Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Redirects - Google


  • Please log in to reply

#16
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron ,
Changed DNS,

Command Prompt
C:\Windows\system32>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

Firefox is default and tried IE both no Google. Youtube is the same, they are not redirected any more but are reset.

Any site using google advertising also now shows 'The connection was reset' before showed the Youdao site in the ad'.

Have to go farming again.

Cheers ABEC
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
What happens when you type

173.194.69.113

in the URL box? Does it get to google?

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

nslookup google.com

Do you get an answer?

Get TCPING.exe from

http://www.elifulker...0.13/tcping.exe

Save it to your desktop.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  %userprofile%\Desktop

tcping -n 5 google.com 80

Do you get something like this:


Probing 173.194.33.14:80/tcp - Port is open - time=10.314ms
Probing 173.194.33.14:80/tcp - Port is open - time=3.230ms
Probing 173.194.33.14:80/tcp - Port is open - time=3.659ms
Probing 173.194.33.14:80/tcp - Port is open - time=2.543ms
Probing 173.194.33.14:80/tcp - Port is open - time=3.123ms

Ping statistics for 173.194.33.14:80
5 probes sent.
5 successful, 0 failed.
Approximate trip times in milli-seconds:
Minimum = 2.543ms, Maximum = 10.314ms, Average = 4.574ms
  • 0

#18
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Looked up google with 173.194.69.113 and it worked, tried normal google.com name - did not work

Answer from Command Prompt:

C:\Windows\system32>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 27.110.120.30

Non-authoritative answer:
Name: google.com
Addresses: 173.194.69.101
173.194.69.102
173.194.69.113
173.194.69.138
173.194.69.139
173.194.69.100

Will download TCPING.exe and get back asap.

Cheers ABEC
  • 0

#19
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Results as below from TCPING and I would say YES it does look similar.

Cheers ABEC
-----------------

C:\Users\\Desktop>tcping -n 5 google.com 80

Probing 74.125.237.137:80/tcp - Port is open - time=281.459ms
Probing 74.125.237.137:80/tcp - Port is open - time=273.057ms
Probing 74.125.237.137:80/tcp - Port is open - time=278.961ms
Probing 74.125.237.137:80/tcp - Port is open - time=279.950ms
Probing 74.125.237.137:80/tcp - Port is open - time=271.829ms

Ping statistics for 74.125.237.137:80
5 probes sent.
5 successful, 0 failed.
Approximate trip times in milli-seconds:
Minimum = 271.829ms, Maximum = 281.459ms, Average = 277.051ms

Edited by ABEC329, 05 April 2012 - 12:30 AM.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Now it looks like there may be something on your PC afterall. Apparently the DNS is working and the port 80 connection is possible. The IP address worked. But Google.com didn't. It's like there was an entry in the hosts file that caused it to go to the wrong place but OTL doesn't show anything.

Look in C:\Windows\SysNative\drivers\etc\ or C:\Windows\System32\drivers\etc\ Do you see the hosts file? If not you may need to set Windows to let you see it:


Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

Now that you can see the hosts file, look and see if you also have an lmhosts file. You should have an lmhosts.sam file but there is no need for an lmhosts file so delete it if you find it.

If that didn't help then:

Get HostsXpert

from

http://www.funkytoad.../HostsXpert.zip

Download and Save it then right click on the file and ExtractAll.

You will get a folder called HostsXpert. Double click on it and then

Right click on HostsXpert.exe and Run As Admin.

It will show you what is in your hosts file. Win Win 7 there is really nothing there by default but it will normally show you: 127.0.0 localhost in the right pane.
Verify there is nothing else there.

Click on Editing then
in the box under Add Line, type:
173.194.69.113  google.com
then click on Add Line.

You should see the stuff you just typed appear in the right pane.

Close HostsXpert.

Open a browser and see if it will go to google.com now.

Sometimes Firefox will use incorrect setting from IE. We can tell it not to:

In FireFox, (Tools or the Firefox button), Options, Options, Advanced, Network, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You have AVG. Is that the free version or the paid version? (The paid version is supposed to have its own firewall so it might be something to look at.)

I've got to go to bed now.

Ron
  • 0

#21
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Just to confirm - there is a file - lmhosts.sam is that OK or do I delete it.

Got HostsXpert added a new line and google reappeared for about 5 minute then back to its usual tricks?

Google averts in other website still show the 'Youdao' website stuff in the avert section??

I got into google and youtube again a few minute ago, now it won't work!? This site was showing some advertising, which got taken over with this Youdao stuff then it went away and there is no advertising now??!! What is going on??

Not liking these adverts from this 'Youdao' site!!!

Going to bed too

Cheers ABEC

Edited by ABEC329, 05 April 2012 - 03:26 AM.

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
lmhosts.sam can stay. It's just a sample program and not used.

The problem with using a hosts file entry for google.com is that they have a bunch of IP addresses that rotate through a large number of servers. I suppose they may have taken an address offline or we could be looking at some really devious malware. You could run nslookup google.com again and get a different IP address, then run HostsXpert and Edit the number you added to the new number but obviously that's not a permanent solution. We need to figure out what is going on.

You have a 64 bit system so you should have a 64 bit version of IE. Have you tried it? Does it have the same problem?

Let's try resetting the winsock and tcpip:

Copy the next 4 lines:

netsh winsock reset catalog
netsh int ipv4 reset %userprofile%\Desktop\reset4.log
netsh int ipv6 reset %userprofile%\Desktop\reset6.log
NetSH WinHTTP reset proxy

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and all 4 lines should appear. Hit Enter.

Reboot.

If that doesn't help then right click on Computer and select Manage then Device Manager. Find the Network Adapters in the right pane and click on the arrow in front of it. Find the adapter you use to connect with and right click on it and Uninstall. Reboot and it should reinstall it.

Reset IE: Right click on the IE icon and select Properties (or in IE, Tools, Internet Options) then Advanced. At the bottom is a RESET button. Press it. Restart IE if you have it open.

Also in Properties or Internet Options, Security. Restricted Sites, Sites. Verify that google.com is not in the list of restricted sites.


Try a different Browser:

http://www.apple.com/safari/download/

Download, Save and then right click and Run As Admin.

I would uncheck all but the top option. No need for bonjour or the auto update at this time.

It takes a few minutes to set up once you install it so be patient (even if it says Not Responding). Try to go to google.com now.
  • 0

#23
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
64 bit has the same problem.

Reset winsock and tcpip rebooted - no change

Uninstalled adapter - rebooted and it reinstalled - no change

Reset IE - no change

Verified - google.com is not in the list of restricted sites.

Tried Safari - same result

Can you explain the google advertising redirects. This very site (G 2 Go) displays some advertising when I first opened it this morning. Following the reboots the advertising changed to the redirected site (youdao). To setup Safari I closed firefox, completed the setup, reopened firefox opened this site now there is no advertising??

Cheers ABEC

Edited by ABEC329, 05 April 2012 - 02:42 PM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
The G2G site has advertising but supposedly once you log in it goes away. Perhaps it didn't think you were logged in?

I use the AdBlockPlus add-on on my Firefox
http://adblockplus.org/en/
and
Chrome
http://adblockplus.org/en/chrome

and it blocks the ads so I never see them.

Is this just google.com that doesn't work or do you also have problems with yahoo or bing?

Let's try the free Avast instead of AVG.


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover by right clicking and Run As Admin.

Reboot

Install Avast by right clicking and Run As Admin.
(Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours. While it runs it tells you where it will save the report. Write that down then go do some farming as it will take a while.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? If it found anything then open the file you wrote down while it was scanning and copy and paste the text to a reply.

It's usually something like: C:\ProgramData\Avast Software\Avast\report\aswboot.txt or C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt

Ron
  • 0

#25
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Adverts only before logging on.

Loaded adblockplus - great!

Yahoo seems to work fine as does Bing. Youtube does not work.

AVG remover said - ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems

Can I use the usual uninstall via control panel?

Tried to download Avast free, it will not let you download free version, is forcing me to upgrade to pro version, why is it doing that?

ABEC

Edited by ABEC329, 05 April 2012 - 03:50 PM.

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Avast should give you the free version tho they do try to talk you into the pro version.

http://www.avast.com/en-us/index

Then click on the Download button for Avast Free

Then click on Download for the Free again.

Then when the popup comes tell it No Thanks, I want Free Protection and you will finally get to a CNET screen where you can download the free version.

First uninstall AVG via the Control Panel then run the removal tool. I did not realize there were two. You do need the 64 bit version.

http://download.avg....4_2012_2125.exe
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Continued from last post:

Uninstall
Roblox for SIMS

See if that helps.

Try a different IP address in the hosts file for your google.com entry.

Night as well add another entry tothe hosts file to block your hijacker.

127.0.0.1 789.huo99.com

If we haven't already try running Firefox in safe Mode.

http://support.mozil...US/kb/Safe Mode

I've asked on our internal forum if anyone has any suggestions.

We may have to go to Wireshark or Process Monitor next. Wireshark monitors the network traffic and let's us see what is going on on the network. Process Monitor collects most of the registry and file reads and writes so may tell us what is causing the problem but the logs are a bear to work with.
  • 0

#28
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
The avast - No Thanks, I want Free Protection must be on holiday, it will not work??

Tried a different IP address for google.com - no change

You said - Might as well add another entry to the hosts file to block your hijacker.

127.0.0.1 789.huo99.com

- Do I just add this like adding the google.com line??

Tried firefox in safe mode - no changes

There is a bit of info building on line about this issue, is in Chinesse or similar but can be translated, one english site (feeds2.feedburner.com/Mac-Forums/​Airport-Networking-And-Wireless-Technology) redirects to 'Youdao' looks like the fixers are being blocked from publicly creating a fix.

Another site says this -
"My computer automatically jump to xxxp://789.huo99.com/ada2192_1.html after you open the Web page on this site, I locked home page; anti-virus; changing the browser or even the overall low reinstall the system will not work! I hope you master the maze"

This comment is written 3 times in a row??

Cheers ABEC

Edited by ABEC329, 05 April 2012 - 06:54 PM.

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

You said - Might as well add another entry to the hosts file to block your hijacker.

127.0.0.1 789.huo99.com

- Do I just add this like adding the google.com line??


Yes tho we might even do it one better and give one of the google addresses instead of 127.0.0.1

Perhaps because you are in NZ you get a different Avast site. I just checked it before my last post and it was there.

Can you go directly to http://download.cnet...=dl&tag=button?

My popup says it will only be there for 60 seconds so maybe if you wait it will go away.
  • 0

#30
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Hope you are getting some quality holiday time??

Have uninstalled AVG, installed Avast.

The popup says it will only be there for 60 seconds, waited for maybe 30 mins still no access??! Used the link in your last reply, all good now.

Have uninstalled Roblox, kids not to happy about that!!

Still not 100% confident I've got the hostfile setup right, could we check that to make sure its correct?

No hurry to get back to us, take some time out!

Cheers ABEC
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP