what are sites that use the Google search technology? Alex
My guess would be those sites google for their search engine...
Check this out, I entered the IP (INTO NETLAB) of what IE is attempting to connect to when I try to go to google.com and here's the result:
WTF is this?Code:Host name: www.google.akadns.net IP address: 207.44.220.30 Alias(es): www.google.com google.com www.altavista.com altavista.com search.yahoo.com uk.search.yahoo.com ca.search.yahoo.com jp.search.yahoo.com au.search.yahoo.com de.search.yahoo.com search.yahoo.co.jp www.lycos.de www.lycos.ca www.lycos.jp www.lycos.co.jp alltheweb.com web.ask.com ask.com www.ask.com www.teoma.com search.aol.com www.looksmart.com auto.search.msn.com search.msn.com ca.search.msn.com fr.ca.search.msn.com
what are sites that use the Google search technology? Alex
My guess would be those sites google for their search engine...
Originally Posted by Three Rivers Designs
I checked my hosts file and those were listed. Deleted them.
I updated AdAware and ran. Deleted some things.
I updated SpyBot and ran. Deleted some things.
Still couldn't get to http://www.google.com.
<reboot>
Everything is okay now.
SpyBot found some things that AdAware didn't. This is the first time that AdAware was insufficient fixing the problem.
I think you might have gotten the DNS worm check symantec
"I was once banned from a bookstore for moving all the bibles to fiction"
Couple of things to think that I'm not...Originally posted by Unholy
I think you might have gotten the DNS worm check symantec
1. I have my CA AV prog set to "real time," so it intercepts viruses/trojans in action. I have it automatically d/l and install updates DAILY and run daily as well.
2. I have Script Defender installed on my computer so that files with the following extensions: .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB
MUST have my permission to do anything to my computer prior to their execution.
Thanks for posting about the DNS worm though, it was interesting reading.![]()
When I was having problems getting into google, I was getting the same indications that you were. Found the hosts file that had those references as well. I also had found that an ip address had been inserted manually into the dns settings of my nic.Originally posted by ghost
Couple of things to think that I'm not...
1. I have my CA AV prog set to "real time," so it intercepts viruses/trojans in action. I have it automatically d/l and install updates DAILY and run daily as well.
2. I have Script Defender installed on my computer so that files with the following extensions: .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB
MUST have my permission to do anything to my computer prior to their execution.
Thanks for posting about the DNS worm though, it was interesting reading.![]()
Bounced everything off of the information regarding the DNS worm, and nothing showed up on my machine. Also, the hosts file that you had found that had all the entries, was that in the C:\windows\help directory?
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
I found the temp directory that this worm creates on my machine, but no evidence of the files that would have been associated with it, and I can't find any evidence that my virus scanner cleaned anything as well...Originally posted by Unholy
I think you might have gotten the DNS worm check symantec
Time to go check the kids computers as well...
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
There's been a couple of odd things happening regarding DNS over the past week. Many peeps I know who use different ISP's.
MORNING WOOD Lumber Company
Guinness for Strength!!!
I wonder if it could be a variation of the Trojan.Qhosts worm...Originally posted by YeOldeStonecat
There's been a couple of odd things happening regarding DNS over the past week. Many peeps I know who use different ISP's.
It's almost like I got an aborted version of the worm...couldn't find any of the registry entries that symantec describes, nor any of the associated files, but I did find the temp directory, as well as the altered hosts file in C:\windows\help and a manually entered dns entry in my nic properties...
No evidence of a viral removal from AVG...
No evidence from Spybot...
No evidence from Ad-aware...
Just weird...
Last edited by Indy; 10-04-03 at 11:25 PM.
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
Could be. A few days ago, I posted here if anyone had problems surfing the night before. It was like another mass coordinated DDOS attack was going on against root DNS servers. I could ping by IP, but could not ping, or even resolve, by name. I couldn't browse, but I could still chat via ICQ, and play online games. That same night, 3x buddies of mine, each using a different ISP, had the same thing going on . We were able to chat on ICQ, but not websurf.
Yet...next day...everything was fine...and I'm still fine. If I had that worm, I'd still be affected...I'd imagine.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Yep, in that same directory.Originally posted by Tony B
When I was having problems getting into google, I was getting the same indications that you were. Found the hosts file that had those references as well. I also had found that an ip address had been inserted manually into the dns settings of my nic.
Bounced everything off of the information regarding the DNS worm, and nothing showed up on my machine. Also, the hosts file that you had found that had all the entries, was that in the C:\windows\help directory?
Checked my NIC, no entries & all fixed now. No virus/trojan.
Weird...none of this is making any sense...Originally posted by ghost
Yep, in that same directory.
Checked my NIC, no entries & all fixed now. No virus/trojan.
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
This may shed some light on it.
http://www.nwfusion.com/news/2003/0922icannasks.html
Looks like we're not the only ones having problems...
http://forums.speedguide.net/showthr...68#post1136868
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
andOriginally posted by Tony B
Looks like we're not the only ones having problems...
http://forums.speedguide.net/showthr...68#post1136868
http://www.dslreports.com/forum/rema...cast~mode=flat
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
Still have the old hosts file (just backed it up as opposed to deleting it)...here is what it looks like:
The 207.44.220.30 address resolves to a dns name of ns1.sitething.net, but when I do a look up ns1.sitething.net, it tells me that name is available for registrationCode:88.88.88.88 elite 207.44.220.30 www.google.akadns.net 207.44.220.30 www.google.com 207.44.220.30 google.com 207.44.220.30 www.altavista.com 207.44.220.30 altavista.com 207.44.220.30 search.yahoo.com 207.44.220.30 uk.search.yahoo.com 207.44.220.30 ca.search.yahoo.com 207.44.220.30 jp.search.yahoo.com 207.44.220.30 au.search.yahoo.com 207.44.220.30 de.search.yahoo.com 207.44.220.30 search.yahoo.co.jp 207.44.220.30 www.lycos.de 207.44.220.30 www.lycos.ca 207.44.220.30 www.lycos.jp 207.44.220.30 www.lycos.co.jp 207.44.220.30 alltheweb.com 207.44.220.30 web.ask.com 207.44.220.30 ask.com 207.44.220.30 www.ask.com 207.44.220.30 www.teoma.com 207.44.220.30 search.aol.com 207.44.220.30 www.looksmart.com 207.44.220.30 auto.search.msn.com 207.44.220.30 search.msn.com 207.44.220.30 ca.search.msn.com 207.44.220.30 fr.ca.search.msn.com 207.44.220.30 search.fr.msn.be 207.44.220.30 search.fr.msn.ch 207.44.220.30 search.latam.yupimsn.com 207.44.220.30 search.msn.at 207.44.220.30 search.msn.be 207.44.220.30 search.msn.ch 207.44.220.30 search.msn.co.in 207.44.220.30 search.msn.co.jp 207.44.220.30 search.msn.co.kr 207.44.220.30 search.msn.com.br 207.44.220.30 search.msn.com.hk 207.44.220.30 search.msn.com.my 207.44.220.30 search.msn.com.sg 207.44.220.30 search.msn.com.tw 207.44.220.30 search.msn.co.za 207.44.220.30 search.msn.de 207.44.220.30 search.msn.dk 207.44.220.30 search.msn.es 207.44.220.30 search.msn.fi 207.44.220.30 search.msn.fr 207.44.220.30 search.msn.it 207.44.220.30 search.msn.nl 207.44.220.30 search.msn.no 207.44.220.30 search.msn.se 207.44.220.30 search.ninemsn.com.au 207.44.220.30 search.t1msn.com.mx 207.44.220.30 search.xtramsn.co.nz 207.44.220.30 search.yupimsn.com 207.44.220.30 uk.search.msn.com 207.44.220.30 search.lycos.com 207.44.220.30 www.lycos.com 207.44.220.30 www.google.ca 207.44.220.30 google.ca 207.44.220.30 www.google.uk 207.44.220.30 www.google.co.uk 207.44.220.30 www.google.com.au 207.44.220.30 www.google.co.jp 207.44.220.30 www.google.jp 207.44.220.30 www.google.at 207.44.220.30 www.google.be 207.44.220.30 www.google.ch 207.44.220.30 www.google.de 207.44.220.30 www.google.se 207.44.220.30 www.google.dk 207.44.220.30 www.google.fi 207.44.220.30 www.google.fr 207.44.220.30 www.google.com.gr 207.44.220.30 www.google.com.hk 207.44.220.30 www.google.ie 207.44.220.30 www.google.co.il 207.44.220.30 www.google.it 207.44.220.30 www.google.co.kr 207.44.220.30 www.google.com.mx 207.44.220.30 www.google.nl 207.44.220.30 www.google.co.nz 207.44.220.30 www.google.pl 207.44.220.30 www.google.pt 207.44.220.30 www.google.com.ru 207.44.220.30 www.google.com.sg 207.44.220.30 www.google.co.th 207.44.220.30 www.google.com.tr 207.44.220.30 www.google.com.tw 207.44.220.30 go.google.com 207.44.220.30 google.at 207.44.220.30 google.be 207.44.220.30 google.de 207.44.220.30 google.dk 207.44.220.30 google.fi 207.44.220.30 google.fr 207.44.220.30 google.com.hk 207.44.220.30 google.ie 207.44.220.30 google.co.il 207.44.220.30 google.it 207.44.220.30 google.co.kr 207.44.220.30 google.com.mx 207.44.220.30 google.nl 207.44.220.30 google.co.nz 207.44.220.30 google.pl 207.44.220.30 google.com.ru 207.44.220.30 google.com.sg 207.44.220.30 www.hotbot.com 207.44.220.30 hotbot.com
![]()
![]()
![]()
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
Clear your host file again then from command line do
"ipconfig /flushdns" command
I'm clean as far as that goes, just trying to find out what caused this to begin with...Originally posted by Sid
Clear your host file again then from command line do
"ipconfig /flushdns" command
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
Originally posted by Tony B
Still have the old hosts file (just backed it up as opposed to deleting it)...here is what it looks like:
The 207.44.220.30 address resolves to a dns name of ns1.sitething.net, but when I do a look up ns1.sitething.net, it tells me that name is available for registrationCode:88.88.88.88 elite 207.44.220.30 www.google.akadns.net 207.44.220.30 www.google.com 207.44.220.30 google.com 207.44.220.30 www.altavista.com 207.44.220.30 altavista.com 207.44.220.30 search.yahoo.com 207.44.220.30 uk.search.yahoo.com 207.44.220.30 ca.search.yahoo.com 207.44.220.30 jp.search.yahoo.com 207.44.220.30 au.search.yahoo.com 207.44.220.30 de.search.yahoo.com 207.44.220.30 search.yahoo.co.jp 207.44.220.30 www.lycos.de 207.44.220.30 www.lycos.ca 207.44.220.30 www.lycos.jp 207.44.220.30 www.lycos.co.jp 207.44.220.30 alltheweb.com 207.44.220.30 web.ask.com 207.44.220.30 ask.com 207.44.220.30 www.ask.com 207.44.220.30 www.teoma.com 207.44.220.30 search.aol.com 207.44.220.30 www.looksmart.com 207.44.220.30 auto.search.msn.com 207.44.220.30 search.msn.com 207.44.220.30 ca.search.msn.com 207.44.220.30 fr.ca.search.msn.com 207.44.220.30 search.fr.msn.be 207.44.220.30 search.fr.msn.ch 207.44.220.30 search.latam.yupimsn.com 207.44.220.30 search.msn.at 207.44.220.30 search.msn.be 207.44.220.30 search.msn.ch 207.44.220.30 search.msn.co.in 207.44.220.30 search.msn.co.jp 207.44.220.30 search.msn.co.kr 207.44.220.30 search.msn.com.br 207.44.220.30 search.msn.com.hk 207.44.220.30 search.msn.com.my 207.44.220.30 search.msn.com.sg 207.44.220.30 search.msn.com.tw 207.44.220.30 search.msn.co.za 207.44.220.30 search.msn.de 207.44.220.30 search.msn.dk 207.44.220.30 search.msn.es 207.44.220.30 search.msn.fi 207.44.220.30 search.msn.fr 207.44.220.30 search.msn.it 207.44.220.30 search.msn.nl 207.44.220.30 search.msn.no 207.44.220.30 search.msn.se 207.44.220.30 search.ninemsn.com.au 207.44.220.30 search.t1msn.com.mx 207.44.220.30 search.xtramsn.co.nz 207.44.220.30 search.yupimsn.com 207.44.220.30 uk.search.msn.com 207.44.220.30 search.lycos.com 207.44.220.30 www.lycos.com 207.44.220.30 www.google.ca 207.44.220.30 google.ca 207.44.220.30 www.google.uk 207.44.220.30 www.google.co.uk 207.44.220.30 www.google.com.au 207.44.220.30 www.google.co.jp 207.44.220.30 www.google.jp 207.44.220.30 www.google.at 207.44.220.30 www.google.be 207.44.220.30 www.google.ch 207.44.220.30 www.google.de 207.44.220.30 www.google.se 207.44.220.30 www.google.dk 207.44.220.30 www.google.fi 207.44.220.30 www.google.fr 207.44.220.30 www.google.com.gr 207.44.220.30 www.google.com.hk 207.44.220.30 www.google.ie 207.44.220.30 www.google.co.il 207.44.220.30 www.google.it 207.44.220.30 www.google.co.kr 207.44.220.30 www.google.com.mx 207.44.220.30 www.google.nl 207.44.220.30 www.google.co.nz 207.44.220.30 www.google.pl 207.44.220.30 www.google.pt 207.44.220.30 www.google.com.ru 207.44.220.30 www.google.com.sg 207.44.220.30 www.google.co.th 207.44.220.30 www.google.com.tr 207.44.220.30 www.google.com.tw 207.44.220.30 go.google.com 207.44.220.30 google.at 207.44.220.30 google.be 207.44.220.30 google.de 207.44.220.30 google.dk 207.44.220.30 google.fi 207.44.220.30 google.fr 207.44.220.30 google.com.hk 207.44.220.30 google.ie 207.44.220.30 google.co.il 207.44.220.30 google.it 207.44.220.30 google.co.kr 207.44.220.30 google.com.mx 207.44.220.30 google.nl 207.44.220.30 google.co.nz 207.44.220.30 google.pl 207.44.220.30 google.com.ru 207.44.220.30 google.com.sg 207.44.220.30 www.hotbot.com 207.44.220.30 hotbot.com
![]()
![]()
![]()
yep, there we go... that exactly what i was talking about (in the other thread)......... all major search engines being redirected. after some thought it occurred to me that the reason it redirects search engines is because they are the most commonly accesed type of website. why would this be useful? (besides pop-up ads or search tracking by using their search service)...... the main benefit i can see is, even without a webpage at the IP/domain name, logs at the host computer could record the IP addresses from everyone who was redirected to the site. why would they want a perpetually updating list of IPs with a computer and user attached to them? lots of reasons, i suppose.
and as far as where it came from? i don;t know..... all it takes is one click of the word "yes" on a Windows "would you like to ......" (which most people do indescriminantly) pop-up and you're boned.
"Today is a black day in the history of mankind."
- Leo Szilard
Now that I think about it, my wife did tell me that a pop up came up that said my computer had a virus...but it was one of those fake types of pop ups that people use to try and get you to click onto their site...I told her never to close the window by clicking on the 'ok' button in the popup, but to close it by the 'x' on the upper right hand side of the popup...I have a feeling she may have clicked on the popup...Originally posted by Faust
and as far as where it came from? i don;t know..... all it takes is one click of the word "yes" on a Windows "would you like to ......" (which most people do indescriminantly) pop-up and you're boned.
------
“The most beautiful thing we can experience in life is the mysterious. It is the source of all true art and science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: for his eyes are closed.” - Albert Einstein
Bookmarks