All search engines blocked

NOTE: This is not about the common search engine redirect infection.

The issue is with a Windows XP Pro 32-bit machine inside a Windows Server 2003 domain. No other computers on the network have any issues so it is not the firewall or server.

The problem with this XP computer is that after getting infected by some trojans, malware, etc., I could no longer access any search engines (Google, Yahoo, Bing, etc). I will repeat that I don't have the common fake search result redirection issue, these websites are simply not available at all. I also know that it is not a browser issue, because I have cleared all settings on all browsers and I have even downloaded new browsers that were never installed before, such as Chrome and Opera but still no luck getting to those few websites. I don't have a Hosts file inside Windows\System32\drivers\etc so I don't think it is related to that file.

By the way, all infections have allegedly been removed per AVG Pro, Hitman Pro 3.6, Malware Bites Full trial version and ESET online scanner. System restore is not working for any available restore points, so it is not an option. And of course I know reinstalling the OS is an option, please don't suggest that. Thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

run hijack this and check if there are still some thing their which may be making the issue. remove them if you think that can be issue.

also reset tcp/ip and winsock with below commands
netsh int ip reset c:\resetlog.txt
netsh winsock reset
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
>>  I don't have a Hosts file inside Windows\System32\drivers\etc

So where is your hosts file?

See and check where it is.  Might be another hosts file somewhere you don't know about.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree. Either your hosts file has been moved, it is hidden and you did not set to view hidden and system files, or it's location was modified in the registry.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Kyle DaviesRetail Software SpecialistCommented:
Have you tried pinging google, yahoo and any other site to see if you have access to the internet, there could be something blocking you.
kinecsysAuthor Commented:
I'll reply to others a bit later...

Kyle_Davies: I did try pinging those sites by name and they are unreachable. Other domain names are reachable as always. Does that tell you anything?
Still think it is the hosts file. Did you set the system to view hidden and system files?

Download and run this hosts file unlocker:

Look in the registry for the currently set location of the hosts file per the post above. If it is anywhere other than c:\windows\system32\drivers\etc, then it needs to be changed.
kinecsysAuthor Commented:
Flubbster: I won't have access to the machine until a few hours from now, but I'll let you know how that unlocker works out. Last I messed with it, I found out that the hosts file was in the right location but it was set as a hidden system file. However I was able to rename it and create a new one in the right location but that didn't fix anything. May be worth noting that the altered hosts file didn't have any entries in it other than the usual localhost and ::1 localhost, so even though it was hidden and locked (I could rename it but not delete it), I don't think it was doing anything.
Kyle DaviesRetail Software SpecialistCommented:
I agree with flubbster it can only still be your hosts file have you tried putting your routers ip address in your dns settings?
Sudeep SharmaTechnical DesignerCommented:
How about running the RogueKiller or TheKiller for fixing the host file related issue.

Further did you tried TDSSKiller yet?


I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned:
1. RogueKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference (Rogue-Killer-What-a-great-name) (Stop-the-Bleeding-First-Aid-for-Malware) (Basic Malware Troubleshooting)

“Google Hijack” — Google Search Gets Redirected

I hope that would help.

Some malware creates a hosts file that is completely inaccessible by normal means which replaces the original. I've seen cases where the original was in place but was not the actual one being used.
kinecsysAuthor Commented:
So it was the hosts file but at the end I was unable to fix it because it got to the point where I couldn't log in to Windows even in safe mode.

Half the points go to dbrunton for being the first to mention the hosts file and the other half go to flubbster for suggesting that it could have been converted to a hidden system file.

Those two answers lead me to pinpoint the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.