Can't Access Major Search Sites By URL

A

allanc

Well-Known Member
Reaction score
387
Location
Toronto, Ontario, Canada
A client running XP PRO sp3 is having an interesting problem.
They are using the Windows Firewall and Avira Free (same results with AVG).

They can't access the major search engines by URL (Google, Yahoo, etc).
However, they can by IP address.
Any attempt to access another page within the domain (again by URL) or actually search go nowhere.

I set their home page to dogpile.con (another lesser known search engine) and it is not blocked.
So, they can use this search engine until the problem is resolved.

I have checked their hosts, ran process explorer, autoruns, hijackthis, SAS, Malware Bytes, Spybot and all is well.
Neither AVG or Avira find any issues.
I have checked their TCP/IP settings and everything is set to automatic.

Both Internet Explorer and a newly installed FireFox (4.x) have the same problem.

A bit of background....
This computer was infected and the client brought the computer to Staples.
After the tech was finished he said that the computer was infected with some sort of 'google virus' and that is why he (at Staples) could not access the major search engines either.
He said that he removed the virus but that the computer needed to be formatted and Windows reinstalled.

All assistance is appreciated.
 
What about if you ping google.com, can it resolve it then?

I'd second trying a diff user account as well.
 
Check the DNS settings, try using different servers such as Google's:

8.8.8.8
8.8.4.4

Display and/or flush the DNS resolver cache.

Have you checked the proxy settings?

Ping both the IP address and URL and see what response you get.

Tracert the IP address and URL see where the URL stops at.

Have you checked the MBR, run aswMBR?

Have you checked for rootkits, run tdsskiller, gmer, etc.?

Run some offline scans like Avria Rescue CD or Dr. Web Live CD.

Run OTL by oldtimer instead of Hijackthis.

Have you tried running Combofix?
 
Last edited:
Try flushing the DNS Cache. That should probably clear up the issue if the virus is gone.

Steps:
1) open command prompt
2) type "ipconfig /flushdns"
 
I would suggest downloading and running rkill if you can. if not, load it onto a thumb drive on another PC and then bring the thumb drive to the PC that has issues. rkill will locate and stop any malware processes that might be running. After this, download and run TDSSKiller. It will search for and remove commonly known re-direct bugs in IE.
After that, go into internet explorer settings - advanced - and reset IE settings to their default settings.
 
B Trevathan said:
Check the DNS settings, try using different servers such as Google's:

8.8.8.8
8.8.4.4

Display and/or flush the DNS resolver cache.

Have you checked the proxy settings?

Ping both the IP address and URL and see what response you get.

Tracert the IP address and URL see where the URL stops at.

Have you checked the MBR, run aswMBR?

Have you checked for rootkits, run tdsskiller, gmer, etc.?

Run some offline scans like Avria Rescue CD or Dr. Web Live CD.

Run OTL by oldtimer instead of Hijackthis.

Have you tried running Combofix?
Click to expand...
Using Google's DNS server results in all attempts to browse being unsuccessful.
I flushed the DNS with no success.
There are no proxy settings.
Pings are successful.
Ran 'aswMBR' with nothing found.
Gmer no results.
Tdsskiller results in a BSOD 'kernel_stack_Inpage_Error' which could be the results of a rootkit.
Avira rescue disk finds a 'tr/rootkit/gen2' in file windows/system32/acpi.sys but does not repair it.
 
Countryside said:
I would suggest downloading and running rkill if you can. if not, load it onto a thumb drive on another PC and then bring the thumb drive to the PC that has issues. rkill will locate and stop any malware processes that might be running. After this, download and run TDSSKiller. It will search for and remove commonly known re-direct bugs in IE.
After that, go into internet explorer settings - advanced - and reset IE settings to their default settings.
Click to expand...
Done. This also did not resolve the issue.
 
allanc said:
Tdsskiller results in a BSOD 'kernel_stack_Inpage_Error' which could be the results of a rootkit.
Avira rescue disk finds a 'tr/rootkit/gen2' in file windows/system32/acpi.sys but does not repair it.
Click to expand...
Looks like you may have found the root of your problems. :D I think the acpi.sys file is normally located in the C:\Windows\System32\drivers folder if it is in the C:\Windows\System32\ folder then it is probably a malware replacement. Is the MS original acpi.sys file in the drivers folder, I think it should be around 179 to 187 KB in size?

Avria Rescue CD and Dr. Web Live CD are set by default to scan only, I always check the Avria Rescue CD option to rename the malware files that it finds instead of deleting the malware so that if I ever have to back track I can go back and rename the malware to its original name.
 
B Trevathan said:
Looks like you may have found the root of your problems. :D I think the acpi.sys file is normally located in the C:\Windows\System32\drivers folder if it is in the C:\Windows\System32\ folder then it is probably a malware replacement. Is the MS original acpi.sys file in the drivers folder, I think it should be around 179 to 187 KB in size?

Avria Rescue CD and Dr. Web Live CD are set by default to scan only, I always check the Avria Rescue CD option to rename the malware files that it finds instead of deleting the malware so that if I ever have to back track I can go back and rename the malware to its original name.
Click to expand...
Oops.
My typo :o
The file is in the drivers folder.
Good eye on you though.
Tks.
 
You must log in or register to reply here.

Similar threads

GTP
Missing info
Replies
5
Views
486
GTP
GTP
Rigo
Google phone support number? Email pwd issues
2
Replies
23
Views
3K
Rigo
Rigo
HCHTech
Fun with Google Business listing
Replies
1
Views
313
ThatPlace928
ThatPlace928
callthatgirl
Outlook Classic Search vs New Outlook Search
Replies
0
Views
436
callthatgirl
callthatgirl
thecomputerguy
Punishing clients for their transgressions.
Replies
6
Views
552
sapphirescales
sapphirescales
Back
Top