Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Won't connect to yahoo or google servers


  • Please log in to reply
4 replies to this topic

#1 New_user22

New_user22

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 27 November 2009 - 11:13 PM

Hi everyone,
I am a new user here to the forums, as well as not very computer savvy. I have an emachines desktop that is probably over 5 years old, and it has Windows XP.
I recently had a problem with malware, some icons were downloaded onto my desktop and there were a bunch of antimalware program ads that popped up that were obviously fake. It took a long time to get rid of them, but I think they're gone now. I used Malwarebytes to get them off, and I also have McAfee SecurityCenter.

There isn't anything that Malwarebytes or McAfee is detecting now, but I am still having problems with getting my internet browser to connect to google, and the yahoo search engine (the main yahoo page will load)- it says it cannot connect. My Outlook Express email has also been loading extremely slowly or has been getting stuck. Is there anything else I need to do?

Here are the infected files/keys/etc that were in the MBAM logs.
Files Infected:
C:\WINDOWS\system32\oemlinkicon.ico (Malware.Trace) -> Quarantined and deleted successfully.
Memory Processes Infected:
C:\Documents and Settings\John\Local Settings\Temp\wow64main.exe (Malware.Packer) -> Unloaded process successfully.
C:\Documents and Settings\John\Local Settings\Temp\Installer.exe (Malware.Packer) -> Unloaded process successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wow64main.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\John\Local Settings\Temp\wow64main.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\Installer.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware\malw.db (Rogue.AntiMalware) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

I have no idea how this cropped up, but I'd be very grateful for any help I can get.
Thank you!

BC AdBot (Login to Remove)

 


#2 CoolCatBad

CoolCatBad

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 28 November 2009 - 01:44 AM

Looks like a Hosts file problem, hit Winkey + R to bring up the Run box. Copy and paste this command and hit OK-

Notepad C:\WINDOWS\System32\drivers\etc\hosts

Select all, Copy and post the results back here.

#3 New_user22

New_user22
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 28 November 2009 - 04:29 PM

Hi, thank you for the reply. (Also, thank you to whoever moved this! I am sorry I put it into the wrong area.)

Here are the results:

127.0.0.1 go.mail.ru
127.0.0.1 nova.rambler.ru
127.0.0.1 google.ad
127.0.0.1 www.google.ad
127.0.0.1 google.ae
127.0.0.1 www.google.ae
127.0.0.1 google.am
127.0.0.1 www.google.am
127.0.0.1 google.com.ar
127.0.0.1 www.google.com.ar
127.0.0.1 google.as
127.0.0.1 www.google.as
127.0.0.1 google.at
127.0.0.1 www.google.at
127.0.0.1 google.com.au
127.0.0.1 www.google.com.au
127.0.0.1 google.az
127.0.0.1 www.google.az
127.0.0.1 google.ba
127.0.0.1 www.google.ba
127.0.0.1 google.be
127.0.0.1 www.google.be
127.0.0.1 google.bg
127.0.0.1 www.google.bg
127.0.0.1 google.bs
127.0.0.1 www.google.bs
127.0.0.1 google.com.by
127.0.0.1 www.google.com.by
127.0.0.1 google.ca
127.0.0.1 www.google.ca
127.0.0.1 google.ch
127.0.0.1 www.google.ch
127.0.0.1 google.cn
127.0.0.1 www.google.cn
127.0.0.1 google.cz
127.0.0.1 www.google.cz
127.0.0.1 google.de
127.0.0.1 www.google.de
127.0.0.1 google.dk
127.0.0.1 www.google.dk
127.0.0.1 google.ee
127.0.0.1 www.google.ee
127.0.0.1 google.es
127.0.0.1 www.google.es
127.0.0.1 google.fi
127.0.0.1 www.google.fi
127.0.0.1 google.fr
127.0.0.1 www.google.fr
127.0.0.1 google.gr
127.0.0.1 www.google.gr
127.0.0.1 google.com.hk
127.0.0.1 www.google.com.hk
127.0.0.1 google.hr
127.0.0.1 www.google.hr
127.0.0.1 google.hu
127.0.0.1 www.google.hu
127.0.0.1 google.ie
127.0.0.1 www.google.ie
127.0.0.1 google.co.il
127.0.0.1 www.google.co.il
127.0.0.1 google.co.in
127.0.0.1 www.google.co.in
127.0.0.1 google.is
127.0.0.1 www.google.is
127.0.0.1 google.it
127.0.0.1 www.google.it
127.0.0.1 google.co.jp
127.0.0.1 www.google.co.jp
127.0.0.1 google.kg
127.0.0.1 www.google.kg
127.0.0.1 google.co.kr
127.0.0.1 www.google.co.kr
127.0.0.1 google.li
127.0.0.1 www.google.li
127.0.0.1 google.lt
127.0.0.1 www.google.lt
127.0.0.1 google.lu
127.0.0.1 www.google.lu
127.0.0.1 google.lv
127.0.0.1 www.google.lv
127.0.0.1 google.md
127.0.0.1 www.google.md
127.0.0.1 google.com.mx
127.0.0.1 www.google.com.mx
127.0.0.1 google.nl
127.0.0.1 www.google.nl
127.0.0.1 google.no
127.0.0.1 www.google.no
127.0.0.1 google.co.nz
127.0.0.1 www.google.co.nz
127.0.0.1 google.com.pe
127.0.0.1 www.google.com.pe
127.0.0.1 google.com.ph
127.0.0.1 www.google.com.ph
127.0.0.1 google.pl
127.0.0.1 www.google.pl
127.0.0.1 google.pt
127.0.0.1 www.google.pt
127.0.0.1 google.ro
127.0.0.1 www.google.ro
127.0.0.1 google.ru
127.0.0.1 www.google.ru
127.0.0.1 google.com.ru
127.0.0.1 www.google.com.ru
127.0.0.1 google.com.sa
127.0.0.1 www.google.com.sa
127.0.0.1 google.se
127.0.0.1 www.google.se
127.0.0.1 google.com.sg
127.0.0.1 www.google.com.sg
127.0.0.1 google.si
127.0.0.1 www.google.si
127.0.0.1 google.sk
127.0.0.1 www.google.sk
127.0.0.1 google.co.th
127.0.0.1 www.google.co.th
127.0.0.1 google.com.tj
127.0.0.1 www.google.com.tj
127.0.0.1 google.tm
127.0.0.1 www.google.tm
127.0.0.1 google.com.tr
127.0.0.1 www.google.com.tr
127.0.0.1 google.com.tw
127.0.0.1 www.google.com.tw
127.0.0.1 google.com.ua
127.0.0.1 www.google.com.ua
127.0.0.1 google.co.uk
127.0.0.1 www.google.co.uk
127.0.0.1 google.co.vi
127.0.0.1 www.google.co.vi
127.0.0.1 google.com
127.0.0.1 www.google.com
127.0.0.1 google.us
127.0.0.1 www.google.us
127.0.0.1 google.com.pl
127.0.0.1 www.google.com.pl
127.0.0.1 google.co.hu
127.0.0.1 www.google.co.hu
127.0.0.1 google.ge
127.0.0.1 www.google.ge
127.0.0.1 google.kz
127.0.0.1 www.google.kz
127.0.0.1 google.co.uz
127.0.0.1 www.google.co.uz
127.0.0.1 bing.com
127.0.0.1 www.bing.com
127.0.0.1 search.yahoo.com
127.0.0.1 ca.search.yahoo.com
127.0.0.1 ar.search.yahoo.com
127.0.0.1 cl.search.yahoo.com
127.0.0.1 co.search.yahoo.com
127.0.0.1 mx.search.yahoo.com
127.0.0.1 espanol.search.yahoo.com
127.0.0.1 qc.search.yahoo.com
127.0.0.1 ve.search.yahoo.com
127.0.0.1 pe.search.yahoo.com
127.0.0.1 at.search.yahoo.com
127.0.0.1 ct.search.yahoo.com
127.0.0.1 dk.search.yahoo.com
127.0.0.1 fi.search.yahoo.com
127.0.0.1 fr.search.yahoo.com
127.0.0.1 de.search.yahoo.com
127.0.0.1 it.search.yahoo.com
127.0.0.1 nl.search.yahoo.com
127.0.0.1 no.search.yahoo.com
127.0.0.1 ru.search.yahoo.com
127.0.0.1 es.search.yahoo.com
127.0.0.1 se.search.yahoo.com
127.0.0.1 ch.search.yahoo.com
127.0.0.1 uk.search.yahoo.com
127.0.0.1 asia.search.yahoo.com
127.0.0.1 au.search.yahoo.com
127.0.0.1 one.cn.yahoo.com
127.0.0.1 hk.search.yahoo.com
127.0.0.1 in.search.yahoo.com
127.0.0.1 id.search.yahoo.com
127.0.0.1 search.yahoo.co.jp
127.0.0.1 kr.search.yahoo.com
127.0.0.1 malaysia.search.yahoo.com
127.0.0.1 nz.search.yahoo.com
127.0.0.1 ph.search.yahoo.com
127.0.0.1 sg.search.yahoo.com
127.0.0.1 tw.search.yahoo.com
127.0.0.1 th.search.yahoo.com
127.0.0.1 vn.search.yahoo.com
127.0.0.1 images.google.com
127.0.0.1 images.google.ca
127.0.0.1 images.google.co.uk
127.0.0.1 news.google.com
127.0.0.1 news.google.ca
127.0.0.1 news.google.co.uk
127.0.0.1 video.google.com
127.0.0.1 video.google.ca
127.0.0.1 video.google.co.uk
127.0.0.1 blogsearch.google.com
127.0.0.1 blogsearch.google.ca
127.0.0.1 blogsearch.google.co.uk
127.0.0.1 searchservice.myspace.com
127.0.0.1 ask.com
127.0.0.1 www.ask.com
127.0.0.1 search.aol.com
127.0.0.1 search.netscape.com
127.0.0.1 yandex.ru
127.0.0.1 www.yandex.ru
127.0.0.1 yandex.ua
127.0.0.1 www.yandex.ua
127.0.0.1 search.about.com
127.0.0.1 www.verizon.net
127.0.0.1 verizon.net

#4 CoolCatBad

CoolCatBad

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 28 November 2009 - 10:11 PM

There's your problem, 127.0.0.1 is the Local Machine address. In other words this is a Hosts file hijack.

Go to this Microsoft site to get the official fix- http://support.microsoft.com/kb/972034

#5 New_user22

New_user22
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 29 November 2009 - 08:10 AM

Thank you so much! Problem solved! I really appreciate the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users