Internet problem

Togechu · 19th July 2010, 02:04 PM

Alright, this is a wall of text, so bear with me:

For some reason, every time I try to search something on any search engine, it always leads me back to Google, where I try it again and it leads me to some adsite. And occasionally, when I'm on here, when I click a link, a new window pos up, going from "http://search.googleanayltics.com" to my homepage(TVTropes). I used McAfee and did a full scan, nothing came up. And since Windows Firewall was down for some reason, my dad told me to put it back up and it just opened a new IE window with "Cannot display the webpage".

Plus, and I don't know if this is the cause or not, but when I'm on TVTropes McAfee pops up an alert that says "Potentially Unwanted Program Detected:Redirected HOSTS at locationC:\\WINDOWS\system32\drivers\etc\hosts." It asks me if I want to remove the program, I say yes, and it asks if I want McAfee to uninstall it or if I want to manually. I let McAfee do it and three seconds later it says:"Potentially Unwanted Change Detected:Run Windows DLL as an App". I say "Don't Allow This Change", and teh cycle repeats 15 minutes later.

Can anyone help?

Gligar13 · 19th July 2010, 02:14 PM

Run a virus scan. Also try running a spyware scan with malwarebytes. It's free and it removes almost everything.

Togechu · 19th July 2010, 02:17 PM

Originally Posted by Gligar13

Run a virus scan. Also try running a spyware scan with malwarebytes. It's free and it removes almost everything.

I ran a full virus, spyware, and malware scan. Nothing came up. And my dad blocked every virus and spyware scanning site because I'm only supposed to use McAfee.

XED · 19th July 2010, 03:00 PM

This happened to me! Just recently. Try downloading SuperAntiSpyware and run a full scan and also if the browser doesn't work download tdsskiller.exe

Right now I'm fine and it seems to be fixed. :)

Togechu · 19th July 2010, 06:37 PM

Originally Posted by XED

This happened to me! Just recently. Try downloading SuperAntiSpyware and run a full scan and also if the browser doesn't work download tdsskiller.exe

Right now I'm fine and it seems to be fixed. :)

Like I said, I'm not allowed to use other virus scanners, but I'll try later on...my dad's passwords are always easy to crack.

~~immewnity~~ · 20th July 2010, 09:40 PM

Try blanking the hosts file.

Togechu · 21st July 2010, 06:41 PM

er...how do I do that?

and sorry for bumping a dead topic

Soulweaver · 23rd July 2010, 03:50 PM

Originally Posted by Koopa-Paratroopa

er...how do I do that?

and sorry for bumping a dead topic

Go to C:\Windows\System32\drivers\etc and open the file called hosts that is in there. If there are any suspicious lines there, remove them.

Rellik · 23rd July 2010, 03:59 PM

Originally Posted by UltimateSephiroth

Go to C:\Windows\System32\drivers\etc and open the file called hosts that is in there. If there are any suspicious lines there, remove them.

I honestly wouldn't recommend dicking around in any of the system files unless you actually know what constitutes "suspicous lines".

**Rayne** · 23rd July 2010, 09:42 PM

I'm adding that before doing anything, back up hosts. Copy and paste it somewhere you can access it, but rename it hosts.bak. Should you open the hosts file, open with notepad.

If you can, could you post your hosts file here? That way we could tell if something malicious is in there or not.

And here's a quick reference to what you SHOULD have at minimum in the hosts file should you decide to look at it.

(From Microsoft website)

Code:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

All that's there is the local host, which is just a self referencing IP. You shouldn't have anything else below it.

You can actually add to it and block other sites (stop common ad-ware dead), but I'd recommend against doing that unless you know specifically what you're doing.

When you're done be EXTREMELY careful how you save hosts. In notepad, when you decide to save, select SAVE AS and when the save window pops up, use the drop bar at the bottom where it says 'Save type as' and select ALL FILES. Name it 'hosts' with no dot anything, just the name itself and that should replace whatever old thing was in there.

If this doesn't work, you could have something re-directing you in your registry files.
But please get back on this before tampering with the registry.