Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Google Website is in Czech

Posted on 2012-09-18
20
Medium Priority
?
458 Views
Last Modified: 2012-09-28
I have a customer who can only get the Czech version of the Google website.  Malwarebytes turned up no malware and Eset's online scanner found only a Java exploit.  I have tried flushing DNS, resetting the TCP/IP stack and resetting Winsock.  IPCONFIG shows that the DNS server is the local router.  It is unlilkely that the router has been hacked because it is provided by Verizon and the default administrative password is the router's serial number.

The OS is Windows XP SP3.

It seems that only the Google website is affected and both IE8 and Firefox exhibit this behavior.

What can cause this redirection?
0
Comment
Question by:rhavey
  • 9
  • 3
  • 3
  • +3
20 Comments
 
LVL 26

Expert Comment

by:Tony J
ID: 38409867
Google use GEOIP to determine the location of the browser.

It might be worth checking that the public IP of the router is what you expect.

A quick way is www.whatismyip.org
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 38410129
Google also uses super cookies for settings.  These di not get removed by deleting cookies, and are for tracking.  to control, manage and remove that crude which have .sol extensions you can download the 'betterPrivacy' addon for Firefox.

If you blow al the garbage Google has put on the computer you should be able to start fressh and set preferences and options.

Cd&
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 38410262
Can you ping www.google.com in a command window and see what the IP resolves to?
Is it possible someone has just changed the Interface Settings to Czech and they are infact on the correct regional IP just with the wrong language?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:rhavey
ID: 38410587
Tracert from the customer site ends with a .cz extension.

Tracert from my site to his IP address ends with a local (.com) extension.

Better Privacy and the Adobe tool look like they may prevent future problems, but they will not clean up the current mess.

I will do a search for .sol extensions to see if that bears any fruit.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 38410627
rhavey--This may help
http://support.google.com/websearch/bin/answer.py?hl=en&answer=873

It is not entirely clear when this is happening.  
When doing a search on Google?
Google.com is homepage?
When entering www.google.com in Address line?
0
 
LVL 1

Author Comment

by:rhavey
ID: 38410757
Google.com is not the home page in any of the browsers.

There is a Google search on the Firefox start page, but it does not appear to be the Google site.

The problem becomes apparent when I enter www.google.com into the URL block (Address Line) on IE, Firefox, or Safari.

None of that should make a difference because www.google.com resolves to www.google.cz in the DNS.  Tracert confirms this.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 38410778
Have you checked your hosts file
c:\windows\sytem32\drivers\etc\hosts

You have have had a piece of malware that added the IP for the Czech google
If it's there - just remove it (normally there should not be very much in the hosts file)
0
 
LVL 1

Author Comment

by:rhavey
ID: 38410807
I had already checked the Hosts file.  I should have mentioned it.  There is nothing unusual in the hosts file.

Malware was my first suspicion.

Neither McAfee, Malwarebytes, nor Eset's online scanner revealed any malware.  I suppose I could try supper antspyware and/or Combofix.
0
 
LVL 1

Author Comment

by:rhavey
ID: 38410832
I am doing this remotely.  When the customer is home, I will have him reset the router.  This is Verizon FiOS, so the router is provided by the ISP.

I have also filed a report with Google.  They say that they might be detecting the IP adress wrong.

If I don't seem to be paying attention for a while, it's because I am waiting for Superantispyware and Combofix results.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 38410833
What happens if you do an nslookup on google.com ?

Is the router the DNS server for the affected computer or is there a DNS server somewhere?
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 38410836
rhavey--Did you read the "Reporting incorrect IP detection" section of the link I provided?
http://support.google.com/websearch/bin/answer.py?hl=en&answer=873
0
 
LVL 1

Author Comment

by:rhavey
ID: 38411959
I have reported the incorrect address to Google.  They say it could take a month to fix it.  They did provide a work-around.

The router is the DNS server.  The customer is still not home to physically reset the router.

NSLookup returns the address 87.125.87.99.  Tracert from the customer location and mine shows 13 steps to something called  r3-bb2.coolhousing.net, which according to Google at my site is a server in Prague.

Super Antispyware turned up nothing.  I have not run Combofix and I will hold off on that until I can get the router reset.
0
 
LVL 1

Author Comment

by:rhavey
ID: 38412059
Resetting the router did nothing.  I rebooted the computer while the router was resetting and I ran IPCONFIG /flushdns before I checked the status of Google.

The result was the same.  www.google.com resolved to the coolhousing.net server in Prague.

Google provided www.google.com/ncr as a work around.  That for the moment is as good as it gets.

If someone has an idea, I will try it.  Otherwise all I can do is wait for Google to finish their "investigation".
0
 
LVL 14

Accepted Solution

by:
Don Thomson earned 2000 total points
ID: 38413529
If your hosts file  looks okay - why don't you try using it to redirect to google.com
Add the following to your hosts file

74.125.226.14    <tab>  www.google.com   <tab> google.com

use the actual IP that google.com should be (each region can be directed to a different ip address at google for load balancing and for regional detection
0
 
LVL 1

Author Comment

by:rhavey
ID: 38413997
That comes under the heading "Why didn't I think of that.  It's still a workaround, but it will be good until Google gets their act together.

One problem though.  Hosts was read-only.  I was unable to uncheck the Read-Only box - access denied.  I was also unable to change the attribute with attrib -s hosts - Not Resetting File.  I was able to rename the file, edit the renamed file, and save it as Hosts.  I must have redone the hosts file on my own machine at some point because it is not read-only.  Is this level of protection normal for the hosts file in XP?  Or, am I looking at an indication of more trouble - malware?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 38414065
I don't recall hosts ever having that level of security by default.

Nothing else in there that looks untoward?
0
 
LVL 1

Author Comment

by:rhavey
ID: 38414149
Other than an enty that I don't understand.

::1 <tab> local host

There is no other indication of problems.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 38414195
rhavey--www.google.com/ncr is mentioned in http://support.google.com/websearch/bin/answer.py?hl=en&answer=873

My HOSTS folder has no attributes checked.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 38414705
Open Folder c:\windows\system32\drivers\etc

Right mouse on hosts - Properties
Under Security tab  edit permissions  and check full control for User

Then you can edit it

When Done reverse the process - (MS put that in as a means to reduce malware from accessing the file)
0
 
LVL 1

Author Closing Comment

by:rhavey
ID: 38444681
This is a workaround.  It will work until Google gets around to fixing the real problem.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question