Solved

All search engines blocked

Posted on 2012-04-10
11
434 Views
Last Modified: 2013-11-22
NOTE: This is not about the common search engine redirect infection.

The issue is with a Windows XP Pro 32-bit machine inside a Windows Server 2003 domain. No other computers on the network have any issues so it is not the firewall or server.

The problem with this XP computer is that after getting infected by some trojans, malware, etc., I could no longer access any search engines (Google, Yahoo, Bing, etc). I will repeat that I don't have the common fake search result redirection issue, these websites are simply not available at all. I also know that it is not a browser issue, because I have cleared all settings on all browsers and I have even downloaded new browsers that were never installed before, such as Chrome and Opera but still no luck getting to those few websites. I don't have a Hosts file inside Windows\System32\drivers\etc so I don't think it is related to that file.

By the way, all infections have allegedly been removed per AVG Pro, Hitman Pro 3.6, Malware Bites Full trial version and ESET online scanner. System restore is not working for any available restore points, so it is not an option. And of course I know reinstalling the OS is an option, please don't suggest that. Thanks.
0
Comment
Question by:kinecsys
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37830983
run hijack this and check if there are still some thing their which may be making the issue. remove them if you think that can be issue.

also reset tcp/ip and winsock with below commands
netsh int ip reset c:\resetlog.txt
netsh winsock reset
0
 
LVL 47

Accepted Solution

by:
dbrunton earned 250 total points
ID: 37831484
>>  I don't have a Hosts file inside Windows\System32\drivers\etc

So where is your hosts file?

See http://mihaiu.name/2005/windows-hosts-file-ignored/ and check where it is.  Might be another hosts file somewhere you don't know about.
0
 
LVL 30

Assisted Solution

by:flubbster
flubbster earned 250 total points
ID: 37832834
I agree. Either your hosts file has been moved, it is hidden and you did not set to view hidden and system files, or it's location was modified in the registry.
0
 
LVL 6

Expert Comment

by:Kyle_Davies
ID: 37832894
Have you tried pinging google, yahoo and any other site to see if you have access to the internet, there could be something blocking you.
0
 
LVL 7

Author Comment

by:kinecsys
ID: 37833302
I'll reply to others a bit later...

Kyle_Davies: I did try pinging those sites by name and they are unreachable. Other domain names are reachable as always. Does that tell you anything?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 30

Expert Comment

by:flubbster
ID: 37833437
Still think it is the hosts file. Did you set the system to view hidden and system files?

Download and run this hosts file unlocker:

http://download.bleepingcomputer.com/bats/hosts-perm.bat

Look in the registry for the currently set location of the hosts file per the post above. If it is anywhere other than c:\windows\system32\drivers\etc, then it needs to be changed.
0
 
LVL 7

Author Comment

by:kinecsys
ID: 37835197
Flubbster: I won't have access to the machine until a few hours from now, but I'll let you know how that unlocker works out. Last I messed with it, I found out that the hosts file was in the right location but it was set as a hidden system file. However I was able to rename it and create a new one in the right location but that didn't fix anything. May be worth noting that the altered hosts file didn't have any entries in it other than the usual 127.0.0.1 localhost and ::1 localhost, so even though it was hidden and locked (I could rename it but not delete it), I don't think it was doing anything.
0
 
LVL 6

Expert Comment

by:Kyle_Davies
ID: 37836097
I agree with flubbster it can only still be your hosts file have you tried putting your routers ip address in your dns settings?
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37836778
How about running the RogueKiller or TheKiller for fixing the host file related issue.

Further did you tried TDSSKiller yet?

IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM - TheKiller
http://www.experts-exchange.com/A_1995.html

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned:
1. RogueKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

“Google Hijack” — Google Search Gets Redirected
http://www.experts-exchange.com/A_3299.html

I hope that would help.

Sudeep
0
 
LVL 30

Expert Comment

by:flubbster
ID: 37837144
Some malware creates a hosts file that is completely inaccessible by normal means which replaces the original. I've seen cases where the original was in place but was not the actual one being used.
0
 
LVL 7

Author Closing Comment

by:kinecsys
ID: 37851385
So it was the hosts file but at the end I was unable to fix it because it got to the point where I couldn't log in to Windows even in safe mode.

Half the points go to dbrunton for being the first to mention the hosts file and the other half go to flubbster for suggesting that it could have been converted to a hidden system file.

Those two answers lead me to pinpoint the problem.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Bada platform is becoming more and more famous this days and people talking about same. Some friends included those who have bada OS mobile asked me "what is bada?"and "what its features?". That encouraged me to research and write this article. [st…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now