Cannot Browse to Google.com or Bing.com

I have two completely seperate clients that each have one pc that cannot browse to google.com or bing.com, any other site is fine.  We have tried different browsers, uninstalling all antivirus software, disabling firewalls and changing DNS addresses to no avail.  Each client has many other pcs that work just fine.
Any suggestions please?
btmtechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

g3nu1n3Commented:
Try resetting the entire network - routers, servers, etc. I would install another browser to see if it is possibly some malware in the current browser they are using, and check the browser addons, try resetting the browser to its default settings as well. Sounds like there is possible some malware/addon blocking.
0
dmwynneCommented:
If these are windows machines please check the hosts files usually located here, it should not have entries for either website.

C:\Windows\System32\drivers\etc

Check in Internet Explorer, tools, internet options, connections tab, lan settings, make sure proxy server has no entries and is unchecked.

Can you ping www.google.com from a command prompt?
0
btmtechAuthor Commented:
We have tried Google Chrome and Firefox

Reset all IE settings and history, etc...

Pcs have no host file

There are no proxy settings in IE

And we can ping www.google.com and it returns 64.125.87.101
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

dmwynneCommented:
Are these windows machines?  If so then they have a hosts file but it might be hidden.  Once I know the version of windows then I'll tell you how to show hidden files of you can just search help to find out.
0
btmtechAuthor Commented:
Here is the contents of the host file:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
127.0.0.1       localhost
::1             localhost
0
dmwynneCommented:
You have some type of malware I believe.  

First put a # in front of

127.0.0.1       localhost
::1             localhost

See if you can get to google.com.

Regardless of whether you can or cannot I would download malwarebytes  -http://www.malwarebytes.org/ and run a quick scan to see if anything comes up.
0
dmwynneCommented:
I should have mentioned to restart in Safe mode with networking.  Run a Malwarebytes scan, an antivirus scan and also run combofix if you are familiar with it.
0
btmtechAuthor Commented:
The existing file is read only and locked so I cannot change it.  Any tips?
0
dmwynneCommented:
Restart in safe mode with networking.  Go to that file, right click, properties, uncheck read only.
0
btmtechAuthor Commented:
Still will not unlock. Read-only...
0
dmwynneCommented:
OK, then go ahead and run some scans.  This is some sort of infection.  
0
K_WilkeCommented:
Have you tried to do this as the administrator of the PC?
Are these PCs on a domain?
Thanks,
Kelly W.
0
btmtechAuthor Commented:
Yes, they are on a domain.  User has administrator privileges.
0
K_WilkeCommented:
I wonder if the user profile is corrupt on the two PCs?
Have you tried it with a different user?
Thanks,
Kelly W.
0
dmwynneCommented:
I still recommend you run a malwarebytes and combofix scan.

The ip you get back pinging google is not a google IP which means some malware app is redirecting it.  That app probably has the hosts file locked.
0
K_WilkeCommented:
Yes I agree with dmwynne.
If you cannot do the malwarebytes scan from safe mode then you need to try another user id, run malwarebytes, then logon as the user that is having the problems then run malwareebytes again.
Thanks,
Kelly W.
0
baztechCommented:
You need to change the Explorer view so that you can see both hidden and protected operating system files.  Also uncheck 'hide extensions for known file types'.

If this is the type of malware I think it is, it will have hidden your original hosts file and replaced it with the inaccessible one.

Once you can see all files, check that there is a hosts file with another extension such as .dat or .tmp.

Next check properties on the 'rogue' hosts file.  In the Security tab assign Full Control to Administrators Group, or to the local logon you're using to currently control the PC.  This should hopefully allow you to delete the rogue file.  Once it's deleted, you should be able to rename the correct file by removing the erroneous extension.

MalwareBytes will run in Safe Mode, and unless there is still a host-based redirect in place should also update in Safe Mode with Networking.  Run a Quick Scan once you get it installed.
0
btmtechAuthor Commented:
Combofix and Malwarebytes came up with nothing.

Here is the contents of the existing hosts file:

# 127.0.0.1       localhost

I tried logged in as administrator with no luck

Nothing is different in Safe Mode

Same issue still exists
0
K_WilkeCommented:
Just thinking out loud here.
Could this be a possible rootkit?
Thanks,
Kelly W.
0
btmtechAuthor Commented:
I had that thought as well but AVG does have a rootkit scanner that I used.  Plus, doesn't Combofix scan for rootkits?
0
dmwynneCommented:
I'm confused by the hosts file.  It is different than the original posted, did you replace it?  Was it replaced by Combofix?

Another option would be try a system restore to before this began.

0
baztechCommented:
OK.  Is the hosts file still read-only?  Does it allow you to uncheck this property?  If not, this is not your 'real' hosts file, which would be editable.  Did you check for hidden / alternative copies of the hosts file in C:\Windows\System32\Drivers\Etc ?

Flush the DNS cache (ipconfig /flushdns at an Administrator-level command prompt) and do a reset in Internet Explorer to remove all browser add-ons and customisation (which can also in certain elements affect the behaviour of the other browsers).

0
btmtechAuthor Commented:
Hosts file appears to have been changed by Combofix.  It is no longer read only and it is the only hosts file in that folder.

The FlushDNS did not work nor did the System Restore.

Pinging google.com still gives me the 64. address
0
baztechCommented:
OK, try running the Fixit tools from the MS website to force a reset of the hosts file and of IE settings:

Hosts:   http://support.microsoft.com/kb/972034

IE:   http://support.microsoft.com/kb/923737

0
btmtechAuthor Commented:
Ok, I did both of those resets and we have the same thing.  Here is a screenshot showing how it renamed the hosts file but did not create a new one, as far as I can see:

Screenshot
The 2nd screen shot shows how I have the View Folder settings selected:

Screenshot
0
btmtechAuthor Commented:
I finally found the fix by downloading and running TDSKILLER, so, it ended up being a virus infection.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btmtechAuthor Commented:
I finally found the fix by downloading and running TDSKILLER, so, it ended up being a virus infection.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.