You may have noticed very sparse blogging last couple of days - just the pre-scheduled Clock Quotes...
Well, I have some laptop problems (Dell PC with WinXP, only FF as browser).
The first inklings of problems showed up right after the AAAS meeting last month. I have been dutifully cleaning with Symantec, Spyware Doctor, SUPERantispyware and Spybot Search&Destroy almost daily since then. My Malwarebytes does not work - after uninstalling it, I get an error when trying to reinstall. Ad-Aware does not let me start (says I am a wrong user for it). WTF?
The problem is this - Google sites give me 404, etc.:
Not Found
The requested URL /accounts/ServiceLogin was not found on this server.
Apache/2.2.3 (Red Hat) Server at www.google.com Port 443
I cannot get into Gmail, Google docs, do Google searches, etc. It started a few days ago by letting me access these (and other sites) by first asking me to View Certificate (I click No and it proceeds to the site). That happened on and off - the same website would sometimes ask sometimes not for this. On Monday/Tuesday in Boston, this did not happen at all on the hotel wifi. It did again in a cafe on their wifi, and then again when I got home. Now, if I have a saved search (e.g., Google Blogsearch for my blog URL) I can get there and see it and change search terms, etc., but if I try to click on any of the search items it forwards to a commercial/spam site instead. I also get 404 if I try to Log In my Google profile at any site.
All other sites on the WWW I can access just fine right now (and no call to view certificate either). I can check Gmail on iPhone but cannot download files, copy+paste, etc. from there. So, unless I can reply in two words, my response to your mail may be delayed until I get this fixed. Or re-send, if urgent, your message to my other e-mail: Bora@plos.org.
I have spent the whole day and night yesterday cleaning up the laptop with four different spy/mal/ad-ware/virus cleaners- they did not find much of concern.
The problem is not with the router - other family members using the same connection have no problems with their laptops.
Since my Internet Explorer does not work, I cannot afford to remove Firefox (if it is Firefox that is borked) as I cannot get back online afterwards to re-download it again. I cannot first download Chrome, because it is a Google product, so I get 404. Any other browsers I should try?
Any other ideas?
- Log in to post comments
Can you try running these products (the AV probably won't run in Safe mode, but the others should) in safe mode and see if they find anything? Also, can you surf successfully if you use safe mode with networking?
Also, have you cleared cookies and and temporary files in firefox and also your temp files from c:/windows? Your anti-malware software may do it automatically, depends on the program and the settings.
Well, there's Opera if you want to try another browser. I have no idea if it'll help or what else to try.
Unfortunately, you almost certainly have an infection. The redirection to commercial/spam sites is a dead giveaway. If it has been going on more than a few days, you probably are part of a botnet by now, which means you don't really completely own your machine any more.
These can be very hard to get rid of, as you have noticed. Re-installing firefox, clearing the cookies and cache, etc., are likely not going to help. Try to get clean, fresh installs of all the cleanup/removal software you mentioned: use a different machine to download fresh copies, put them on a usb stick, and copy them that way. And while you are cleaning, disable the network on your infected laptop if at all possible (turn of the wireless using Fn-whatever).
Sadly, the reality is that you are probably going to need to just do a clean XP install. Get all your data off the machine, re-install XP and everything else from scratch, including every windows update, Firefox, etc., then copy your data back on. Don't rely on XP's "keep my data" options or "restore my system" or whatever. You want to just reformat the entire disk (after getting all of the data you care about off) and start over. It is the only currently reliable way to get rid of (nearly) all known infections.
Oh, and one more thing:
If you don't use it already, get the "NoScript" extension for Firefox, or something equivalent. At first, is somewhat jarring to have pretty much every website on earth refuse to work until you right click and "Allow scripts from ..." over and over again. But after several weeks most of the sites you use and trust regularly will be in the whitelist, and then you will only get the warnings and annoyances for the rare sites.
These aren't guaranteed to work -- the script blockers aren't perfect, and even sites you trust can be a vector for infections (xss anyone?).
But all in all, I'd rather have half-broken-looking websites than infections any day.
-kevin
Put http://66.249.89.99/ into the address bar. This is Google's web address. If this now takes you to the real Google (confirmed by e.g. letting you connect through to Gmail) you know what you had thought was Google is something else entirely. (Alternatively, you could reverse check, by pinging the address you currently think to be Google, and checking if it's the above)
Despite other comments, you often can rely on Windows' System Restore, including for virus infections, so you'd have to be nuts to re-install without trying it first. Click Start, then All Programs, then Accessories, then System Tools, then System Restore. Choose "Restore my computer to an earlier time", etc, choosing a date prior to when the problem first occurred. Windows takes you back to the earlier system configuration and everything suddenly works again. If it didn't help, try going back further. It's a clever Windows feature, yet hardly anyone thinks to try it.
Wow - Al, that worked. Just putting the Google address reverted all of my Google stuff to normal, including Gmail, including all the bookmarks. Will check tomorrow for remnants of the problem, if any.
If the IP address is working but actually typing google.com still does not work, and redirects to that other website, I would actually suggest searching the name of that website as it may bring up results for what type of malware is lurking on your computer. It would still be recommended to find out what was causing this rather than just using the IP address indefinitely as who knows what else that malware may be doing in the background.
Web of Trust is a community-powered safe surfing tool for all popular browsers. What it does is it forewarns about risky sites that can't be trusted. It's also a free download.
It works with Firefox, Internet Explorer, Opera, Chrome and Google's sister browser, Flock. Help yourself, kiddo.
http://www.mywot.com/
I agree with Kevin in #4, you need to re-install from scratch. After restoring your data, run a full antivirus scan (with all options set), to make sure that your data hasn't been infected in some way too.
You also need to change your passwords for google-anything, and if you really want to be safe, for any other service you've used since this started happening. You should change them from a different machine, or after you re-install, not before!
I wouldn't rely on windows system restore. It may well work, but you can't guarantee that the virus hasn't infected the restore-point somehow. A clean re-install is the only safe option.
You might also want to contact colleagues from the AAAS, you're probably not the only one who got hit and they may not know it yet.
I know that's a lot of hassle, but it's really the only way to be sure. Even if the problem 'goes away', you cannot be sure that your online-identity and your data are safe otherwise.
When we get laptops acting like this, we don't even try to clean them anymore; we just rebuild them from scratch, starting with a hard-drive cleaning utility. Lots of other good suggestions in the comments above.
I might also suggest you consider using Chrome - it was last browser standing at the most recent Pwn2own.
Before trying the more dramatic solutions, could I suggest you check what is cached/bookmarked in your browser? (Just trying to think of simple things first.)
I realise you're tried both IE and FF, but I'm not clear it you're experiencing problems with both, so I'll play dumb on that one ;-)
Try downloading Safari or Opera (both have Windows versions) and see they will access google OK. If you can't, itâs unlikely to be a browser-specific issue and you might as well head for a clean re-install. (This is where a good backup of your data plays itâs part.)
If you can access them via Safari or Opera (or even if you can't for that matter), try clearing the cache and bookmarks for IE & FF, then try accessing google.
If you do get it cleaned up here are some steps beyond Windows Recovery:
1) Download the free version of Macrium Reflect. It's a drive imaging tool that is similar in function to Norton Ghost.
2) Get a big external HD. 2TB capacity drives can be had for around $100.
Backup frequently. The nice thing about Reflect is it uses Windows Shadow Copy so it waits for gaps in your usage to create the image.
Works marvelously. I used it to swap out the HD in my system. Backed up my old drive popped in the new drive, popped in the recovery CD (You can create it in Reflect), plugged in the external drive and then booted. Took about 45 minutes to drop the drive image on the new HD.
I have a Thinkpad T60 that gives me a fatal error (blue screen whenever i try to use the DVD player to make of read DVDs. Any advise?
Billy
Another steps beyond windows recovery are :
-Backup your important data using a free software like http://www.dmailer.com/dmailer-backup.html that offer trust and safety for your files and they also gives you the opportunity to save the backup online on their servers
-Format your hdd at least 2-3 times a year.
-Defrag your hdd at least 1 time per year