WiredWX Hobby Weather ToolsLog in

 


Searching blocked by Google

2 posters

descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

more_horiz
It might have actually been malware. ComboFix reported deletions of two of the latest infections, reported in :

c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolyn Blake\g2mdlhlpx.exe IDENTIFIED as Trojan:fake-GoToMeeting Application
c:\documents and settings\Carolyn Blake\new.txt
c:\windows\~INSX362.EXE Commonly a Trojan paired with redirect malware
c:\windows\system32\drivers\etc\hosts.ics Static HOSTS file (modified by malware)
c:\windows\system32\roboot.exe Possibly related to Trojan.ZeroAccess


EXPLAINED:

Google takes these actions prevent DDoS, which is Distributed Denial of Service. When it detects potential suspicious behavior from an IP address, the IP address is put on a temporary or permanent ban list.

Problem is, the malware you had, had the ability to control your computer and send anonymous requests to unknown/known servers, such as Google.

Only way to solve this issue the hard way is to remove the malware first, and then wait it out.

The easy way is to change your IP address after the malware is removed.


Just curious...run this scan real quick:


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
  • descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    Ok, I'm on it...back as soon as it's done. I just tried to use Google again and it instantly asked me for a captcha, because of "unusual activity," so I closed it and went back to bing. BRB...

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    Running from: C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    I just now filled out a form to join an online class...first time and only time, and I got this message (not from Google- I accessed the link from my email, and in Firefox)
    Security Image Verification

    We have received repeated subscriptions from your computer. To prevent automated signups we verify that it is a person signing up, and not an automated script.

    Type the characters below, exactly as shown, into the box provided without spaces. The letters are case sensitive.

    We monitor our system very closely to prevent the use of harmful programs to submit large numbers of signups, which may cause problems for other users, and generate undue Spam complaints.

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    Please open Notepad and enter in the following:
    @echo off
    echo DNS renewal >log.txt
    echo %date% >>log.txt
    ipconfig /flushdns >>log.txt
    pause
    ipconfig /release >>log.txt
    pause
    ipconfig /renew >>log.txt
    pause
    ipconfig /all >>log.txt
    pause
    start log.txt
    exit

    Then, click File > Save as...
    Save as dns.bat to your Desktop.
    Choose Save as type... All Files.
    Click Save.

    Then, exit Notepad.

    Double-click on dns.bat, and it will finish quickly and launch a log.

    Please post that in your next reply.

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    I had to "press any key" several times to get it to run, after the cmd window opened, but here it is.

    DNS renewal
    Thu 05/10/2012


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.



    Windows IP Configuration



    No operation can be performed on Local Area Connection while it has its media disconnected.

    No operation can be performed on Local Area Connection 4 while it has its media disconnected.

    IP Address for adapter Wireless Network Connection has already been released.



    Windows IP Configuration



    No operation can be performed on Local Area Connection while it has its media disconnected.

    No operation can be performed on Local Area Connection 4 while it has its media disconnected.

    An error occurred while renewing interface Wireless Network Connection : The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address.





    Windows IP Configuration



    Host Name . . . . . . . . . . . . : PRISS

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

    Physical Address. . . . . . . . . : 90-E6-BA-94-B4-30



    Ethernet adapter Local Area Connection 4:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : TAP-Win32 Adapter V9

    Physical Address. . . . . . . . . : 00-FF-E9-44-45-15



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

    Physical Address. . . . . . . . . : 00-25-D3-BF-53-68

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 255.255.255.255

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    You were not connected to the network when these operations were run?

    Try the sign up process again for that one thing...

    Also, if you do connect to the network, re-run the batch file as above (purposely has the pauses to press any key). Goofy

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    I am not sure about this. I was online through my regular service. What could this mean?
    I have seen that "media disconnected" message many times during all these attempts to clean up my system. Yes I am online.

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    What current firewalls do you have? Do you have one on a router? One on the computer(s)?

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    First, before I answer your question, what does "media disconnected" indicate is going on?

    I use the Windows XP native firewall, set to default. My router is an Airties RT-206v4...European I suppose, and its firewall is on, and this is the description:

    Firewall protects your computers and your network aganist harmful attacks from the Internet. Your modem's firewall has Stateful Packet Inspection (SPI) feature that will inspect every packet coming from the Internet to your modem and will not allow any that is not authorized to pass through. Using the Firewall menu, you can also define advanced rules to allow or prohibit local users in your network to access the Internet, to open certain ports that allow packets to reach applications running on local clients, and to forward all incoming traffic to a certain computer.

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    Media disconnected means the network adapter or LAN adapter or ethernet hub is not connected to the internet.

    Go to Start > Run, type in cmd and hit OK.

    Type this in to the black box:

    ping www.news.com > log.txt && log.txt

    and hit enter...

    post the log back to me please.

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    I did get a report, and I am assuming I entered the syntax correctly as per spaces.


    Pinging phx1-rb-gtm3-tron-xw-lb.cnet.com [64.30.224.82] with 32 bytes of data:



    Reply from 64.30.224.82: bytes=32 time=242ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=245ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=243ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=241ms TTL=238



    Ping statistics for 64.30.224.82:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 241ms, Maximum = 245ms, Average = 242ms

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    I did it again, using a copy/paste and got a different response:



    Pinging phx1-rb-gtm3-tron-xw-lb.cnet.com [64.30.224.82] with 32 bytes of data:



    Reply from 64.30.224.82: bytes=32 time=239ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=238ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=240ms TTL=238

    Reply from 64.30.224.82: bytes=32 time=241ms TTL=238



    Ping statistics for 64.30.224.82:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 238ms, Maximum = 241ms, Average = 239ms

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    Okay...I need a closer test to your country... run this command please, the same way:

    ping www.airties.com > log.txt && log.txt

    Post the log when done, please. Smile...

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz


    Pinging www.airties.com [85.111.19.108] with 32 bytes of data:



    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=30ms TTL=55

    Reply from 85.111.19.108: bytes=32 time=26ms TTL=55



    Ping statistics for 85.111.19.108:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 30ms, Average = 29ms

    descriptionSearching blocked by Google - Page 3 EmptyRe: Searching blocked by Google

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum