About ten days ago, I became unable to get onto google homepage or to
do searches.  This is a serious problem, as I use Google a lot for
research.  One of several things would happen.  1) I might get
redirected to MyWeb 2) I might get redirected to cPanel, which would
say ' There is no website configured at this address' 3) I might get
the default 'The page cannot be displayed...'
I emailed help@google and toolbar-support, who put me in touch with
various sites.  Toolbar-support asked a lot of questions which I
answered, but got nothing back from them after this.  From help@google
addresses I downloaded both Spy-bot and Ad-Aware.  These identifed and
removed many unwanted things.  I also had previously deleted temporary
internet files and cookies, via the internet explorer 'tools -
internet options'route.  I removed MyWeb and Electronic Group
intruders as described in the material from  www.doxdesk.com/parasite/
 which help@google pointed me to.  NONE OF THIS HAS WORKED IN ALLOWING
ME TO ACCESS GOOGLE.  I still get either cPanel or 'the page cannot be
displayed'.

My question is: how can I ever restore connection to Google?

It's in this machine, as another computer here at home which is
networked behaves normally.  I can also search via CNN (my home page).
 I can get to Yahoo, but when I try to search I get a similar problem
to Google.  PLEASE HELP!!

---

Request for Question Clarification by serenata-ga on 12 Oct 2003 13:01 PDT

Hi Splot ~

Some further information might help:

1. You said you ran Ad-Aware and Spybot Search & Destroy. The same
thing happened to a couple of computers which my partner is charged
with maintaining, and he had to run Ad-Aware in safe mode in order to
remove the bugs because while Ad-Aware would remove the bugs, they
would rebuild when the computer was restarted. Did you try that?


2. You didn't mention whether or not your antivirus program is up to
date and if you ran that.

One of the bugs which can cause your problem is the W32.Swen.A@mm
worm. Did you check for worms? Information on Symantec's site here:
   - http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html


Another trojan which can cause the same problem is the QHOSTS.
Symantec also has information on getting rid of it, which you can find
here:
   - http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html


3. Another Google Answers customer had the same problem, and we tried
the above solutions, and really inadvertently found the cure by one of
the files Ad-Aware did remove - slawsearch.

That answer led to the CWS trojan, and information about it here:
   - http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html

He finally removed it using Hijack This from the Spyware Info website:
   - http://www.spywareinfo.com/~merijn/files/hijackthis.zip 

they also have the CWS Shredder here:
   - http://www.spywareinfo.com/~merijn/files/cwshredder.zip 


4. There's yet an other customer with the same problem, who found
information about it on this board:
   - http://forums.techguy.org/t169552/s.html

That thread is here:
   - http://answers.google.com/answers/threadview?id=265256


The obvious question would be did you install any software prior to
the beginning of these problems? If so, what?

After looking through the above sites, are any of those files they
mention on your computer? Or were they?

Have you looked into the trojan horses and worms? And updated your
antivirus software?
The more information you can offer, the better we can help target what
is happening and may be able to help you.

Thanks for any additional info,

Serenata

---

Request for Question Clarification by mvguy-ga on 12 Oct 2003 17:12 PDT

Could you please try running the "ping google.com" command and let us
know the results?  That might help us pinpoint the source of the
problem.  The idea of Techtor-ga to try another browser is also a good
idea. At the very least, using a different browser would be a good
workaround until you have the problem fixed.

Here's more information about ping:
http://www.satexas.com/support/pcconfig/ping.phtml

And here are two browsers you can try:
http://www.mozilla.org
http://www.opera.com

---

Request for Question Clarification by mvguy-ga on 12 Oct 2003 17:21 PDT

Another thing you can try for us is to look at your hosts file in a
text editor (such as Notepad).  You can probably find the hosts file
in one of these locations:
Windows 95/98/Me c:\windows\hosts 
Windows NT/2000/XP Pro  c:\winnt\system32\drivers\etc\hosts 
Windows XP Home c:\windows\system32\drivers\etc\hosts

Could you please look at your hosts file and see if Google is
mentioned in it? If it is, remove the line that says Google in, save
the file without an extension (in other words, it's hosts, not
hosts.txt), then reboot and let us know what happens.

---

Request for Question Clarification by mvguy-ga on 12 Oct 2003 17:34 PDT

Removing a line from the hosts file is pretty safe. But to be
perfectly safe, make sure to make a backup file first.

---

Clarification of Question by splot-ga on 13 Oct 2003 08:29 PDT

for mvguy-ga.  You asked about the google-containing files in 'hosts'.
 There are about 30 of them.  Meanwhile

for eyelfixit-ga    Fine -- I approve the answer (do I need to enter
that anywhere else?) -- and look forward to your fixing the problem!

Many thanks   John Mason (splot-ga)

---

Request for Question Clarification by richard-ga on 13 Oct 2003 13:12 PDT

Hello

I'm just here to point out that eyelfixit-ga is not a Google Answers
Researcher.  You can tell that because his name is not 'clickable.'

Comments can be entered by any Google Answers user, and are always
free.

---

Request for Question Clarification by mvguy-ga on 13 Oct 2003 14:54 PDT

Do you have lines that use the word "Google" in your hosts file?  Or
do you have files named Google-something in your hosts directory? I
could interpret your response either way.  Thanks.

---

Clarification of Question by splot-ga on 13 Oct 2003 16:27 PDT

for clarification to mvguy-ga   The hosts folder had about 50 entries,
all starting with  207.44.194.56   then   for example  www.google.com 
or   google.com   or  google.com.sg   and so on.  The total file is
only 4K.  Does this help?  Thanks!

---

Request for Question Clarification by sublime1-ga on 13 Oct 2003 16:54 PDT

John...

It seems evident from what you've told mvguy-ga that your hosts
file has been hijacked (re-written). The simplest thing to do
to test a fix would be to rename your current hosts file to 'hosts0'
and then create a new file, in a text editor such as notepad, which
contains the contents of the original file (everything between the
dotted lines):

-----------------------------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
-----------------------------------------------------

Exit notepad, saving the file as 'hosts' in the same directory that
'hosts0' resides. Close any open browser(s) and re-open them, and
you should be able to get to Google.

If this works, you can prevent the same problem in the future by
left-clicking you new 'hosts' file and selecting 'properties'.
Then place a checkmark in the 'Read-only' box on the general tab.
This will prevent anything from being written to it without your
knowledge. Let me know it this solves things for you.

sublime1-ga

---

Clarification of Question by splot-ga on 13 Oct 2003 19:38 PDT

for sublime1-ga   YES!!!!!!!!  Changing the host file as you suggested
WORKS!!!!!

I am so GRATEFUL.  It was even relatively easy for a
computer-incompetent person like me (I'm a biologist who works in
international health ...)  I do hope that this experience can be
communicated to others.

Many thanks again.  I will unhesitatingly return to answers-google for
my next problems.   John M.

Have you tried another browser aside from Internet Explorer? Try
Mozilla ( www.mozilla.org ), and see if the problem also occurs on
another browser.

The tru answer to this question is that you have been browser
highjacked from a drive by dowload from a site which has scumware that
automaticaly is installed (in the background, with out your
knowledge). If this answer is satisfactory, please approve it and I
will show you for free how to remove it.

Thank you. :)

for mvguy-ga.  You asked about the google-containing files in 'hosts'.
 There are about 30 of them.  Meanwhile

for eyelfixit-ga    Fine -- I approve the answer (do I need to enter
that anywhere else?) -- and look forward to your fixing the problem!

Many thanks   John Mason (splot-ga)