[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 757
  • Last Modified:

Can't use Search Engines

I have a Windows XP Professional PC and I can't use various search engines or even go to google.com. If I try to search for something using the Google Plug-In or even Bing, I get the same message as below.

If I try to go to google.com, for instance, using IE, Firefox or Safari I simply get a message saying "Server not found" (using Firefox) or "Internet Explorer cannot display the webpage" (using IE obviously).

I ran Malwarebytes more than once. Found a trojan in the System Restore location. Disabled my System Restore functionality and re-ran...no viruses found.

I ran Spybot and Hijackthis. Found an issue with the local "hosts" file and re-created it with just one entry (127.0.0.1 localhost).

I need some help interpreting the Hijackthis results. I feel the fix may be here, but do not have the expertise to determine exactly what to do.

Any help would be appreciated.

JM
hijackthisLogMikesPC.txt
0
jmillot
Asked:
jmillot
  • 5
  • 4
  • 2
  • +1
1 Solution
 
younghvCommented:
You can't simply "run" tools and scanners any more. Too many malware variants block their functionality.

Read the details in the EE Articles listed and start over.

http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware

From 'rpggamergirl':
"Google Hijack" - Google Search Gets Redirected:
0
 
Neil RussellTechnical Development LeadCommented:
First off do you have a good internet connection?

What result do you get from IPCONFIG /ALL (Please post)
What result do you get from PING 8.8.8.8
0
 
Sudeep SharmaTechnical DesignerCommented:
Is this happening with Search Engines only? Can you access any other website fine?

Please follow the advise from younghv above and post the logs for further assistance.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jmillotAuthor Commented:
I have Internet Access. My home page is msn.com and it works fine. Links on that page work fine. I simply cannot search and cannot go to google.com for instance.

I cannot ping 8.8.8.8 but we are behind a city firewall which is very restrictive.

IPCONFIG info follows...


Windows IP Configuration

        Host Name . . . . . . . . . . . . : mikes-pc
        Primary Dns Suffix  . . . . . . . : hww.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : hww.com

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Attansic L1 Gigabit Ethernet 10/100/
1000Base-T Controller
        Physical Address. . . . . . . . . : 00-1D-60-44-44-9B
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 172.20.30.105
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.20.254.254
        DNS Servers . . . . . . . . . . . : 172.20.30.0
                                            172.20.30.2

Thanks!

JM
0
 
younghvCommented:
JM -
Did you read the EE Articles I referenced above?

RogueKiller has a variety of Menu Options that will identify and correct several known connectivity symptoms, and "TheKiller" will auto-correct any that are found.

Additionally, running any of the rogue stoppers will allow your other scanners to work properly.

EDIT:
I just noticed this is your first ever question on EE!
Kind of cool to be part of that.
0
 
jmillotAuthor Commented:
Younghv -

I am reading them now. I ran RogueKiller but I am confused about what to "delete" or "fix".

For instance, the "Hosts" tab shows "127.0.0.1 localhost" which I see as legitimate.
The "DNS" tab shows two lines and they are pointing to my 2 internal DNS servers.
The "Driver" tab has 20 or so lines that mean nothing to me.
The "MBR" tab has a lot of information and the last line says "Error reading LL2 MBR!"

Your advice would be appreciated.

I also ran rkill which found 4 processes. I am again running a Malwarebytes scan to see if anything is found and/or cleaned.


JM
0
 
Sudeep SharmaTechnical DesignerCommented:
Make sure that you should not reboot between Rkill and MBAM scan.
0
 
jmillotAuthor Commented:
I did not reboot.

Thanks!
0
 
younghvCommented:
For instance, the "Hosts" tab shows "127.0.0.1 localhost" which I see as legitimate.
Yes, it is legitimate. The check is for 're-directs' that may have been inserted.

The "DNS" tab shows two lines and they are pointing to my 2 internal DNS servers.
The "Driver" tab has 20 or so lines that mean nothing to me.
As long as there are no entries showing a problem, ignore them.

The "MBR" tab has a lot of information and the last line says "Error reading LL2 MBR!"
That started happening a couple of months ago and can also be ignored. If there was any indication of MBR problems, it would show in the log.
==========

Please run "TheKiller" also - the auto-fixes may trigger based on what it finds.

For re-direct/connectivity problems, the Articles also mention TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

============
Remember to attach any logs that are generated. There may be clues to further steps needed.
0
 
jmillotAuthor Commented:
Thanks to all. Lot of good useful tools from younghv.

In the end, I believe it was the Kaspersky TDSSKILLER utility that corrected the problem.

I appreciate your help!

First time using...won't be my last I'm sure.

JM
0
 
younghvCommented:
JM -
Glad this worked for you.
There are several very good EE Articles about malware. When you get a chance peruse those from 'rpggamergirl' and 'tzucker' also.
0
 
jmillotAuthor Commented:
What's the best way of finding those articles?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now