Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Google NOT!
Message
From
03/04/2011 11:37:45
Jos Pols
C., South Africa
 
 
To
03/04/2011 08:33:16
Ken Buch
Kba Software
Greenville, South Carolina, United States
General information
Forum:
Google
Category:
Search engine
Title:
Re: Google NOT!
Miscellaneous
Thread ID:
01505644
Message ID:
01505919
Views:
70
This message has been marked as a message which has helped to the initial question of the thread.
So this is your problem as initially suggested.

A1) Yes you can remove all these entries as your DNS server provider should automatically resolve domain names to the correct IP address.

A2) Whether some other program will re-insert these domain name to IP mappings is unknown but if they do re-appear then you are infected with some malware.

Suggestion: Get SpyBot Search & Destroy from here: http://www.safer-networking.org - install it, run an update. Then load the program and change it to Advanced mode. Run a scan of your computer. Remove anything it finds as malware. then you can also use the advanced options to lock your hosts file from modification from other malware.

My suspicion is that you had or have an infection but the server hosting the malware at the IP address below has been taken down by RackForce and removed. Your computer might still need to be cleaned.


>Hi Jos,
>
>AHA!! When I first looked at that folder there was no hosts file. I changed my folders options (thought I had already done that) and teh hosts file now appears and it does have uncommented lines:
>
>FROM NOTEPAD:
>
>
>64.46.36.163 www.google.com 
>64.46.36.163 google.com 
>64.46.36.163 google.com.au 
>64.46.36.163 www.google.com.au
>64.46.36.163 google.be 
>64.46.36.163 www.google.be
>64.46.36.163 google.com.br 
>64.46.36.163 www.google.com.br
>64.46.36.163 google.ca 
>64.46.36.163 www.google.ca
>64.46.36.163 google.ch 
>64.46.36.163 www.google.ch
>64.46.36.163 google.de 
>64.46.36.163 www.google.de
>64.46.36.163 google.dk 
>64.46.36.163 www.google.dk
>64.46.36.163 google.fr 
>64.46.36.163 www.google.fr
>64.46.36.163 google.ie 
>64.46.36.163 www.google.ie
>64.46.36.163 google.it 
>64.46.36.163 www.google.it
>64.46.36.163 google.co.jp 
>64.46.36.163 www.google.co.jp
>64.46.36.163 google.nl 
>64.46.36.163 www.google.nl
>64.46.36.163 google.no 
>64.46.36.163 www.google.no
>64.46.36.163 google.co.nz 
>64.46.36.163 www.google.co.nz
>64.46.36.163 google.pl 
>64.46.36.163 www.google.pl
>64.46.36.163 google.se 
>64.46.36.163 www.google.se
>64.46.36.163 google.co.uk 
>64.46.36.163 www.google.co.uk
>64.46.36.163 google.co.za 
>64.46.36.163 www.google.co.za
>64.46.36.163 www.google-analytics.com
>64.46.36.163 www.bing.com
>64.46.36.163 search.yahoo.com 
>64.46.36.163 www.search.yahoo.com
>64.46.36.163 uk.search.yahoo.com
>64.46.36.163 ca.search.yahoo.com
>64.46.36.163 de.search.yahoo.com
>64.46.36.163 fr.search.yahoo.com
>64.46.36.163 au.search.yahoo.com
>
>
>
>So now the question is can I simply delete and/or comment these lines out or is there something else that will put them back in automatically?
>
>Thanks for your persistence and patience,
>
>Ken
>
>
>>IP address 64.46.36.163 is owned by RackForce, a legitimate hosting provider in Canada, Kelowna:
>>
>>http://www.dnsstuff.com/tools/whois/?ip=64.46.36.163&cache=off
>>
>>The next question is then why does your computer, or the DNS look-up your computer uses, point www.google.com to this IP address which is NOT Google? This IP address does not appear to even be in use at present.
>>
>>1) Did you check for a hidden HOSTS file in the location C:\Windows\System32\drivers\etc
>>
>>2) Can you check what DNS Server Address your internet connection is using? You will need to go to the properties of the internet connection you are using, and look at the Internet Protocol 4 (& 6) properties pages. Check the DNS Server Address. If you like you can use an open DNS server such as Open DNS and use these IP addresses for a DNS server:
>>
>>OPEN DNS
>>
>>Primary: 208.67.222.222
>>
>>Secondary: 208.67.220.220
>>
>>This will avoid your computer using the default DNS server of your ISP which may be the cause of the problem (check for hidden HOST file first).
>>
>>
>>>PING www.google.com yields [64.46.36.163]
>>>
>>>>That in itself is already unusual. Have you checked for a hidden hosts file?
>>>>
>>>>The fact that you can access Google via IP address and not domain name means that you do not have a routing problem but a DNS look-up problem. Either the DNS at your ISP is in error or your HOSTS file is re-directing you.
>>>>
>>>>Open a command window and type in:
>>>>
>>>>
>>>>PING www.google.com
>>>>
>>>>What IP address does it say it is going to?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Hi Al,
>>>>>
>>>>>Thanks for your concern and advice.
>>>>>
>>>>>I have no HOSTS file. In the directory you specified I do have a file titled Imhosts.sam. I looked at that and there are no uncommented lines.
>>>>>
>>>>>I ran Scans with Malwarebytes (it did update before It ran the scan) nothing found
>>>>>I ran Kaperskl Labs TDSS rootkit remover and it found nothing
>>>>>I ran AVG rootkit scanner and it found nothing.
>>>>>
>>>>>What else ?
>>>>>
>>>>>Thanks,
>>>>>
>>>>>Ken
>>>>>
>>>>>
>>>>>>C:\Windows\System32\drivers\etc\hosts (with no extension)
>>>>>>
>>>>>>Here is my HOSTS file, Win7 Ultimate 64bit:
>>>>>>
>>>>>># Copyright (c) 1993-2009 Microsoft Corp.
>>>>>>#
>>>>>># This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
>>>>>>#
>>>>>># This file contains the mappings of IP addresses to host names. Each
>>>>>># entry should be kept on an individual line. The IP address should
>>>>>># be placed in the first column followed by the corresponding host name.
>>>>>># The IP address and the host name should be separated by at least one
>>>>>># space.
>>>>>>#
>>>>>># Additionally, comments (such as these) may be inserted on individual
>>>>>># lines or following the machine name denoted by a '#' symbol.
>>>>>>#
>>>>>># For example:
>>>>>>#
>>>>>>#      102.54.94.97     rhino.acme.com          # source server
>>>>>>#       38.25.63.10     x.acme.com              # x client host
>>>>>>
>>>>>># localhost name resolution is handled within DNS itself.
>>>>>>#	127.0.0.1       localhost
>>>>>>#	::1             localhost
>>>>>>
>>>>>>If you have any un-commented entries following the above, that's likely sign of malware activity.
>>>>>>
>>>>>>>Hi Jos,
>>>>>>>
>>>>>>>Thanks for the response. I do not know what you mean by hosts file. Where do I look?
>>>>>>>
>>>>>>>Thanks,
>>>>>>>
>>>>>>>Ken
>>>>>>>
>>>>>>>>Have you checked your hosts file?
>>>>>>>>
>>>>>>>>>Looking for suggestions to solve a strange problem. I cannot use any search engine. When I try www.google.com, my computer just saunters off into cyberspace and refuses to cooperate. Of course I cannot google "I cannot google". Here is what I have tried so far:
>>>>>>>>>
>>>>>>>>>It is my laptop. WIN 7 Enterprise 64bit. No problem visiting any other web site.... just cannot google or bing.
>>>>>>>>>
>>>>>>>>>1. Other computers on home network have no problem. I have ATT UVERSE with several computers networked. Only my laptop is affected
>>>>>>>>>2. My main browser is IE but I have tried other browsers, even google chrome but no luck
>>>>>>>>>3. I took computer (it is a laptop) to other WI-FI spots with same result
>>>>>>>>>4. Used MALWARE BYTES, a rootkit killer and AVG Rootkit scans but found nothing.
>>>>>>>>>5. Searched through all IE options but found nothing.
>>>>>>>>>6. Turned off Windows firewall to no avail.
>>>>>>>>>
>>>>>>>>>This is VERY ANNOYING!!
>>>>>>>>>
>>>>>>>>>Any suggestions??
>>>>>>>>>
>>>>>>>>>Thanks,
>>>>>>>>>
>>>>>>>>>Ken
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform