1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google.com hijacked?

Discussion in 'Windows XP' started by BigJake, Sep 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. BigJake

    BigJake Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    20
    Hey all,

    I've been having a weird problem lately whereby when I go to
    load www.google.com it takes forever to load and when it does

    www.www.google.com.org loads, which clearly is not google.

    Just wondering if this is the result of some spyware or something to do with googles servers.

    Thanks for the help!
     
  2. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Do this:

    Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.

    Then read http://tomcoyote.org/SPYBOT/index1.html and download SpyBot - search & destroy. Then run SpyBot.
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    I think you have been hijacked. The best thing to do is go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet. While I'm not one, there are gurus here that can finfd and tell you how to get rid of the unwanted stuff.
     
  4. BigJake

    BigJake Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    20
    Thanks..it the spybot search and destroy worked for the most part..
    Google is still funked up though...
    hmmm..im going to try hijack this...
     
  5. BigJake

    BigJake Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    20
    WOOOOAH!! Something major happened!!!

    Can somebody help me out with this log..its messed.

    Logfile of HijackThis v1.97.2
    Scan saved at 5:10:40 PM, on 9/21/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\Mixer.exe
    D:\WINDOWS\System32\RUNDLL32.EXE
    D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    D:\Program Files\Overnet\overnet.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Jake\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.59.85 www.google.com
    O1 - Hosts: 64.191.59.85 www.altavista.com
    O1 - Hosts: 64.191.59.85 altavista.com
    O1 - Hosts: 64.191.59.85 uk.search.yahoo.com
    O1 - Hosts: 64.191.59.85 ca.search.yahoo.com
    O1 - Hosts: 64.191.59.85 jp.search.yahoo.com
    O1 - Hosts: 64.191.59.85 au.search.yahoo.com
    O1 - Hosts: 64.191.59.85 de.search.yahoo.com
    O1 - Hosts: 64.191.59.85 search.yahoo.co.jp
    O1 - Hosts: 64.191.59.85 www.lycos.de
    O1 - Hosts: 64.191.59.85 www.lycos.ca
    O1 - Hosts: 64.191.59.85 www.lycos.jp
    O1 - Hosts: 64.191.59.85 www.lycos.co.jp
    O1 - Hosts: 64.191.59.85 alltheweb.com
    O1 - Hosts: 64.191.59.85 web.ask.com
    O1 - Hosts: 64.191.59.85 ask.com
    O1 - Hosts: 64.191.59.85 www.ask.com
    O1 - Hosts: 64.191.59.85 www.teoma.com
    O1 - Hosts: 64.191.59.85 search.aol.com
    O1 - Hosts: 64.191.59.85 www.looksmart.com
    O1 - Hosts: 64.191.59.85 ca.search.msn.com
    O1 - Hosts: 64.191.59.85 fr.ca.search.msn.com
    O1 - Hosts: 64.191.59.85 search.fr.msn.be
    O1 - Hosts: 64.191.59.85 search.fr.msn.ch
    O1 - Hosts: 64.191.59.85 search.latam.yupimsn.com
    O1 - Hosts: 64.191.59.85 search.msn.at
    O1 - Hosts: 64.191.59.85 search.msn.be
    O1 - Hosts: 64.191.59.85 search.msn.ch
    O1 - Hosts: 64.191.59.85 search.msn.co.in
    O1 - Hosts: 64.191.59.85 search.msn.co.jp
    O1 - Hosts: 64.191.59.85 search.msn.co.kr
    O1 - Hosts: 64.191.59.85 search.msn.com.br
    O1 - Hosts: 64.191.59.85 search.msn.com.hk
    O1 - Hosts: 64.191.59.85 search.msn.com.my
    O1 - Hosts: 64.191.59.85 search.msn.com.sg
    O1 - Hosts: 64.191.59.85 search.msn.com.tw
    O1 - Hosts: 64.191.59.85 search.msn.co.za
    O1 - Hosts: 64.191.59.85 search.msn.de
    O1 - Hosts: 64.191.59.85 search.msn.dk
    O1 - Hosts: 64.191.59.85 search.msn.es
    O1 - Hosts: 64.191.59.85 search.msn.fi
    O1 - Hosts: 64.191.59.85 search.msn.fr
    O1 - Hosts: 64.191.59.85 search.msn.it
    O1 - Hosts: 64.191.59.85 search.msn.nl
    O1 - Hosts: 64.191.59.85 search.msn.no
    O1 - Hosts: 64.191.59.85 search.msn.se
    O1 - Hosts: 64.191.59.85 search.ninemsn.com.au
    O1 - Hosts: 64.191.59.85 search.t1msn.com.mx
    O1 - Hosts: 64.191.59.85 search.xtramsn.co.nz
    O1 - Hosts: 64.191.59.85 search.yupimsn.com
    O1 - Hosts: 64.191.59.85 uk.search.msn.com
    O1 - Hosts: 64.191.59.85 search.lycos.com
    O1 - Hosts: 64.191.59.85 www.lycos.com
    O1 - Hosts: 64.191.59.85 www.google.ca
    O1 - Hosts: 64.191.59.85 www.google.uk
    O1 - Hosts: 64.191.59.85 www.google.co.uk
    O1 - Hosts: 64.191.59.85 www.google.com.au
    O1 - Hosts: 64.191.59.85 www.google.co.jp
    O1 - Hosts: 64.191.59.85 www.google.jp
    O1 - Hosts: 64.191.59.85 www.google.at
    O1 - Hosts: 64.191.59.85 www.google.be
    O1 - Hosts: 64.191.59.85 www.google.ch
    O1 - Hosts: 64.191.59.85 www.google.de
    O1 - Hosts: 64.191.59.85 www.google.dk
    O1 - Hosts: 64.191.59.85 www.google.fi
    O1 - Hosts: 64.191.59.85 www.google.fr
    O1 - Hosts: 64.191.59.85 www.google.com.gr
    O1 - Hosts: 64.191.59.85 www.google.com.hk
    O1 - Hosts: 64.191.59.85 www.google.ie
    O1 - Hosts: 64.191.59.85 www.google.co.il
    O1 - Hosts: 64.191.59.85 www.google.it
    O1 - Hosts: 64.191.59.85 www.google.co.kr
    O1 - Hosts: 64.191.59.85 www.google.com.mx
    O1 - Hosts: 64.191.59.85 www.google.nl
    O1 - Hosts: 64.191.59.85 www.google.co.nz
    O1 - Hosts: 64.191.59.85 www.google.pl
    O1 - Hosts: 64.191.59.85 www.google.pt
    O1 - Hosts: 64.191.59.85 www.google.com.ru
    O1 - Hosts: 64.191.59.85 www.google.com.sg
    O1 - Hosts: 64.191.59.85 www.google.co.th
    O1 - Hosts: 64.191.59.85 www.google.com.tr
    O1 - Hosts: 64.191.59.85 www.google.com.tw
    O1 - Hosts: 64.191.59.85 google.at
    O1 - Hosts: 64.191.59.85 google.be
    O1 - Hosts: 64.191.59.85 google.dk
    O1 - Hosts: 64.191.59.85 google.fi
    O1 - Hosts: 64.191.59.85 google.fr
    O1 - Hosts: 64.191.59.85 google.com.hk
    O1 - Hosts: 64.191.59.85 google.ie
    O1 - Hosts: 64.191.59.85 google.co.il
    O1 - Hosts: 64.191.59.85 google.it
    O1 - Hosts: 64.191.59.85 google.co.kr
    O1 - Hosts: 64.191.59.85 google.com.mx
    O1 - Hosts: 64.191.59.85 google.nl
    O1 - Hosts: 64.191.59.85 google.co.nz
    O1 - Hosts: 64.191.59.85 google.pl
    O1 - Hosts: 64.191.59.85 google.com.ru
    O1 - Hosts: 64.191.59.85 google.com.sg
    O1 - Hosts: 64.191.59.85 www.hotbot.com
    O1 - Hosts: 64.191.59.85 hotbot.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.8600115741
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{69304FAE-19D1-4117-9F01-A640A2454EE4}: NameServer = 206.47.244.101 198.235.216.114
    O17 - HKLM\System\CS1\Services\Tcpip\..\{69304FAE-19D1-4117-9F01-A640A2454EE4}: NameServer = 206.47.244.101 198.235.216.114
     
  6. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Did you do this before you ran spybot and HiJackThis?

    Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.
     
  7. BigJake

    BigJake Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    20
  8. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,847
    First Name:
    Rob
  9. BigJake

    BigJake Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    20
    Thanks for the help everybody..
    Nw the real question...

    Does anybody know what caused this..

    Goddarn crap *** spam search engeine hijackers!!! GRRRRR!!
     
  10. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,847
    First Name:
    Rob
    Spyware and advertising software. If you're ever on a website that offers some sort of free browser enhancements - this is what you get. Also if you load Kazaa or accidently type in a wrong web address you can get linked into these sites and that hijack your computer.
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    BigJake

    You still need to fix the following with Hijack This.

    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.59.85 www.google.com
    O1 - Hosts: 64.191.59.85 www.altavista.com
    O1 - Hosts: 64.191.59.85 altavista.com
    O1 - Hosts: 64.191.59.85 uk.search.yahoo.com
    O1 - Hosts: 64.191.59.85 ca.search.yahoo.com
    O1 - Hosts: 64.191.59.85 jp.search.yahoo.com
    O1 - Hosts: 64.191.59.85 au.search.yahoo.com
    O1 - Hosts: 64.191.59.85 de.search.yahoo.com
    O1 - Hosts: 64.191.59.85 search.yahoo.co.jp
    O1 - Hosts: 64.191.59.85 www.lycos.de
    O1 - Hosts: 64.191.59.85 www.lycos.ca
    O1 - Hosts: 64.191.59.85 www.lycos.jp
    O1 - Hosts: 64.191.59.85 www.lycos.co.jp
    O1 - Hosts: 64.191.59.85 alltheweb.com
    O1 - Hosts: 64.191.59.85 web.ask.com
    O1 - Hosts: 64.191.59.85 ask.com
    O1 - Hosts: 64.191.59.85 www.ask.com
    O1 - Hosts: 64.191.59.85 www.teoma.com
    O1 - Hosts: 64.191.59.85 search.aol.com
    O1 - Hosts: 64.191.59.85 www.looksmart.com
    O1 - Hosts: 64.191.59.85 ca.search.msn.com
    O1 - Hosts: 64.191.59.85 fr.ca.search.msn.com
    O1 - Hosts: 64.191.59.85 search.fr.msn.be
    O1 - Hosts: 64.191.59.85 search.fr.msn.ch
    O1 - Hosts: 64.191.59.85 search.latam.yupimsn.com
    O1 - Hosts: 64.191.59.85 search.msn.at
    O1 - Hosts: 64.191.59.85 search.msn.be
    O1 - Hosts: 64.191.59.85 search.msn.ch
    O1 - Hosts: 64.191.59.85 search.msn.co.in
    O1 - Hosts: 64.191.59.85 search.msn.co.jp
    O1 - Hosts: 64.191.59.85 search.msn.co.kr
    O1 - Hosts: 64.191.59.85 search.msn.com.br
    O1 - Hosts: 64.191.59.85 search.msn.com.hk
    O1 - Hosts: 64.191.59.85 search.msn.com.my
    O1 - Hosts: 64.191.59.85 search.msn.com.sg
    O1 - Hosts: 64.191.59.85 search.msn.com.tw
    O1 - Hosts: 64.191.59.85 search.msn.co.za
    O1 - Hosts: 64.191.59.85 search.msn.de
    O1 - Hosts: 64.191.59.85 search.msn.dk
    O1 - Hosts: 64.191.59.85 search.msn.es
    O1 - Hosts: 64.191.59.85 search.msn.fi
    O1 - Hosts: 64.191.59.85 search.msn.fr
    O1 - Hosts: 64.191.59.85 search.msn.it
    O1 - Hosts: 64.191.59.85 search.msn.nl
    O1 - Hosts: 64.191.59.85 search.msn.no
    O1 - Hosts: 64.191.59.85 search.msn.se
    O1 - Hosts: 64.191.59.85 search.ninemsn.com.au
    O1 - Hosts: 64.191.59.85 search.t1msn.com.mx
    O1 - Hosts: 64.191.59.85 search.xtramsn.co.nz
    O1 - Hosts: 64.191.59.85 search.yupimsn.com
    O1 - Hosts: 64.191.59.85 uk.search.msn.com
    O1 - Hosts: 64.191.59.85 search.lycos.com
    O1 - Hosts: 64.191.59.85 www.lycos.com
    O1 - Hosts: 64.191.59.85 www.google.ca
    O1 - Hosts: 64.191.59.85 www.google.uk
    O1 - Hosts: 64.191.59.85 www.google.co.uk
    O1 - Hosts: 64.191.59.85 www.google.com.au
    O1 - Hosts: 64.191.59.85 www.google.co.jp
    O1 - Hosts: 64.191.59.85 www.google.jp
    O1 - Hosts: 64.191.59.85 www.google.at
    O1 - Hosts: 64.191.59.85 www.google.be
    O1 - Hosts: 64.191.59.85 www.google.ch
    O1 - Hosts: 64.191.59.85 www.google.de
    O1 - Hosts: 64.191.59.85 www.google.dk
    O1 - Hosts: 64.191.59.85 www.google.fi
    O1 - Hosts: 64.191.59.85 www.google.fr
    O1 - Hosts: 64.191.59.85 www.google.com.gr
    O1 - Hosts: 64.191.59.85 www.google.com.hk
    O1 - Hosts: 64.191.59.85 www.google.ie
    O1 - Hosts: 64.191.59.85 www.google.co.il
    O1 - Hosts: 64.191.59.85 www.google.it
    O1 - Hosts: 64.191.59.85 www.google.co.kr
    O1 - Hosts: 64.191.59.85 www.google.com.mx
    O1 - Hosts: 64.191.59.85 www.google.nl
    O1 - Hosts: 64.191.59.85 www.google.co.nz
    O1 - Hosts: 64.191.59.85 www.google.pl
    O1 - Hosts: 64.191.59.85 www.google.pt
    O1 - Hosts: 64.191.59.85 www.google.com.ru
    O1 - Hosts: 64.191.59.85 www.google.com.sg
    O1 - Hosts: 64.191.59.85 www.google.co.th
    O1 - Hosts: 64.191.59.85 www.google.com.tr
    O1 - Hosts: 64.191.59.85 www.google.com.tw
    O1 - Hosts: 64.191.59.85 google.at
    O1 - Hosts: 64.191.59.85 google.be
    O1 - Hosts: 64.191.59.85 google.dk
    O1 - Hosts: 64.191.59.85 google.fi
    O1 - Hosts: 64.191.59.85 google.fr
    O1 - Hosts: 64.191.59.85 google.com.hk
    O1 - Hosts: 64.191.59.85 google.ie
    O1 - Hosts: 64.191.59.85 google.co.il
    O1 - Hosts: 64.191.59.85 google.it
    O1 - Hosts: 64.191.59.85 google.co.kr
    O1 - Hosts: 64.191.59.85 google.com.mx
    O1 - Hosts: 64.191.59.85 google.nl
    O1 - Hosts: 64.191.59.85 google.co.nz
    O1 - Hosts: 64.191.59.85 google.pl
    O1 - Hosts: 64.191.59.85 google.com.ru
    O1 - Hosts: 64.191.59.85 google.com.sg
    O1 - Hosts: 64.191.59.85 www.hotbot.com
    O1 - Hosts: 64.191.59.85 hotbot.com

    Resytart your computer.

    Be sure and take advantage of the "Immunize" feature in Spybot.

    Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
    On this page you will find a link to Javacool's SpywareBlaster and Spyware Guard. Get them both and check for updates frequently.
    The Immunize feature in Spybot used in conjunction with SpywareBlaster and SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

    Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.
     
  12. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I never saw one that put so many entries in the HOSTS file, I wonder what's at 64.191.59.85? Nothing that I'd want to visit I'll bet! :D
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166422

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice