All search engines blocked
NOTE: This is not about the common search engine redirect infection.
The issue is with a Windows XP Pro 32-bit machine inside a Windows Server 2003 domain. No other computers on the network have any issues so it is not the firewall or server.
The problem with this XP computer is that after getting infected by some trojans, malware, etc., I could no longer access any search engines (Google, Yahoo, Bing, etc). I will repeat that I don't have the common fake search result redirection issue, these websites are simply not available at all. I also know that it is not a browser issue, because I have cleared all settings on all browsers and I have even downloaded new browsers that were never installed before, such as Chrome and Opera but still no luck getting to those few websites. I don't have a Hosts file inside Windows\System32\drivers\e
By the way, all infections have allegedly been removed per AVG Pro, Hitman Pro 3.6, Malware Bites Full trial version and ESET online scanner. System restore is not working for any available restore points, so it is not an option. And of course I know reinstalling the OS is an option, please don't suggest that. Thanks.
The issue is with a Windows XP Pro 32-bit machine inside a Windows Server 2003 domain. No other computers on the network have any issues so it is not the firewall or server.
The problem with this XP computer is that after getting infected by some trojans, malware, etc., I could no longer access any search engines (Google, Yahoo, Bing, etc). I will repeat that I don't have the common fake search result redirection issue, these websites are simply not available at all. I also know that it is not a browser issue, because I have cleared all settings on all browsers and I have even downloaded new browsers that were never installed before, such as Chrome and Opera but still no luck getting to those few websites. I don't have a Hosts file inside Windows\System32\drivers\e
By the way, all infections have allegedly been removed per AVG Pro, Hitman Pro 3.6, Malware Bites Full trial version and ESET online scanner. System restore is not working for any available restore points, so it is not an option. And of course I know reinstalling the OS is an option, please don't suggest that. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you tried pinging google, yahoo and any other site to see if you have access to the internet, there could be something blocking you.
ASKER
I'll reply to others a bit later...
Kyle_Davies: I did try pinging those sites by name and they are unreachable. Other domain names are reachable as always. Does that tell you anything?
Kyle_Davies: I did try pinging those sites by name and they are unreachable. Other domain names are reachable as always. Does that tell you anything?
Still think it is the hosts file. Did you set the system to view hidden and system files?
Download and run this hosts file unlocker:
http://download.bleepingcomputer.com/bats/hosts-perm.bat
Look in the registry for the currently set location of the hosts file per the post above. If it is anywhere other than c:\windows\system32\driver
Download and run this hosts file unlocker:
http://download.bleepingcomputer.com/bats/hosts-perm.bat
Look in the registry for the currently set location of the hosts file per the post above. If it is anywhere other than c:\windows\system32\driver
ASKER
Flubbster: I won't have access to the machine until a few hours from now, but I'll let you know how that unlocker works out. Last I messed with it, I found out that the hosts file was in the right location but it was set as a hidden system file. However I was able to rename it and create a new one in the right location but that didn't fix anything. May be worth noting that the altered hosts file didn't have any entries in it other than the usual 127.0.0.1 localhost and ::1 localhost, so even though it was hidden and locked (I could rename it but not delete it), I don't think it was doing anything.
I agree with flubbster it can only still be your hosts file have you tried putting your routers ip address in your dns settings?
How about running the RogueKiller or TheKiller for fixing the host file related issue.
Further did you tried TDSSKiller yet?
IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM - TheKiller
https://www.experts-exchange.com/A_1995.html
I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned:
1. RogueKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
https://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great
https://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-A
https://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
“Google Hijack” — Google Search Gets Redirected
https://www.experts-exchange.com/A_3299.html
I hope that would help.
Sudeep
Further did you tried TDSSKiller yet?
IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM - TheKiller
https://www.experts-exchange.com/A_1995.html
I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned:
1. RogueKiller
2. MalwareBytes
3. TDSSKIller
I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference
https://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great
https://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-A
https://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
“Google Hijack” — Google Search Gets Redirected
https://www.experts-exchange.com/A_3299.html
I hope that would help.
Sudeep
Some malware creates a hosts file that is completely inaccessible by normal means which replaces the original. I've seen cases where the original was in place but was not the actual one being used.
ASKER
So it was the hosts file but at the end I was unable to fix it because it got to the point where I couldn't log in to Windows even in safe mode.
Half the points go to dbrunton for being the first to mention the hosts file and the other half go to flubbster for suggesting that it could have been converted to a hidden system file.
Those two answers lead me to pinpoint the problem.
Half the points go to dbrunton for being the first to mention the hosts file and the other half go to flubbster for suggesting that it could have been converted to a hidden system file.
Those two answers lead me to pinpoint the problem.
also reset tcp/ip and winsock with below commands
netsh int ip reset c:\resetlog.txt
netsh winsock reset