09-21-2003, 08:20 AM | #1 (permalink) |
Is mad at you.
Location: Bored in Sacramento
|
Evil redirect
I'm not sure what happened, but since yesterday when I try to go to google I get 1 of 2 things, I either get "Cannot find server" or it redirects me to www.google.com.org which is a domain registration site. I can't ping google, but I can ping other sites. I've run the latest version of Ad Aware and even a virus scanner. I'm wondering if anyone has any ideas. (running win 2000) This is on IE 6.
|
09-21-2003, 01:27 PM | #3 (permalink) |
Crazy
Location: Pittsburgh, PA
|
Check your network settings to make sure that .org didn't get added to your domain search order as some kind of "always use" - or try going to the google site through its IP address - type http://216.239.51.99 in your browser (at least that's what my nameserver says its IP is) and see if that works. If so, then it is most likely a DNS problem.
Sapper might be right that your ISP or their provider is having DNS issues so maybe you should talk to them if that is the case.
__________________
We may lose, and we may win, but we will never be here again. |
09-21-2003, 02:04 PM | #4 (permalink) | |
Is mad at you.
Location: Bored in Sacramento
|
Quote:
I tried going through the IP addy and was able to make it there. But I still can't get get out to any search engine. I get the same error when I try to search on Yahoo (because they use google) and when I try to go to Lycos, it sends me to lycos.com.org. I don't think it is anything server side, we have 5 other computers in my house and all of them can see Google. |
|
09-21-2003, 02:10 PM | #5 (permalink) | |
Crazy
Location: Pittsburgh, PA
|
Quote:
Maybe check your DNS servers on the affected machine and make sure they match up with the machines that are not affected? Does this happen in both IE and Netscape?
__________________
We may lose, and we may win, but we will never be here again. |
|
09-21-2003, 02:14 PM | #6 (permalink) | |
Is mad at you.
Location: Bored in Sacramento
|
Quote:
How do I check my DNS server on this computer?
__________________
This too shall pass. |
|
09-21-2003, 02:34 PM | #7 (permalink) | |
Crazy
Location: Pittsburgh, PA
|
Quote:
In XP, go into Start, control panel, network connections (network and internet connections first, then network connections if you're not in classic mode) then right-click your connection, go to properties, find TCP/IP in the list and double-click. DNS is listed in there (though it might say 'obtain automatically' Then click advanced, go to the DNS tab and check again, also go to the WINS tab. On any other Windows, you want to do the same thing, go into control panel, network, double click TCP/IP and look for the DNS and WINS tabs. Make sure this PC matches all your other ones.
__________________
We may lose, and we may win, but we will never be here again. |
|
09-21-2003, 03:01 PM | #9 (permalink) |
Psycho
|
well you said you ran ad aware. I dunno if this will help, but since you're about to format i figure it's worth a try. try to scan your pc with Spybot: Search & Destroy, similar to ad aware but it sometimes finds things that ad aware doesnt. (I use both of them btw).
the link for spybot is: http://download.com.com/3000-2144-10...ml?tag=lst-0-1 |
09-21-2003, 03:45 PM | #10 (permalink) |
Junkie
Location: Louisville, KY
|
Do you connect through a proxy? It could be something on their end.
__________________
You do not use a Macintosh, instead you use a Tandy Kompressor break your glowstick, Kompressor eat your candy Kompressor open jaws, Kompressor release ants Kompressor watch you scream, Because Kompressor does not dance |
09-21-2003, 03:56 PM | #11 (permalink) |
Is mad at you.
Location: Bored in Sacramento
|
Ok, search and destory got me a little bit closer, it found some called SlawSelect (something close to that) it said it was redirecting me to 64.191.59.85 I have removed the spyware, but it is still happening.
__________________
This too shall pass. |
09-21-2003, 07:24 PM | #12 (permalink) |
Psycho
|
Was google.com your homepage prior to the redirecting.
You can try two programs (CoolWebShredder and HijackThis) in the link below to possibly rid of your problem. Try CoolWebShredder first, then HijackThis) http://www.spywareinfo.com/~merijn/ HijackThis A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything. Currently at version 1.96 CoolWebShredder A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out. Currently at version 1.12 |
09-21-2003, 11:43 PM | #13 (permalink) |
Is mad at you.
Location: Bored in Sacramento
|
Ok, so my next step is to get a registy cleaner and clear the stuff out myself. Can anyone suggest a good registry cleaner for Win2000. If you could provide a link, that would be nice seeing as I can't search the internet anymore.
__________________
This too shall pass. |
09-22-2003, 01:47 AM | #14 (permalink) |
Psycho
Location: Right here, right now.
|
HeyAgain, thanks heaps for the CoolWebShredder tip and link. I've been having problems with CoolWebSearch for a couple of weeks now. Hopefully no more!
__________________
Maybe you should put some shorts on or something, if you wanna keep fighting evil today. |
09-22-2003, 03:42 PM | #15 (permalink) |
Irresponsible
|
Google, lycos, and yahoo are all hosted at akamai
[0]$ dig www.google.com ; <<>> DiG 9.2.1 <<>> www.google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8134 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 886 IN CNAME www.google.akadns.net. www.google.akadns.net. 279 IN A 216.239.53.99 ;; AUTHORITY SECTION: akadns.net. 79766 IN NS zc.akadns.net. akadns.net. 79766 IN NS zf.akadns.net. akadns.net. 79766 IN NS zh.akadns.net. akadns.net. 79766 IN NS ns1-93.akam.net. akadns.net. 79766 IN NS ns1-159.akam.net. akadns.net. 79766 IN NS use2.akam.net. akadns.net. 79766 IN NS usw5.akam.net. akadns.net. 79766 IN NS use4.akam.net. akadns.net. 79766 IN NS asia3.akam.net. ;; ADDITIONAL SECTION: zc.akadns.net. 79766 IN A 63.241.199.50 zf.akadns.net. 79766 IN A 63.215.198.79 zh.akadns.net. 79766 IN A 63.208.48.42 ns1-93.akam.net. 79766 IN A 193.108.91.93 ns1-159.akam.net. 79766 IN A 193.108.91.159 use2.akam.net. 79766 IN A 63.209.170.136 usw5.akam.net. 79766 IN A 63.241.73.214 use4.akam.net. 79766 IN A 80.67.67.182 asia3.akam.net. 79766 IN A 193.108.154.9 ;; Query time: 37 msec ;; SERVER: 198.93.80.102#53(198.93.80.102) ;; WHEN: Mon Sep 22 16:40:49 2003 ;; MSG SIZE rcvd: 403 [0]$ dig www.google.akadns.net @zc.akadns.net ; <<>> DiG 9.2.1 <<>> www.google.akadns.net @zc.akadns.net ;; global options: printcmd ;; connection timed out; no servers could be reached zc.akadns.net is dead. The problem is NOT yor computer. Your ISP's DNS server is not handeling the death of zc.akadns.net as it should
__________________
I am Jack's signature. |
09-23-2003, 09:33 AM | #16 (permalink) |
Psycho
|
Hey Harshaw,
While searching through a computer forum for a solution to a video card problem I was encountering, I stumbled upon a question/problem similar to yours. The solution was using the CoolWebShredder program that I suggested early. Give the program a try and see what happens. |
09-23-2003, 11:34 AM | #17 (permalink) |
Is mad at you.
Location: Bored in Sacramento
|
The end, I hope.
Ok, so this is a weird ending to a weird problem. Just for fun, I tried to go to Google again today. I got a third message this time. This one asked me if I was trying to get to google, told me I had software on my computer keeping me from google and told me to delete anything with the word google from my hosts list. I did that and I can browse google again. Thanks for the input from everyone one this board.
__________________
This too shall pass. |
09-23-2003, 03:18 PM | #18 (permalink) |
Crazy
Location: Pittsburgh, PA
|
If you want to read more about this, with a few possible solutions, I finally found something on the web about it:
http://www.experts-exchange.com/Oper..._20722100.html
__________________
We may lose, and we may win, but we will never be here again. |
09-23-2003, 06:38 PM | #19 (permalink) |
Insane
Location: SLC, UT
|
check your hosts file...in winxp it will be in C:\WINDOWS\system32\drivers\etc
just throw the hosts file into notepad and check for anything odd. i had a problem like this and my hosts file was full of janky mappings for websites
__________________
<Arcane> so if you banged 2000 chicks then at least one had a pen0r? |
09-24-2003, 04:14 PM | #20 (permalink) | |
The sky calls to us ...
Super Moderator
Location: CT
|
Quote:
Basically, a piecse of malicious software can redirect your browser to an address different from the one that matches the url you typed. A more complicated method is to hack the DNS server itself and replace the IP address of the site you want to one of the hacker's choice. The result is that the hacker's IP address is returned as a match for the URL that you want. |
|
Tags |
evil, redirect |
|
|