Google Error

Discussion in 'Troubleshooting Help' started by AesthetiCz, Feb 1, 2011.

  1. AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
  2. Rezin

    Rezin Member

    Joined:
    Oct 27, 2002
    Messages:
    9,490
    You um... might wanna do malware/virus scan.

    http://www.malwarebytes.org/

    Edit: Also, what DNS server(s) are you using? Command prompt and type 'ipconfig /all'.
     
  3. Creekin

    Creekin (Taking a Break)

    Joined:
    Jun 21, 2003
    Messages:
    10,109
    DNS trojan probably

    malwarebytes or
    super anti spyware
    :thumbup:

    if they cant remove it
    nuke it :D

    edit: i pointed at your sys tray icons and waited for a pop up...
    DERP!! :lol:
     
  4. OP
    OP
    AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
    hah too funny!

    Im doing a full Malware Bytes scan now.

    Ive got 3 print screens for from my ip config. Im sorry I dont really know what they mean.


    Click to view full size!



    Click to view full size!



    Click to view full size!
     
  5. Rezin

    Rezin Member

    Joined:
    Oct 27, 2002
    Messages:
    9,490
    Well your Dell Wi-Fi adapter is using the Belkin's DNS relay, so that's all good... as long as the Belkin is using your ISP's (or another reputable server). You can check via the Belkin's web admin page, but probably just wait and see what Malwarebytes turns up first (if anything).

    Edit: Did you install Hamachi yourself?
     
    Last edited: Feb 1, 2011
  6. OP
    OP
    AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
    Yeah I did install Hamachi a while. Havent really ever used it.

    I did full system scans on both Malware Bytes and Super Anti Spyware and while they both picked up issues neither have resolved this particular issue.

    I am not in the mood to reformat... :tired:
     
  7. Rezin

    Rezin Member

    Joined:
    Oct 27, 2002
    Messages:
    9,490
    Is it enabled/running? Also check what DNS servers the Belkin is using.
     
  8. domlebo

    domlebo Member

    Joined:
    Nov 13, 2004
    Messages:
    7,776
    Location:
    Brisbane
    Do a tracert to google and see where your packets are going. It sounds very much like a bit of malware is changing your DNS.
     
  9. OldnBold

    OldnBold Member

    Joined:
    Oct 5, 2004
    Messages:
    4,261
    Location:
    Sunshine Coast
    You should be but stupidity will ultimatetly rule.
     
  10. OP
    OP
    AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
    I have done the tracert results are below. I dont know what they mean unfortunately.


    Click to view full size!


    Also, im not sure if it actually makes a difference but I am using my galaxy s as a wireless access point to use the web as i am on holidays. So the Belkin is not being used at the moment.
     
  11. domlebo

    domlebo Member

    Joined:
    Nov 13, 2004
    Messages:
    7,776
    Location:
    Brisbane
    Your hosts table seems infected. That is not the right IP for any of googles servers. The server is located in Germany, and is that FreedomRussia one. The IP turns up a lot of malware related hits on google.

    Here is one such link: http://www.bleepingcomputer.com/forums/topic364517.html and another: http://forums.malwarebytes.org/index.php?showtopic=72269

    Edit: Looks like you have something similar to VirusDoctor: http://www.symantec.com/security_response/writeup.jsp?docid=2009-020410-5338-99&tabid=2

    It edits the hosts file redirect certain URL's to malicious IP's. If you open up your hosts in C:\Windows\System32\drivers\etc with notepad, I'm sure you'll have a bunch of bogus entries.
     
    Last edited: Feb 1, 2011
  12. OldnBold

    OldnBold Member

    Joined:
    Oct 5, 2004
    Messages:
    4,261
    Location:
    Sunshine Coast
    ie reformat and win.
     
  13. MR RB30

    MR RB30 Member

    Joined:
    Feb 5, 2009
    Messages:
    290
    Location:
    Hills District, Sydney
    go to C:\windows\system32\drivers\etc and open the hosts file in notepad, clear everything in it and just have it like this:

    127.0.0.1 localhost
    ::1 localhost

    Save it, reboot and tell us how you go :thumbup:
     
  14. domlebo

    domlebo Member

    Joined:
    Nov 13, 2004
    Messages:
    7,776
    Location:
    Brisbane
    It's likely infected other parts of his system and it'll be rewritten anyway
     
  15. MR RB30

    MR RB30 Member

    Joined:
    Feb 5, 2009
    Messages:
    290
    Location:
    Hills District, Sydney
  16. seb

    seb Member

    Joined:
    Jun 28, 2001
    Messages:
    1,757
    I had a google redirect problem some time ago. Scans with SAS and MB didn't find the cause. I'd let Nod license lapse. I run as a restricted user all the time so I was a bit surprised to get the infection. Installed new AVG free and didn;t find anything. Anyway, I installed Comodo firewall and it flagged files attempting to open ports etc. So I tracked them down that way, booted into safe mode and deleted them. Been fine since but I am too lazy to reformat as well.
     
  17. OP
    OP
    AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
    Well that final thing has worked. I did the combo fix and temp file cleanup and while they found things the issue persisted. I jumped into that host file and there were some bogus entries further down the page. I have deleted those, reset, and it has been fixed.

    Thanks so much for the quick help guys, its amazing having this unbelievable wealth of knowledge at your fingertips with so many of you willing to help. It is really appreciated and im sure many others appreciate it as well.

    I think I will run the anti malware again just to try and make sure nothing else has reinfected as you said domlebo.
     
  18. domlebo

    domlebo Member

    Joined:
    Nov 13, 2004
    Messages:
    7,776
    Location:
    Brisbane
    No worries. You were easy to help, as you had some detail :p (screenshots etc). Most people just go "My interwebz is broken, FIX IT"
     
  19. OP
    OP
    AesthetiCz

    AesthetiCz Member

    Joined:
    Oct 6, 2002
    Messages:
    436
    Location:
    Brisbane
    I'll tell you what I had a chuckle when i opened my browser and typed in www.google.com and it went to that web page in russian.

    I thought to myself "wow buddy you just got own3d."
     
  20. Riddick187

    Riddick187 Member

    Joined:
    Mar 1, 2004
    Messages:
    1,913
    You got Russian HaXor3d
     

Share This Page

Advertisement: