Solved

Bizarre problem......cannot access search engines but everything else OK

Posted on 2003-10-23
9
332 Views
Last Modified: 2013-12-29
Hi guys,

I'm at my wit's end.

I cannot access google, lycos, or any of the other major search engines.  Yet all other websites work fine.  I have windows 98, IE 6 and Netscape 7.1 (same problem with both).  I have scanned for viruses AND adware, and no viruses were found, tons of adware was found and removed, but the problem persists.  Any ideas?


Thanks,

Chad
0
Comment
Question by:cnwilson
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 17

Expert Comment

by:rayt333
Comment Utility
Page won't load at all??

Any error messages?
0
 
LVL 17

Expert Comment

by:rayt333
Comment Utility
Clicking on this link will not open google??
http://www.google.com/
0
 
LVL 17

Expert Comment

by:rayt333
Comment Utility
What is your ISP? do you use their software? or just use a DUN with their settings and then browse with IE or Netscape?
0
 
LVL 14

Expert Comment

by:spiderfix
Comment Utility
You've most likely acquired the QHosts.Trojan

The removal tool is here
http://www.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 38

Accepted Solution

by:
Insignificant Volunteer earned 500 total points
Comment Utility
Go to C:\windows and see if there is a file (with no extension and with the "unknown file type windows flag-icon) named HOSTS or hosts. There may also be another one below it named HOSTS.SAM.  Just ignore that one.

If "hosts" is there, hold down your Shift Key > Right-Click on it > "Open With".
Uncheck the "always use this program to open files of this type" box
Scroll down to NotePad and double-click on it.
Delete all content and save the file.
Alternatively, just delete the file - windows can live without it.

HomePage HiJackings sometimes use the hosts file and add entries there.  Some people use the file deliberately to block specific web addresses by pointing them back at their own computer's IP address.

It does sound like spiderfix's suggestion, though.
0
 
LVL 14

Expert Comment

by:spiderfix
Comment Utility
The Trojan will just rewrite to the HOSTS file.
0
 

Author Comment

by:cnwilson
Comment Utility
To all who replied, thank you very much.

Spiderfix, I tried your solution first but the trojan wasn't detected.  I then followed BillDL's instructions and the worked like a charm, so I awarded him the points.  I'll keep an eye on it to see if it rewrites.
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Thank you, cnwilson.

I'll dig out a text file I saved with a few more details about the misuse and uses of the hosts file and post back here.

Meantime, here's some general notes I post for people experiencing issues concerning spyware and rogue processes running.  While it obviously doesn't all apply to you, take a look at the program "HiJack This".

This identifies known tracking cookies, and I'm sure it once identified entries in the hosts file on a computer I was fixing.

Firstly, download, install and run the freeware personal version of "Adaware" from Lavasoft.  It will identify any rogue Advertising Software or components on your system and allow you to get rid of them.

http://www.lavasoft.de/software/adaware/

Download, unzip, and run (no need to install) the freeware "BHO Demon".  Browser Helper Objects (or BHO's) are small programs that run automatically when you start your Internet Browser, come in many forms including the legitimate Adobe Acrobat Reader, and Norton AntiVirus, but also can be malicious or just a plain nuisance.  This program allows you to enable or disable them.  Take for example Go!Zilla, the downloading utility, which installs a BHO created by Radiate (formerly Aureate Media).  This BHO tracks which advertisements you see as you surf the Web, which may not bother you too much, but it is using up resources.

That said, there is no restriction on what a BHO can do your system.  It can do anything any other program can do ie. read or write (or delete) anything on your system.  Usually, software is installed on your system explicitly by you, but BHO's have a history of being installed without the users knowledge.

With BHO Demon, BHO's are disabled by simply renaming the DLL that houses them.  By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish.

http://www.definitivesolutions.com/bhodemon.htm
http://www.definitivesolutions.com/files/bhodmon1.zip

You should also run a Full virus scan of your system after updating your AntiVirus software with the latest definition download.  Scan ALL files, memory and boot sector where these are options.

To inspect what processes are running on your system:

Use the Start Menu as follows:

1. Start > Run > and type MSINFO32
2. In the left pane, find "Software Environment"
3. For each of the following sections, click on it and then use the menu as follows:
    Edit > Select All > Edit Copy
4. Paste each into NotePad and save by the name of the section in MSINFO32

Software Environment\
                                  Running Tasks
                                  Startup Programs
                                  System Hooks

You need to decide what you need and don't need to run automatically when Windows boots.  You could disable many of them using "Start > Run"  > and typing MSCONFIG.  The checkboxes are in the "startup" tab, and the only one you usually require is the System Tray.  You could retore them again one at a time again, rebooting between, and test until you find the culprit.

A helpful page to assist you in identifying Startup items is:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Another useful program for finding things that take over your system is "HiJack This" from:

http://www.spywareinfo.com/downloads.php#det
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

It will run from any folder without needing installation.  Just unzip it, launch Hijack This, and configure it quickly.  It will scan your system for evidence of known parasites and allow you to remove them.  You can also obtain an instant list.  Press "Config" > "Miscellaneous Tools", and press "Generate Startuplist Log".

No application will identify ALL potential risks, but these are a few good ones that are easy to use.
0
 
LVL 38

Expert Comment

by:Insignificant Volunteer
Comment Utility
Taken from http://www.accs-net.com/hosts/what_is_hosts.html

The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.

For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.

A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!'s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn't have to ask another to translate where to look for Yahoo!

Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself - of course it won't find any of it and will quit looking for it - and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won't see the ads, they can't put cookies on your hard drive, and you can't be profiled by them.

http://www.accs-net.com/hosts/benefits_restrictions.html

References:

http://www.accs-net.com/hosts/important_notes.html

http://www.accs-net.com/hosts/how_to_use_hosts.html

http://doa2.host.sk
http://doa2.host.sk/supertrick.htm
http://doa2.host.sk/download.htm

Download sample hosts files with blocked web sites:

http://www.accs-net.com/hosts/get_hosts.html
http://www.smartin-designs.com/downloads/hosts_127001.zip
(blocks over 12,800 servers)

http://doa2.host.sk/hosts.zip

Ready-made template:

http://www.accs-net.com/hosts/Downloads/hostsplain.txt

Other configuation:

http://www.accs-net.com/hosts/eDexter.html

eDexter is a program that acts as a local-only (it is not accessible throught the Internet) HTTP server on your computer. It is used to replace the empty boxes that occur when you use the Hosts file to block ads. eDexter will put one of its own images into the box that would have been occupied by the advertisement. This way, you will not have large, empty boxes in your browser and will instead have an image where the box used to be.

0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

For a variety of reasons, it sometimes makes sense to reboot a Windows-based computer on a regular, perhaps daily basis. This "cures" a lot of ills by resetting processes, flushing caches, refreshing memory, and reestablish network connections. In a…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now