| Trouble with system 32 on Laptop. | |
|
|
|
Author | Message |
---|
.tUrniP Lifer
Posts : 910 Join date : 2009-08-13
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 8:31 am | |
| GG, could you elaborate? I mean, adding "46.59.1.2 www.Google.co.uk" to the Hosts file ( for example ) will redirect "Google.co.uk" paths to Wikileaks but that would restrict any access to "Google.co.uk" at all and, I'm not sure, but I don't think you can redirect just subfolders using just the Hosts file... How would you do it? Also the list on the last page only describes the way Hijackthis groups items and lists the programs version history, it isn't a log ... is it? | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 8:37 am | |
| - Gris Gris wrote:
- TK Trooper wrote:
- I am still getting redirected when i use google, tried using bing and clicking on search results from there and was not redirected. Just seems to be when i use google. Happens with Mozilla and internet explorer
You have got google worm. Open up your host file(right click and open as admin) and look to see if there are entries other than localhost 127 etc. At the risk of sounding like a tool, nut that made no sense to me | |
|
| |
.tUrniP Lifer
Posts : 910 Join date : 2009-08-13
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 8:42 am | |
| What she is saying is: the hosts file is in "C:\Windows\System32\drivers\etc", you can open it with notepad. If there is anything other than the following ( that you haven't put there ) first copy and paste it here and then delete it, save the file, restart your browser... - Quote :
- # Copyright (c) 1993-2009 Microsoft Corp.
# # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
Any lines that start with "127.0.0.1" actually redirect back to your pc ( it's the localhost IP ) so won't be harmful. For example, I have lines like "127.0.0.1 activate.adobe.com" that loopback to avoid connecting to Adobe sites that may invalidate my copy of CS5. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 9:00 am | |
| - .tUrniP wrote:
- GG, could you elaborate?
I mean, adding "46.59.1.2 www.Google.co.uk" to the Hosts file ( for example ) will redirect "Google.co.uk" paths to Wikileaks but that would restrict any access to "Google.co.uk" at all and, I'm not sure, but I don't think you can redirect just subfolders using just the Hosts file... How would you do it? Also the list on the last page only describes the way Hijackthis groups items and lists the programs version history, it isn't a log ... is it? The log shows where things are or not and what have changed. TK's internet settings look to me, I'm not fluent in hijack this logs. As I said, to my mind his browser and such files look like they have been altered. The recomendation to terminate the worms acess to the interent is so far via the Host file. Or use of combofix or others but to ensure they are those exact not the numerous clones. As you stated nobody's cracked the Google virus properly yet. The host file alteration seems to work so far and those who could were suffering TK's issue of redirections etc when google was used etc. They altered the file and regained the browser settings. A worm works by hiding and commanding many files. The google one seems to use google as the run command. - Quote :
- Hhi Witchy, this isHi
Hi Witchy, hope this helps explain this worm.Its a pain in the nether regions. Both as what it does and where it lurks and what it does to the window's system. Am not sure if affects linux etc, only heard of Windoze peeps scream about it. Host files works for some others the combo does. Like you I'm a delete and reinstall after formatiing to hell and back. Does sound me me that's seems to be the issue here.
Google Redirect Worm affects that the results of your search engine redirect. As one of the most common viral infections worldwide redirection of virus to millions of computers every day is installed. The only problem is that if you want to remove this infection from your PC, there is almost no anti-virus programs available online are to get rid of it currently. The worm has several features that prevent "normal" working antivirus, spyware, malware programs etc to remove it – which means that if your PC has this virus it may have already disabled all you're protection among other things.
This is a viral infection that redirects the results of the infected users search engine sites and deploys misleading adverts. Usually find their way into the PC via the wrong attachment or a rogue or infected website downloads the rogue infection. The infection itself is actually a small application that will change some settings on your PC. Once the settings have changed, the virus disappears without any trace of their presence, in addition to the changes. Sometimes the user is unaware of the infecton until it starts up. It can lay dormant in the system before activating.
What it changes is the "forwarding" settings that Windows uses to translate websites. Few people know, but every time you use the Internet, various pages and sites at all times (eg how to move pages or sites that causes merge) are bening constantly redirecte. The problem is the virus has to survive and spwan els, it also and often does, report back to the maker that it is activated, Some use these machines as zombie computers. The "Google redirect virus" is so named because it isclever and is used against GOOGLE, if users click occurs on search links – these links will take you to a page held somewhere on Google.com before redirection. Not always is the page a genuine one, some are some not.
To remove this virus, you have basically the settings to restore corrupted or damaged by the infection. Unfortunately, not the popular anti-virus programs because it only for files and applications that are causing a problem. To eliminate the virus, you can try changing the system32 Host file , and or get a little known program called "ComboFix" and do a "repair installation" of Windows. Or format and reinstall windos on a very formatted drive. Never keep any settings or the worm will reapear and back to square 1 you find yourself. Also, stop windows restore and delete all the restore points. The worm can and often does lurk in there waiting for the user to restore back to a working time. Back it comes again
The best way most are going for to solve this virus is host file alteration or use a program called ComboFix download. This tool was bought by a group of experienced security developers decided to create a tool that can repair the specific files developed. you must download, install and use a script to search the program to send the files that the virus has changed.
Most of all good luck and patience is needed, this is no walk in the park. Makes sure you have your O/s disc to hand.
| |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 10:32 am | |
| Well i tried what you said, but i get this happen | |
|
| |
.tUrniP Lifer
Posts : 910 Join date : 2009-08-13
| Subject: Re: Trouble with system 32 on Laptop. Tue May 03, 2011 11:01 am | |
| Try running it as administrator, if you haven't already. Do you get the same error for the main log?
Remember to check you Hosts file and keep an eye out for your OS disc too.
| |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Wed May 04, 2011 3:37 pm | |
| Was running it as admin, still no joy. Think i may just get a OS disc somehow and wipe the comp, cos i don't understand all this host file stuff. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Thu May 05, 2011 1:54 pm | |
| Post me a pic of your host file and I tell you whether you need to edit it or not. | |
|
| |
.tUrniP Lifer
Posts : 910 Join date : 2009-08-13
| Subject: Re: Trouble with system 32 on Laptop. Thu May 05, 2011 2:53 pm | |
| This ^
Not that it's even possible to mess up but since your plan is to reformat anyway you can't lose; Best case - GG is right and you solve your problem quickly and easily; Worst case - it doesn't help and you still need to find an OS disc. The only slight complication is that you may need to take ownership of the hosts file in order to edit it but I / we / someone can guide you through that, it's very simple and will take seconds.
One more idea that may save you having to find an OS disc is SFC. Do you know how to open command prompt ( as administrator )? If so, open it up, type "sfc /scannow" ( no quotes ) and hit enter.
I'm not really sure what is causing your HijackThis error ... Try reinstalling it. Although it's probably still worth a look it is less important now, since we think we know what it is; focus on the other stuff.
If you do decide to reformat anyway then I would suggest that you go for Windows 7 Ultimate or Ubuntu. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Fri May 06, 2011 8:43 am | |
| I've been told that this worm can disable hijack this among other antivirus/malware programs. A couple of folks commented elsewhere in the techylands that they also had issues trying to do things that were explained in simple steps.
I'm guessing this might be happening to TK too.
@TK The host file tUrniP Posted is how your's should look. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Fri May 06, 2011 8:54 am | |
| - Gris Gris wrote:
- Google virus, not googles but a worm named as it targets google. The apti file gets hit as does the hosts in some cases. Certainly sounds like that is what you have, but I maybe wrong.
Only do this is you feel you can. Write the info in the HOSTS file just incase you need to put it back.
(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts" (2) When prompted, open the HOSTS file in either Notepad or Wordpad (3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".
If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.
If not go direct to this link and follow instructions for it, again only if you feel ok to do so. combofix TK if you haven't go tthe run command up. Try Computer>click Your main drive ie 'C'Drive > go to Folder = Windows > go to Folder = System32 > go to folder = Drivers > Go to folder = etc > Right click, on HOSTS - open with NOTEPAD > HOSTS file will now be opened so you can see what is on it. If you can't open it. Let me know I'' walk you through creating a new HOSTS fille. OK? | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Sun May 08, 2011 4:57 am | |
| - Gris Gris wrote:
- Gris Gris wrote:
- Google virus, not googles but a worm named as it targets google. The apti file gets hit as does the hosts in some cases. Certainly sounds like that is what you have, but I maybe wrong.
Only do this is you feel you can. Write the info in the HOSTS file just incase you need to put it back.
(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts" (2) When prompted, open the HOSTS file in either Notepad or Wordpad (3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".
If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.
If not go direct to this link and follow instructions for it, again only if you feel ok to do so. combofix TK if you haven't go tthe run command up.
Try Computer>click Your main drive ie 'C'Drive > go to Folder = Windows > go to Folder = System32 > go to folder = Drivers > Go to folder = etc > Right click, on HOSTS - open with NOTEPAD > HOSTS file will now be opened so you can see what is on it.
If you can't open it. Let me know I'' walk you through creating a new HOSTS fille.
OK? Sorry for the late reply, been stuck on nights. O.K! Did what you said and have posted it below, although the last bit about clicking on the "HOSTS" bit, it actually said "IMHOST". Not sure if that is relevant but thats what i copied. - Quote :
- # Copyright (c) 1993-1999 Microsoft Corp.
# # This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to computernames # (NetBIOS) names. Each entry should be kept on an individual line. # The IP address should be placed in the first column followed by the # corresponding computername. The address and the computername # should be separated by at least one space or tab. The "#" character # is generally used to denote the start of a comment (see the exceptions # below). # # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts # files and offers the following extensions: # # #PRE # #DOM: # #INCLUDE # #BEGIN_ALTERNATE # #END_ALTERNATE # \0xnn (non-printing character support) # # Following any entry in the file with the characters "#PRE" will cause # the entry to be preloaded into the name cache. By default, entries are # not preloaded, but are parsed only after dynamic name resolution fails. # # Following an entry with the "#DOM:" tag will associate the # entry with the domain specified by . This affects how the # browser and logon services behave in TCP/IP environments. To preload # the host name associated with #DOM entry, it is necessary to also add a # #PRE to the line. The is always preloaded although it will not # be shown when the name cache is viewed. # # Specifying "#INCLUDE " will force the RFC NetBIOS (NBT) # software to seek the specified and parse it as if it were # local. is generally a UNC-based name, allowing a # centralized lmhosts file to be maintained on a server. # It is ALWAYS necessary to provide a mapping for the IP address of the # server prior to the #INCLUDE. This mapping must use the #PRE directive. # In addtion the share "public" in the example below must be in the # LanManServer list of "NullSessionShares" in order for client machines to # be able to read the lmhosts file successfully. This key is under # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares # in the registry. Simply add "public" to the list found there. # # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE # statements to be grouped together. Any single successful include # will cause the group to succeed. # # Finally, non-printing characters can be embedded in mappings by # first surrounding the NetBIOS name in quotations, then using the # \0xnn notation to specify a hex value for a non-printing character. # # The following example illustrates all of these extensions: # # 102.54.94.97 rhino #PRE #DOM:networking #net group's DC # 102.54.94.102 "appname \0x14" #special app server # 102.54.94.123 popular #PRE #source server # 102.54.94.117 localsrv #PRE #needed for the include # # #BEGIN_ALTERNATE # #INCLUDE \\localsrv\public\lmhosts # #INCLUDE \\rhino\public\lmhosts # #END_ALTERNATE # # In the above example, the "appname" server contains a special # character in its name, the "popular" and "localsrv" server names are # preloaded, and the "rhino" server name is specified so it can be used # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv" # system is unavailable. # # Note that the whole file is parsed including comments on each lookup, # so keeping the number of comments to a minimum will improve performance. # Therefore it is not advisable to simply add lmhosts file entries onto the # end of this file.
| |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Sun May 08, 2011 1:56 pm | |
| IMHOST is not HOSTS file. HOSTS should be above the IMHOST file? | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Sun May 08, 2011 4:28 pm | |
| Oh dear, looks like there isn't one then. Guess i'm gonna have to put myself in your capable hands and do that guiding me through creating one like you said. Please be gentle with me as i can be quite the mong in a thong when it comes to this stuff. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Mon May 09, 2011 6:29 am | |
| Righto. Can't work out why your hosts file is missing? Very odd. The steps below will add it. But I do suggest you look for your rescue/os disc as it does seem your system is very screwed up. Do you have a back up or rescue disc or area on your hardrive, normally its a D drive or E drive? Creating a new HOSTS file. Open Notepad, Paste below the information in red into it. - Quote :
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
Then click 'Save as > hosts Save in start> computer> Main drive 'C' > Windows folder> System32>drivers> etc You should then see the HOSTS file above the IMHOSTS file in the C:/windows/system32/drivers/etc | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Sat May 14, 2011 6:07 am | |
| O.K Done that Gris....... Also i have started to get lines appear underneath the letters i am typing when i type anything on an internet page, Not sure if it is related the to teh current problem? | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Sun May 15, 2011 2:00 pm | |
| The lines are created by an outdated video driver or a corrupt one. That's the normal reason. Try updating your video drivers do you know whose they are?
There is also a update issue that can cause it, so update windows.
Now is your browsing any better or are you being redirected still?
I'd get another browser one that you haven't used before, you can either install but don't launch it. Then remove all the other browsers. Or download the new browser file, remove the exisiting browsers, then install it.
A final thing I can think of is go to system restore and that via properties on the cdrive system restore turn off restore. Reboot do what you need to and either enable restore after you are sure you're free the google virus and any other nastys. Or leave restore feature off. All that means is if you corrupt yourself you have to reinstall the whole of windows. Unless you have a image of your drive as it stands.
In the restore files virus/worms can hide and reinfect again and again etc. Best to eliminate as much as you can to terminate them. Virus and worms have bulit in survival modes so will go and hide anywhere and everywhere in order to live. | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Mon May 16, 2011 4:05 pm | |
| - Gris Gris wrote:
- The lines are created by an outdated video driver or a corrupt one. That's the normal reason. Try updating your video drivers do you know whose they are?
There is also a update issue that can cause it, so update windows. i don't know what the drivers are I did install the updates windows had found, except there is one that just won't install " Security Update for Microsoft Office PowerPoint 2007 (KB2535818)". but it doesn't look like a video driver to me! I did a search on the error code it gives (80070643). I did have a go at fixing it, but it didn't seem to work, probably cos i'm doing something wrong. - Gris Gris wrote:
- Now is your browsing any better or are you being redirected still?
I'd get another browser one that you haven't used before, you can either install but don't launch it. Then remove all the other browsers. Or download the new browser file, remove the exisiting browsers, then install it.
A final thing I can think of is go to system restore and that via properties on the cdrive system restore turn off restore. Reboot do what you need to and either enable restore after you are sure you're free the google virus and any other nastys. Or leave restore feature off. All that means is if you corrupt yourself you have to reinstall the whole of windows. Unless you have a image of your drive as it stands.
In the restore files virus/worms can hide and reinfect again and again etc. Best to eliminate as much as you can to terminate them. Virus and worms have bulit in survival modes so will go and hide anywhere and everywhere in order to live. Still not working, still getting re-directed. I did what you said (or at least what i think you meant). I uninstalled mozilla, restarted the comp and then installed the new version of mozilla, but still have the same problem. I think a big part of the problem is my stupidity when it comes to computers. I'm thinking the best thing for me to do is to try and find a OS disc and wipe the whole comp | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Tue May 17, 2011 3:12 am | |
| Security Update for Microsoft Office PowerPoint 2007 (KB2535818) is not a driver do you have POWERPOINT on your computer, it is part of Microsoft Office?
Ok it sounds as your system is well infected. Try re-runing both spybot and malwarebytes to see if anything pops up.
If you've brought you laptop recently you may find the manufacturer will send you an OS disc, some charge some don't Normal fee is around £30. The upside of this is it has the drivers for your laptop.
Now some don't provide Os discs, the disc is installed on the machine, normally in a D drive or sometimes via a link for recovery on the main drive.
What is the make and model of your laptop? I maybe quicker at finding what bits you need etc.
| |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Tue May 17, 2011 7:27 am | |
| it is a samsung, model NP-R159 | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Tue May 17, 2011 3:01 pm | |
| I found a Samsung Model NP-R519 but no NP-R159 SAMSUNG RESTORE ADVICE Samsung Recovery Solution IIIIn these steps if this is applicable to your machine. If the F4 works you can make a back up disc. Just becareful what you back up. If you do the whole thing you could be just going round in circles. I would do a complete copy, at least you have something even though it is corrupt. However a restore back to the box would be ideal, then make a restore disc as a fail safe disc. It willmean you lose everything on your laptop. Given the situation it is on that is probably better than a screwed up system. Please please please read everything first so you understand what to do. If you are happy then go for it. If you have acess to another computer it would be ideal just incase things go tits up. Worst case sceanrio the restore doesn't work and you've got a laptop that has no clue what to do. As you've not got a restore disc and it does seem Samsung are one of those who doesn't supply them, you may come a cropper so only do the restore if it is applicable if you feel comfortable. Let me know what you think? | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Wed May 18, 2011 1:54 am | |
| Ye thats the one, got the numbers the wrong way round. Had a quick look at it, and it seems easy to follow. Will give it a go next week when i have a few days off. Thanks for all the help Gris, your an absolute star | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Wed May 18, 2011 4:00 pm | |
| Easy my ego can only grow so far. I learnt how to do this from others, who gave advice freely and I'm passing that on when I can As long as it helps you understand and learn how to do these things, it saves expensive calls and unnecessary repairs. BTW your bill for my advice is £1000000000000000000000000000000000 | |
|
| |
TK Trooper Lifer
Posts : 1541 Join date : 2009-08-20 Age : 49 Location : Scouseland
| Subject: Re: Trouble with system 32 on Laptop. Wed May 18, 2011 5:14 pm | |
| LOL You'll have to settle for a hand shake, half a packet of gum and some pocket fluff. | |
|
| |
Spellarella Lifer
Posts : 3905 Join date : 2009-08-16 Location : Peeking out of a drain.
| Subject: Re: Trouble with system 32 on Laptop. Sun May 22, 2011 4:18 pm | |
| That'll do as a down payment | |
|
| |
Sponsored content
| Subject: Re: Trouble with system 32 on Laptop. | |
| |
|
| |
| Trouble with system 32 on Laptop. | |
|