Google.com hijacked?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BigJake

Thread Starter
Joined
Aug 12, 2003
Messages
20
Hey all,

I've been having a weird problem lately whereby when I go to
load www.google.com it takes forever to load and when it does

www.www.google.com.org loads, which clearly is not google.

Just wondering if this is the result of some spyware or something to do with googles servers.

Thanks for the help!
 
Joined
Dec 28, 2002
Messages
1,983
Do this:

Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.

Then read http://tomcoyote.org/SPYBOT/index1.html and download SpyBot - search & destroy. Then run SpyBot.
 
Joined
May 28, 2003
Messages
2,366
I think you have been hijacked. The best thing to do is go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet. While I'm not one, there are gurus here that can finfd and tell you how to get rid of the unwanted stuff.
 

BigJake

Thread Starter
Joined
Aug 12, 2003
Messages
20
Thanks..it the spybot search and destroy worked for the most part..
Google is still funked up though...
hmmm..im going to try hijack this...
 

BigJake

Thread Starter
Joined
Aug 12, 2003
Messages
20
WOOOOAH!! Something major happened!!!

Can somebody help me out with this log..its messed.

Logfile of HijackThis v1.97.2
Scan saved at 5:10:40 PM, on 9/21/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Mixer.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Overnet\overnet.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Jake\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 64.191.59.85 www.google.com
O1 - Hosts: 64.191.59.85 www.altavista.com
O1 - Hosts: 64.191.59.85 altavista.com
O1 - Hosts: 64.191.59.85 uk.search.yahoo.com
O1 - Hosts: 64.191.59.85 ca.search.yahoo.com
O1 - Hosts: 64.191.59.85 jp.search.yahoo.com
O1 - Hosts: 64.191.59.85 au.search.yahoo.com
O1 - Hosts: 64.191.59.85 de.search.yahoo.com
O1 - Hosts: 64.191.59.85 search.yahoo.co.jp
O1 - Hosts: 64.191.59.85 www.lycos.de
O1 - Hosts: 64.191.59.85 www.lycos.ca
O1 - Hosts: 64.191.59.85 www.lycos.jp
O1 - Hosts: 64.191.59.85 www.lycos.co.jp
O1 - Hosts: 64.191.59.85 alltheweb.com
O1 - Hosts: 64.191.59.85 web.ask.com
O1 - Hosts: 64.191.59.85 ask.com
O1 - Hosts: 64.191.59.85 www.ask.com
O1 - Hosts: 64.191.59.85 www.teoma.com
O1 - Hosts: 64.191.59.85 search.aol.com
O1 - Hosts: 64.191.59.85 www.looksmart.com
O1 - Hosts: 64.191.59.85 ca.search.msn.com
O1 - Hosts: 64.191.59.85 fr.ca.search.msn.com
O1 - Hosts: 64.191.59.85 search.fr.msn.be
O1 - Hosts: 64.191.59.85 search.fr.msn.ch
O1 - Hosts: 64.191.59.85 search.latam.yupimsn.com
O1 - Hosts: 64.191.59.85 search.msn.at
O1 - Hosts: 64.191.59.85 search.msn.be
O1 - Hosts: 64.191.59.85 search.msn.ch
O1 - Hosts: 64.191.59.85 search.msn.co.in
O1 - Hosts: 64.191.59.85 search.msn.co.jp
O1 - Hosts: 64.191.59.85 search.msn.co.kr
O1 - Hosts: 64.191.59.85 search.msn.com.br
O1 - Hosts: 64.191.59.85 search.msn.com.hk
O1 - Hosts: 64.191.59.85 search.msn.com.my
O1 - Hosts: 64.191.59.85 search.msn.com.sg
O1 - Hosts: 64.191.59.85 search.msn.com.tw
O1 - Hosts: 64.191.59.85 search.msn.co.za
O1 - Hosts: 64.191.59.85 search.msn.de
O1 - Hosts: 64.191.59.85 search.msn.dk
O1 - Hosts: 64.191.59.85 search.msn.es
O1 - Hosts: 64.191.59.85 search.msn.fi
O1 - Hosts: 64.191.59.85 search.msn.fr
O1 - Hosts: 64.191.59.85 search.msn.it
O1 - Hosts: 64.191.59.85 search.msn.nl
O1 - Hosts: 64.191.59.85 search.msn.no
O1 - Hosts: 64.191.59.85 search.msn.se
O1 - Hosts: 64.191.59.85 search.ninemsn.com.au
O1 - Hosts: 64.191.59.85 search.t1msn.com.mx
O1 - Hosts: 64.191.59.85 search.xtramsn.co.nz
O1 - Hosts: 64.191.59.85 search.yupimsn.com
O1 - Hosts: 64.191.59.85 uk.search.msn.com
O1 - Hosts: 64.191.59.85 search.lycos.com
O1 - Hosts: 64.191.59.85 www.lycos.com
O1 - Hosts: 64.191.59.85 www.google.ca
O1 - Hosts: 64.191.59.85 www.google.uk
O1 - Hosts: 64.191.59.85 www.google.co.uk
O1 - Hosts: 64.191.59.85 www.google.com.au
O1 - Hosts: 64.191.59.85 www.google.co.jp
O1 - Hosts: 64.191.59.85 www.google.jp
O1 - Hosts: 64.191.59.85 www.google.at
O1 - Hosts: 64.191.59.85 www.google.be
O1 - Hosts: 64.191.59.85 www.google.ch
O1 - Hosts: 64.191.59.85 www.google.de
O1 - Hosts: 64.191.59.85 www.google.dk
O1 - Hosts: 64.191.59.85 www.google.fi
O1 - Hosts: 64.191.59.85 www.google.fr
O1 - Hosts: 64.191.59.85 www.google.com.gr
O1 - Hosts: 64.191.59.85 www.google.com.hk
O1 - Hosts: 64.191.59.85 www.google.ie
O1 - Hosts: 64.191.59.85 www.google.co.il
O1 - Hosts: 64.191.59.85 www.google.it
O1 - Hosts: 64.191.59.85 www.google.co.kr
O1 - Hosts: 64.191.59.85 www.google.com.mx
O1 - Hosts: 64.191.59.85 www.google.nl
O1 - Hosts: 64.191.59.85 www.google.co.nz
O1 - Hosts: 64.191.59.85 www.google.pl
O1 - Hosts: 64.191.59.85 www.google.pt
O1 - Hosts: 64.191.59.85 www.google.com.ru
O1 - Hosts: 64.191.59.85 www.google.com.sg
O1 - Hosts: 64.191.59.85 www.google.co.th
O1 - Hosts: 64.191.59.85 www.google.com.tr
O1 - Hosts: 64.191.59.85 www.google.com.tw
O1 - Hosts: 64.191.59.85 google.at
O1 - Hosts: 64.191.59.85 google.be
O1 - Hosts: 64.191.59.85 google.dk
O1 - Hosts: 64.191.59.85 google.fi
O1 - Hosts: 64.191.59.85 google.fr
O1 - Hosts: 64.191.59.85 google.com.hk
O1 - Hosts: 64.191.59.85 google.ie
O1 - Hosts: 64.191.59.85 google.co.il
O1 - Hosts: 64.191.59.85 google.it
O1 - Hosts: 64.191.59.85 google.co.kr
O1 - Hosts: 64.191.59.85 google.com.mx
O1 - Hosts: 64.191.59.85 google.nl
O1 - Hosts: 64.191.59.85 google.co.nz
O1 - Hosts: 64.191.59.85 google.pl
O1 - Hosts: 64.191.59.85 google.com.ru
O1 - Hosts: 64.191.59.85 google.com.sg
O1 - Hosts: 64.191.59.85 www.hotbot.com
O1 - Hosts: 64.191.59.85 hotbot.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.8600115741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69304FAE-19D1-4117-9F01-A640A2454EE4}: NameServer = 206.47.244.101 198.235.216.114
O17 - HKLM\System\CS1\Services\Tcpip\..\{69304FAE-19D1-4117-9F01-A640A2454EE4}: NameServer = 206.47.244.101 198.235.216.114
 
Joined
Dec 28, 2002
Messages
1,983
Did you do this before you ran spybot and HiJackThis?

Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.
 

BigJake

Thread Starter
Joined
Aug 12, 2003
Messages
20
Thanks for the help everybody..
Nw the real question...

Does anybody know what caused this..

Goddarn crap *** spam search engeine hijackers!!! GRRRRR!!
 

Triple6

Moderator
Joined
Dec 26, 2002
Messages
52,930
First Name
Rob
Spyware and advertising software. If you're ever on a website that offers some sort of free browser enhancements - this is what you get. Also if you load Kazaa or accidently type in a wrong web address you can get linked into these sites and that hijack your computer.
 
Joined
Jul 26, 2002
Messages
46,331
BigJake

You still need to fix the following with Hijack This.

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 64.191.59.85 www.google.com
O1 - Hosts: 64.191.59.85 www.altavista.com
O1 - Hosts: 64.191.59.85 altavista.com
O1 - Hosts: 64.191.59.85 uk.search.yahoo.com
O1 - Hosts: 64.191.59.85 ca.search.yahoo.com
O1 - Hosts: 64.191.59.85 jp.search.yahoo.com
O1 - Hosts: 64.191.59.85 au.search.yahoo.com
O1 - Hosts: 64.191.59.85 de.search.yahoo.com
O1 - Hosts: 64.191.59.85 search.yahoo.co.jp
O1 - Hosts: 64.191.59.85 www.lycos.de
O1 - Hosts: 64.191.59.85 www.lycos.ca
O1 - Hosts: 64.191.59.85 www.lycos.jp
O1 - Hosts: 64.191.59.85 www.lycos.co.jp
O1 - Hosts: 64.191.59.85 alltheweb.com
O1 - Hosts: 64.191.59.85 web.ask.com
O1 - Hosts: 64.191.59.85 ask.com
O1 - Hosts: 64.191.59.85 www.ask.com
O1 - Hosts: 64.191.59.85 www.teoma.com
O1 - Hosts: 64.191.59.85 search.aol.com
O1 - Hosts: 64.191.59.85 www.looksmart.com
O1 - Hosts: 64.191.59.85 ca.search.msn.com
O1 - Hosts: 64.191.59.85 fr.ca.search.msn.com
O1 - Hosts: 64.191.59.85 search.fr.msn.be
O1 - Hosts: 64.191.59.85 search.fr.msn.ch
O1 - Hosts: 64.191.59.85 search.latam.yupimsn.com
O1 - Hosts: 64.191.59.85 search.msn.at
O1 - Hosts: 64.191.59.85 search.msn.be
O1 - Hosts: 64.191.59.85 search.msn.ch
O1 - Hosts: 64.191.59.85 search.msn.co.in
O1 - Hosts: 64.191.59.85 search.msn.co.jp
O1 - Hosts: 64.191.59.85 search.msn.co.kr
O1 - Hosts: 64.191.59.85 search.msn.com.br
O1 - Hosts: 64.191.59.85 search.msn.com.hk
O1 - Hosts: 64.191.59.85 search.msn.com.my
O1 - Hosts: 64.191.59.85 search.msn.com.sg
O1 - Hosts: 64.191.59.85 search.msn.com.tw
O1 - Hosts: 64.191.59.85 search.msn.co.za
O1 - Hosts: 64.191.59.85 search.msn.de
O1 - Hosts: 64.191.59.85 search.msn.dk
O1 - Hosts: 64.191.59.85 search.msn.es
O1 - Hosts: 64.191.59.85 search.msn.fi
O1 - Hosts: 64.191.59.85 search.msn.fr
O1 - Hosts: 64.191.59.85 search.msn.it
O1 - Hosts: 64.191.59.85 search.msn.nl
O1 - Hosts: 64.191.59.85 search.msn.no
O1 - Hosts: 64.191.59.85 search.msn.se
O1 - Hosts: 64.191.59.85 search.ninemsn.com.au
O1 - Hosts: 64.191.59.85 search.t1msn.com.mx
O1 - Hosts: 64.191.59.85 search.xtramsn.co.nz
O1 - Hosts: 64.191.59.85 search.yupimsn.com
O1 - Hosts: 64.191.59.85 uk.search.msn.com
O1 - Hosts: 64.191.59.85 search.lycos.com
O1 - Hosts: 64.191.59.85 www.lycos.com
O1 - Hosts: 64.191.59.85 www.google.ca
O1 - Hosts: 64.191.59.85 www.google.uk
O1 - Hosts: 64.191.59.85 www.google.co.uk
O1 - Hosts: 64.191.59.85 www.google.com.au
O1 - Hosts: 64.191.59.85 www.google.co.jp
O1 - Hosts: 64.191.59.85 www.google.jp
O1 - Hosts: 64.191.59.85 www.google.at
O1 - Hosts: 64.191.59.85 www.google.be
O1 - Hosts: 64.191.59.85 www.google.ch
O1 - Hosts: 64.191.59.85 www.google.de
O1 - Hosts: 64.191.59.85 www.google.dk
O1 - Hosts: 64.191.59.85 www.google.fi
O1 - Hosts: 64.191.59.85 www.google.fr
O1 - Hosts: 64.191.59.85 www.google.com.gr
O1 - Hosts: 64.191.59.85 www.google.com.hk
O1 - Hosts: 64.191.59.85 www.google.ie
O1 - Hosts: 64.191.59.85 www.google.co.il
O1 - Hosts: 64.191.59.85 www.google.it
O1 - Hosts: 64.191.59.85 www.google.co.kr
O1 - Hosts: 64.191.59.85 www.google.com.mx
O1 - Hosts: 64.191.59.85 www.google.nl
O1 - Hosts: 64.191.59.85 www.google.co.nz
O1 - Hosts: 64.191.59.85 www.google.pl
O1 - Hosts: 64.191.59.85 www.google.pt
O1 - Hosts: 64.191.59.85 www.google.com.ru
O1 - Hosts: 64.191.59.85 www.google.com.sg
O1 - Hosts: 64.191.59.85 www.google.co.th
O1 - Hosts: 64.191.59.85 www.google.com.tr
O1 - Hosts: 64.191.59.85 www.google.com.tw
O1 - Hosts: 64.191.59.85 google.at
O1 - Hosts: 64.191.59.85 google.be
O1 - Hosts: 64.191.59.85 google.dk
O1 - Hosts: 64.191.59.85 google.fi
O1 - Hosts: 64.191.59.85 google.fr
O1 - Hosts: 64.191.59.85 google.com.hk
O1 - Hosts: 64.191.59.85 google.ie
O1 - Hosts: 64.191.59.85 google.co.il
O1 - Hosts: 64.191.59.85 google.it
O1 - Hosts: 64.191.59.85 google.co.kr
O1 - Hosts: 64.191.59.85 google.com.mx
O1 - Hosts: 64.191.59.85 google.nl
O1 - Hosts: 64.191.59.85 google.co.nz
O1 - Hosts: 64.191.59.85 google.pl
O1 - Hosts: 64.191.59.85 google.com.ru
O1 - Hosts: 64.191.59.85 google.com.sg
O1 - Hosts: 64.191.59.85 www.hotbot.com
O1 - Hosts: 64.191.59.85 hotbot.com

Resytart your computer.

Be sure and take advantage of the "Immunize" feature in Spybot.

Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
On this page you will find a link to Javacool's SpywareBlaster and Spyware Guard. Get them both and check for updates frequently.
The Immunize feature in Spybot used in conjunction with SpywareBlaster and SpywareGuard and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster and SpywareGuard on a weekly basis.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,418
I never saw one that put so many entries in the HOSTS file, I wonder what's at 64.191.59.85? Nothing that I'd want to visit I'll bet! :D
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top