cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Search Engines and restore have been rendered inoperable

Hello everyone,

I need a little help with my situation. A few days ago I realized that everytime I tryed to log on to a search engine (google, yahoo, bing etc.) they could never be found and I noticed that my McAfee security software was finding (Generic Proxy!m Trojan) it said it was removed however I still cannot use search engines. I tryed Secured2k's Boot CD and it removed 4 suspected files. However, still no search engines. I tryed to restore my windows XP to a previous date several times and it could not be restore. Anyone have any ideas. Thanks
Labels (1)
Tags (2)
6 Replies
Grif
Level 10
Report Inappropriate Content
Message 2 of 7

RE: Search Engines and restore have been rendered inoperable

To restore your search engines, try this:

For Internet Explorer
Click the down arrow in the search box in the upper right.
Select search default.
Change the default.

For Firefox
Type about:config into the URL box.
Type keyword.url into filter
For Google use this parameter
http://www.google.com/search?q=
For Yahoo use this parameter
http://search.yahoo.com/search?p=
_____________

And hopefully, you've checked the HOSTS file to make sure the engine URLs are not listed there.. (C:\Windows\System32\Drivers\etc folder, then open the HOSTS file (with no file extension) using Notepad.)
_______________________

Or just in case there is still malware, please try this:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________

Hope this helps.

Grif

RE: Search Engines and restore have been rendered inoperable

Grif,
Thanks for the info. In my host file you said to make sure URL's are not listed there. Can you give me a little more information on what should be listed there, because all the search engines I have tried are listed there. Thanks again.
Reliable Contributor rmetzger
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Sample hosts file and NetSh resets


Please follow Grif's instructions and run the listed utilities until they state you are clean. If problems continue, the NetSh commands below might be helpful.

Here is my Hosts file.


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

This is from a Windows XP system. Note that those entries starting with # are comments. This leaves one line of active code: 127.0.0.1 localhost
As the comments would indicate, this line redirects localhost to the address 127.0.0.1 which is defined as a restricted address in the TCP/IP definitions for referring to one's self; sort of a loopback.

Assuming that you have not made changes to the networking setup, such as adding a VPN client, or intentionally adding another network client (like the Novell Netware client) you could reset the network protocols back to factory defaults. (Do this only if you a SURE that you do not want any other network client. Be very Sure. Ask questions first if there is any doubt.) It will reset your Firewall settings and the basic WinSock settings (fundamentals of networking) as well.
@echo off

echo About to reset the TCP/IP to default settings.
echo This will cause all DNS entries to be reset as well.
echo Please stop here now, and document all desired TCP/IP and Firewall settings
echo before continuing further.
pause

NETSH INT IP RESET .\RESETTCP.LOG
NETSH WINSOCK RESET
NETSH FIREWALL RESET
This would clean up after any leftovers from an infection and return default values to the networking protocols. Hopefully, this could reset any lingering issues for you.

Post back with questions, and let us know how it is going.
Ron Metzger
Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Grif
Level 10
Report Inappropriate Content
Message 5 of 7

RE: Sample hosts file and NetSh resets

Rodbuilr,

Regarding the HOSTS file, there will be "some" URL's listed there.. That's what it's designed for.. You're actually looking for the blocked websites(search engines) of which you're concerned.. If they're there, remove those specific websites only from the list, then save it. Or if you want, you can simply rename the HOSTS file to HOSTS.txt and see if the problem is cured.. If so, you know the culprit.

Hope this helps.

Grif

Trojan changed Host files settings

Thanks Grif and Rmetzger,
I over looked the simple things trying to solve my problem, I appreciate your help. Apparently the trojan that invaded my system changed the host files before my Mcafee software could detect and remove it. I did go into my host files and found 4 note pad pages of search engine url's present. I removed the ones I use the most and found I could use the engines again. One question I do have is how could I find out how it may have affected my system restore files. I'm not able to restore my system to a previous date. Also what would normally be in the default host file? Thanks again.
Grif
Level 10
Report Inappropriate Content
Message 7 of 7

RE: Trojan changed Host files settings

A default HOSTS file will look exactly like the one Ron posted aboved.. You could easily remove the "bad" one you currently have and create a new one.. Rename the "bad" one to "HOSTS.old" and create a new one by opening Notepad.exe, then copying the text from Ron's post, which is below.. Once that's done, save the file as HOSTS into the appropriate C:\Windows\system32\Drivers\Etc directory.
__________________________

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
___________________________

As to your System Restore files, I would start from scratch. Your old restore points will probably be infected. So.....Temporarily disable system restore to remove all of the previous SR points, then reboot the computer and start SR back up again.

How To Disable System Restore

And if you need to "restart" System Restore to get it up and running, try using the instructions below to do so:

1. Click Start->Run->Type "C:\windows\inf" (without the quotes)
2. Look for a file named: "SR.INF" and RIGHT click on it
3. Choose "Install".
4. In the Files Needed dialog box, click Browse. Locate the Sr.sys file in the i386 folder of the Windows XP CD, (or a good option for those without a Windows XP CD would be to browse the computer itself in the “C\i386” folder) click the “Sr.sys” file, and then click OK.
Follow the prompts, Reboot and System Restore should be ready to use.

Hope this helps.

Grif

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community