
Wichita Falls TX
|
|
|
|
Chris Dorch
From:
Wisconsin, USA
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 30 Aug 2011 10:11 am Re: Can't Access Google
|
|
| Allan Jirik wrote: |
| I use Firefox as my browser but occasionally use Google to search. Yesterday I noticed that I could not access Google- not from the toolbar, typing it in or doing a web search. I get 404 Not Found. I thought it might be a site problem but I can't access Google today, either. I recently upgraded to the latest version of Firefox, could that have something to do with it? Thank you. |
Firefox ships with Google search as the start page. There are only two three things that could happen that would prevent you from visiting google.com:
- Your browser was not downloaded directly from Mozilla.org, or firefox.com, but from a malware delivery website
- Your Windows HOSTS file has been altered by malware or a search hijacker, so that requests for google.com are rerouted to your local machine (127.0.0.1, or 0.0.0.1)
- Your router may have been exploited to not resolve google.com either. This is less likely than the other options. The exploit that causes this behavior is known a DNS Hijacking.
I would reboot and try again. But, in the meanwhile, please update, then run a full scan with your anti-virus and anti-malware programs. They would probably detect if your HOSTS file has been tampered with, or if there are search hijackers at work.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Allan Jirik
From:
Wichita Falls TX
|
Posted 21 Sep 2011 7:59 pm
|
|
| Ok, when I click on Chris' http://74.125.93.106 I get to Google. Nothing else works. I suspect I've been hijacked because whenever I do a search (Yahoo is my home page) I am redirected to all sorts of sites. I haven't had any success with Norton to remove this hijack, not sure what to do at this point. Thanks for your help, guys. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Sep 2011 10:25 pm
|
|
This sounds like a HOSTS file redirect to sites belonging to criminals. Navigate to the following folder: C:\Windows\System32\Drivers\Etc\
Inside that folder there will be a file whose entire name is HOSTS . Now, in the right side pane, where that and a few other files reside, right-click and choose New > Text Document. A file will appear named New Text Document.txt. Double click on this file and it will open a a black Notepad file.
Position the new blank text document to the side of the explorer or folder window containing the HOSTS file. Use your mouse pointer and click on the HOSTS file, hold the button down and drag/drop it onto the open Notepad window. The contents will appear inside the previously blank file.
Look at all lines beginning under the example section and see if google.com is listed, or an other websites/domain names. If so, delete every line that has a website like Google, Yahoo, MSN, Bing, Microsoft, or any anti-virus company name. These are likely redirection codes placed there by malware.
When you have finished deleting lines that redirect legitimate domains to phony ones, press these keys: CTRL + F + S. You will have the contents of the HOSTS file saved as New Text Document.txt. Close the Notepad window.
Return to the actual HOSTS file and right click on it. From the flyout options left select Properties, the bottom most option. On the Properties tab there are some check boxes. Find the one labeled Read-only and uncheck it. Do the same for System, if it is checked, then click Apply, on the lower right. Now, right-click on the HOSTS file and choose Rename. Add .bak after the name and click away to make it take. Accept the pop-up box about changing file extensions.
Go to the (New Text Document.txt) file you saved the modified contents to and use the right-click option "Rename" to change it to just: "Hosts" without any extension. Open its properties as you did in the original and apply the Read-Only and System attributes.
Close all open browsers, save all files and reboot. Unless there is a Big Brother watching over the modified Hosts file, the hostile redirection codes should be gone and you should be able to go to Google, Yahoo, or Microsoft.
Since you have malware on your computer, you need to update your anti-malware programs and scan for what threats exist and delete them. Be sure to update your security programs before scanning.
Go to www.malwarebytes.org and download Malwarebytes' Anti-Malware. Install and update it, then perform a full system scan. Have it remove all malware it finds. Instructions are included in the program's Help file.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Cal Sharp
From:
the farm in Kornfield Kounty, TN
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Cal Sharp
From:
the farm in Kornfield Kounty, TN
|
|
|
|
Cal Sharp
From:
the farm in Kornfield Kounty, TN
|
|
|
|
Allan Jirik
From:
Wichita Falls TX
|
Posted 24 Sep 2011 7:24 pm
|
|
Thanks for all your assistance, Wiz and Cal. Wiz, I followed your instructions to the letter, rebooted, did a search, clicked on a search result and was promptly hijacked again. It's not taking me to hostile sites, but to other search engines, advertising, etc. I did clean out two items from the host file. I did a full system scan and found nothing. And, I still cannot access google. In fact, I don't think I can sign onto You Tube any more. Is there anything else you can think of? It seems odd that whatever is in my machine can't be detected.
Thanks! |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 24 Sep 2011 9:32 pm
|
|
| Allan Jirik wrote: |
Thanks for all your assistance, Wiz and Cal. Wiz, I followed your instructions to the letter, rebooted, did a search, clicked on a search result and was promptly hijacked again. It's not taking me to hostile sites, but to other search engines, advertising, etc. I did clean out two items from the host file. I did a full system scan and found nothing. And, I still cannot access google. In fact, I don't think I can sign onto You Tube any more. Is there anything else you can think of? It seems odd that whatever is in my machine can't be detected.
Thanks! |
It is time to bring out the artillery. Download Malwarebytes' Anti-Malware, install and update it, then run a full scan. You can also download MBAM from my website, where there are instructions for its use and what you can do if malware interferes with the installation.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Allan Jirik
From:
Wichita Falls TX
|
Posted 26 Sep 2011 5:34 am
|
|
That's what I used the other day. Would it be beneficial to purchase the full Malwarebytes package?
While I can reach google using the url above, I can't sign in or use the help function. Same with You Tube. This is getting very annoying... |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 26 Sep 2011 9:30 am
|
|
| Wiz Feinberg wrote: |
| Allan Jirik wrote: |
That's what I used the other day. Would it be beneficial to purchase the full Malwarebytes package?
While I can reach google using the url above, I can't sign in or use the help function. Same with You Tube. This is getting very annoying... |
Have you tried restoring your computer to a date prior to August 25? You said that the problem manifested itself on Aug 26. If your restore point include a date before the infection set in, the effects will be reversed.
If System Restore is successful, you will need to re-run Windows Update for September's patches.
You can keep trying System Restore until there are no more restore points available. Use "Show More Restore Points" if necessary.
If System Restore was off, or fails to reverse the problems, please do the following steps, in order:
- Open Malwarebytes' Anti-Malware.
- Go to the Updates tab and download any updates, including program updates.
- After all updates have completed, restart your computer in Safe Mode With Networking.
- Do this by tapping the F8 key as the computer reboots.
- Login to your usual account in Safe Mode.
- Accept the You are in Safe Mode notice.
- Find the shortcut to MBAM and launch it.
- Perform a full scan
- Remove all malware, unwanted software and cookies it lists
- Restart your computer in normal mode
- Launch MBAM, check once more for updates, then perform a Quick Scan.
Report on your results. If search hijackers are found and removed, list them by name.
If MBAM finds hijackers and says it removed them, but they reappear, you will have to turn off System (Restore|Protection), reboot into Safe Mode With Networking, update MBAM, and run the Quick Scan again.
You haven't provided us with certain important information about your computer.
- Operating System
- Service Pack
- Anti-virus program installed and if it is licensed or free and up to date with definitions and fully functional.
Once we have these details, along with the results of more scans with MBAM and your anti-virus program, more advice can be given.
I won't have you register MBAM until the system is clean from this hijacker. You will have to use it manually until then. Right now, the fight is on. When the dust settles, a registered program will protect you automatically. So should your anti-virus program! |
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Don Walters
From:
Saskatchewan Canada
|
Posted 1 Oct 2011 7:52 pm
|
|
| Quote: |
| Windows queries the hosts file before it checks the DNS servers. |
So do Linux & OS X |
|
|
|
