Solved

Bizarre problem......cannot access search engines but everything else OK

Posted on 2003-10-23
9
334 Views
Last Modified: 2013-12-29
Hi guys,

I'm at my wit's end.

I cannot access google, lycos, or any of the other major search engines.  Yet all other websites work fine.  I have windows 98, IE 6 and Netscape 7.1 (same problem with both).  I have scanned for viruses AND adware, and no viruses were found, tons of adware was found and removed, but the problem persists.  Any ideas?


Thanks,

Chad
0
Comment
Question by:cnwilson
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 17

Expert Comment

by:rayt333
ID: 9611321
Page won't load at all??

Any error messages?
0
 
LVL 17

Expert Comment

by:rayt333
ID: 9611323
Clicking on this link will not open google??
http://www.google.com/
0
 
LVL 17

Expert Comment

by:rayt333
ID: 9611330
What is your ISP? do you use their software? or just use a DUN with their settings and then browse with IE or Netscape?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 14

Expert Comment

by:spiderfix
ID: 9611356
You've most likely acquired the QHosts.Trojan

The removal tool is here
http://www.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 9611395
Go to C:\windows and see if there is a file (with no extension and with the "unknown file type windows flag-icon) named HOSTS or hosts. There may also be another one below it named HOSTS.SAM.  Just ignore that one.

If "hosts" is there, hold down your Shift Key > Right-Click on it > "Open With".
Uncheck the "always use this program to open files of this type" box
Scroll down to NotePad and double-click on it.
Delete all content and save the file.
Alternatively, just delete the file - windows can live without it.

HomePage HiJackings sometimes use the hosts file and add entries there.  Some people use the file deliberately to block specific web addresses by pointing them back at their own computer's IP address.

It does sound like spiderfix's suggestion, though.
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 9611702
The Trojan will just rewrite to the HOSTS file.
0
 

Author Comment

by:cnwilson
ID: 9611729
To all who replied, thank you very much.

Spiderfix, I tried your solution first but the trojan wasn't detected.  I then followed BillDL's instructions and the worked like a charm, so I awarded him the points.  I'll keep an eye on it to see if it rewrites.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 9611766
Thank you, cnwilson.

I'll dig out a text file I saved with a few more details about the misuse and uses of the hosts file and post back here.

Meantime, here's some general notes I post for people experiencing issues concerning spyware and rogue processes running.  While it obviously doesn't all apply to you, take a look at the program "HiJack This".

This identifies known tracking cookies, and I'm sure it once identified entries in the hosts file on a computer I was fixing.

Firstly, download, install and run the freeware personal version of "Adaware" from Lavasoft.  It will identify any rogue Advertising Software or components on your system and allow you to get rid of them.

http://www.lavasoft.de/software/adaware/

Download, unzip, and run (no need to install) the freeware "BHO Demon".  Browser Helper Objects (or BHO's) are small programs that run automatically when you start your Internet Browser, come in many forms including the legitimate Adobe Acrobat Reader, and Norton AntiVirus, but also can be malicious or just a plain nuisance.  This program allows you to enable or disable them.  Take for example Go!Zilla, the downloading utility, which installs a BHO created by Radiate (formerly Aureate Media).  This BHO tracks which advertisements you see as you surf the Web, which may not bother you too much, but it is using up resources.

That said, there is no restriction on what a BHO can do your system.  It can do anything any other program can do ie. read or write (or delete) anything on your system.  Usually, software is installed on your system explicitly by you, but BHO's have a history of being installed without the users knowledge.

With BHO Demon, BHO's are disabled by simply renaming the DLL that houses them.  By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish.

http://www.definitivesolutions.com/bhodemon.htm
http://www.definitivesolutions.com/files/bhodmon1.zip

You should also run a Full virus scan of your system after updating your AntiVirus software with the latest definition download.  Scan ALL files, memory and boot sector where these are options.

To inspect what processes are running on your system:

Use the Start Menu as follows:

1. Start > Run > and type MSINFO32
2. In the left pane, find "Software Environment"
3. For each of the following sections, click on it and then use the menu as follows:
    Edit > Select All > Edit Copy
4. Paste each into NotePad and save by the name of the section in MSINFO32

Software Environment\
                                  Running Tasks
                                  Startup Programs
                                  System Hooks

You need to decide what you need and don't need to run automatically when Windows boots.  You could disable many of them using "Start > Run"  > and typing MSCONFIG.  The checkboxes are in the "startup" tab, and the only one you usually require is the System Tray.  You could retore them again one at a time again, rebooting between, and test until you find the culprit.

A helpful page to assist you in identifying Startup items is:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Another useful program for finding things that take over your system is "HiJack This" from:

http://www.spywareinfo.com/downloads.php#det
http://www.spywareinfo.com/~merijn/files/hijackthis.zip 

It will run from any folder without needing installation.  Just unzip it, launch Hijack This, and configure it quickly.  It will scan your system for evidence of known parasites and allow you to remove them.  You can also obtain an instant list.  Press "Config" > "Miscellaneous Tools", and press "Generate Startuplist Log".

No application will identify ALL potential risks, but these are a few good ones that are easy to use.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 9624916
Taken from http://www.accs-net.com/hosts/what_is_hosts.html

The "Hosts" file in Windows and other operating systems is used to associate host names with IP addresses. Host names are the www.yahoo.com addresses that you see every day. IP addresses are numbers that mean the same thing as the www words - the computers use the numbers to actually find the sites, but we have words like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.

For instance, the host name for Yahoo! is www.yahoo.com, while its IP address is 204.71.200.67 Either address will take you to Yahoo!'s site, but the www address will first have to be translated into the IP address. If you type in the IP address directly, your computer will not have to look it up.

A series of steps are used when searching for IP addresses that go with these host names. The first step, and the one that concerns us here, is the hosts file on your local computer. The Hosts file tells your computer what the name is in numbers so the computer can go find it. If the IP address is found in your Hosts file, the computer will stop looking and go to that site, but if it is not it will ask a DNS computer (domain name server) for the information. Since the search ends once a match is found, that provides us with a mechanism to block sites we have no interest in. You may block sites that serve advertisements, sites that serve objectionable content, or any other site that you choose to block.

We can put names and addresses into the Hosts file so your computer does not have to ask a DNS server to translate the domain name into an IP number. This speeds up access to the host site you want to see because your computer no longer has to query other systems on the Internet for the address translation. When you type in a web address like www.yahoo.com, the host name portion of the web address is translated into an IP address before the site is accessed. If you put Yahoo!'s host and IP settings into your Hosts file, it would load a little quicker because your computer doesn't have to ask another to translate where to look for Yahoo!

Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

Many web sites have links to other servers for the retrieval of advertisements. In the case of those web servers, the browser will quickly fail to locate the requested data (scripts, images, etc.) from the advertising server because we told our computer to look for the information on itself - of course it won't find any of it and will quit looking for it - and will continue loading the pertinent portions of the page you want to see. This will keep your computer from even talking to the ad servers, and thus you won't see the ads, they can't put cookies on your hard drive, and you can't be profiled by them.

http://www.accs-net.com/hosts/benefits_restrictions.html

References:

http://www.accs-net.com/hosts/important_notes.html

http://www.accs-net.com/hosts/how_to_use_hosts.html 

http://doa2.host.sk
http://doa2.host.sk/supertrick.htm
http://doa2.host.sk/download.htm

Download sample hosts files with blocked web sites:

http://www.accs-net.com/hosts/get_hosts.html
http://www.smartin-designs.com/downloads/hosts_127001.zip
(blocks over 12,800 servers)

http://doa2.host.sk/hosts.zip

Ready-made template:

http://www.accs-net.com/hosts/Downloads/hostsplain.txt

Other configuation:

http://www.accs-net.com/hosts/eDexter.html

eDexter is a program that acts as a local-only (it is not accessible throught the Internet) HTTP server on your computer. It is used to replace the empty boxes that occur when you use the Hosts file to block ads. eDexter will put one of its own images into the box that would have been occupied by the advertisement. This way, you will not have large, empty boxes in your browser and will instead have an image where the box used to be.

0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question