Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


All search engines blocked

Posted on 2012-04-10
Medium Priority
Last Modified: 2013-11-22
NOTE: This is not about the common search engine redirect infection.

The issue is with a Windows XP Pro 32-bit machine inside a Windows Server 2003 domain. No other computers on the network have any issues so it is not the firewall or server.

The problem with this XP computer is that after getting infected by some trojans, malware, etc., I could no longer access any search engines (Google, Yahoo, Bing, etc). I will repeat that I don't have the common fake search result redirection issue, these websites are simply not available at all. I also know that it is not a browser issue, because I have cleared all settings on all browsers and I have even downloaded new browsers that were never installed before, such as Chrome and Opera but still no luck getting to those few websites. I don't have a Hosts file inside Windows\System32\drivers\etc so I don't think it is related to that file.

By the way, all infections have allegedly been removed per AVG Pro, Hitman Pro 3.6, Malware Bites Full trial version and ESET online scanner. System restore is not working for any available restore points, so it is not an option. And of course I know reinstalling the OS is an option, please don't suggest that. Thanks.
Question by:kinecsys
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
LVL 17

Expert Comment

ID: 37830983
run hijack this and check if there are still some thing their which may be making the issue. remove them if you think that can be issue.

also reset tcp/ip and winsock with below commands
netsh int ip reset c:\resetlog.txt
netsh winsock reset
LVL 49

Accepted Solution

dbrunton earned 1000 total points
ID: 37831484
>>  I don't have a Hosts file inside Windows\System32\drivers\etc

So where is your hosts file?

See http://mihaiu.name/2005/windows-hosts-file-ignored/ and check where it is.  Might be another hosts file somewhere you don't know about.
LVL 30

Assisted Solution

flubbster earned 1000 total points
ID: 37832834
I agree. Either your hosts file has been moved, it is hidden and you did not set to view hidden and system files, or it's location was modified in the registry.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

by:Kyle Davies
ID: 37832894
Have you tried pinging google, yahoo and any other site to see if you have access to the internet, there could be something blocking you.

Author Comment

ID: 37833302
I'll reply to others a bit later...

Kyle_Davies: I did try pinging those sites by name and they are unreachable. Other domain names are reachable as always. Does that tell you anything?
LVL 30

Expert Comment

ID: 37833437
Still think it is the hosts file. Did you set the system to view hidden and system files?

Download and run this hosts file unlocker:


Look in the registry for the currently set location of the hosts file per the post above. If it is anywhere other than c:\windows\system32\drivers\etc, then it needs to be changed.

Author Comment

ID: 37835197
Flubbster: I won't have access to the machine until a few hours from now, but I'll let you know how that unlocker works out. Last I messed with it, I found out that the hosts file was in the right location but it was set as a hidden system file. However I was able to rename it and create a new one in the right location but that didn't fix anything. May be worth noting that the altered hosts file didn't have any entries in it other than the usual localhost and ::1 localhost, so even though it was hidden and locked (I could rename it but not delete it), I don't think it was doing anything.

Expert Comment

by:Kyle Davies
ID: 37836097
I agree with flubbster it can only still be your hosts file have you tried putting your routers ip address in your dns settings?
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 37836778
How about running the RogueKiller or TheKiller for fixing the host file related issue.

Further did you tried TDSSKiller yet?


I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned:
1. RogueKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

“Google Hijack” — Google Search Gets Redirected

I hope that would help.

LVL 30

Expert Comment

ID: 37837144
Some malware creates a hosts file that is completely inaccessible by normal means which replaces the original. I've seen cases where the original was in place but was not the actual one being used.

Author Closing Comment

ID: 37851385
So it was the hosts file but at the end I was unable to fix it because it got to the point where I couldn't log in to Windows even in safe mode.

Half the points go to dbrunton for being the first to mention the hosts file and the other half go to flubbster for suggesting that it could have been converted to a hidden system file.

Those two answers lead me to pinpoint the problem.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question