Not able to open Google Sites

November 19, 2013 at 23:45:18
Specs: Windows XP
I am not able to open Google search including most of its sites except Gmail and youtube on my laptop. I have tried to open it in firefox, IE and Chrome, but it showing error. Please tell me what should i do.

See More: Not able to open Google Sites

Report •


#1
November 20, 2013 at 02:46:41
Please post the error message. Just saying "it showing error" is not helpful.

Report •

#2
November 20, 2013 at 03:00:30
Thank you for your reply!

When i am trying to open it in Firefox it is showing "the connection has times out", in chrome it is showing "the web page is not available", and in IE it is showing "the internet explorer cannot display the webpage".


Report •

#3
November 20, 2013 at 12:28:02
Might be worth running these two basic checks:

Install and Run MalwareBytes (green icon top right):
http://www.filehippo.com/download_m...

Also ADWCleaner (bad toolbar remover):
http://www.bleepingcomputer.com/dow...
With this you Save the downloaded file somewhere then just double click on it to run the program. Do the Scan, followed by the Clean.

Best keep the logs because if they find anything of any consequence further action might be necessary.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
November 23, 2013 at 02:44:12
Thank you for your reply.......

I did both but my problem remains same, also i installed malwarebytes from the first link then it started showing my C: full, so deleted it after that when i installed it is showing outdated i tried it two times......plz help


Report •

#5
November 23, 2013 at 15:45:12
Go to My Computer, right click the C drive and select Properites.

Let us know the figures for Used space and Free space. I'm trying to determine whether the "C: full" is genuine or whether it was a bogus message.

Always pop back and let us know the outcome - thanks


Report •

#6
December 1, 2013 at 05:31:31
Yes it was a bogus message but can you plz suggest anything how to get rid of this problem..

Report •

#7
December 1, 2013 at 07:44:34
I've asked someone to join us (Johnw) who is far better than I am at delving deeply into virus issues. All depends on whether he is available.

In the meantime have you another computer you can download the MalwareBytes file onto? If so "Save" the downloaded file onto a flash drive, then rename it from "mbam-setup-1.75.0.1300.exe" to "iexplore.exe". Next insert it into the computer with the problem, go to the flash drive in My Computer and double click the file. It might then install it. If you do get it to install and run, use the "Quick Test".

Even if you have no other computer, the above procedure of saving the downloaded file then renaming (as above) would be worth a shot.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
December 1, 2013 at 14:42:25
Ok, I'm online.

Arunashukla, if you got MalwareBytes to run by renaming it, Copy & Paste the contents of the log please.

We have to outsmart the infection, as we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair.

If any program won't run ( due to the infection ) let me know.

Copy and Paste the contents of the log/logs after running each program.


Report •

#9
December 1, 2013 at 14:45:11
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RougeKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#10
December 1, 2013 at 22:56:44
Content of report after Roguekiller scan -

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 12/02/2013 12:36:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 4 ¤¤¤
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\GoogleUpdate.exe" < [x]) -> DELETED
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\GoogleUpdate.exe" < [x]) -> [0x2] The system cannot find the file specified.
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\WINDOWS\TEMP\{C6FC9B6C-C9F7-47EF-B941-2532F52AC3E5}.exe - --uninstall=1 [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][File] @ : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\???\???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\@ [-] --> DELETED
[ZeroAccess][Folder] L : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\???\???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\???\???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\U [-] --> DELETED
[ZeroAccess][Folder] {ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\???\???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\???\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ??? : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\???\??? [-] --> DELETED
[ZeroAccess][Folder] ??? : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\??? [-] --> DELETED
[ZeroAccess][Folder] {ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} : C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} [-] --> DELETED
[ZeroAccess][File] @ : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\@ [-] --> DELETED
[ZeroAccess][Folder] L : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\L [-] --> DELETED
[ZeroAccess][File] 00000001.@ : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\U\00000001.@ [-] --> DELETED
[ZeroAccess][File] 00000002.@ : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\U\00000002.@ [-] --> DELETED
[ZeroAccess][File] 80000001.@ : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\U\80000001.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\U [-] --> DELETED
[ZeroAccess][Folder] {ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ \???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ \ [-] --> DELETED
[ZeroAccess][Folder] : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9}\ [-] --> DELETED
[ZeroAccess][Folder] {ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} : C:\Program Files\Google\Desktop\Install\{ddc72b65-79ab-ec6d-2bc5-61cf38a75dd9} [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (Unknown @ 0x000000CC)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BEVT-08A23T1 +++++
--- User ---
[MBR] e8681dcd2e82e391933ea7de384f712b
[BSP] 1d3da5f6e0839415aa174767e2ccbc3a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61443 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 125837145 | Size: 177028 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12022013_123653.txt >>
RKreport[0]_S_12022013_123601.txt


Report •

#11
December 1, 2013 at 23:14:53
Thanks for your reply but my problem still remains same....

Report •

#12
December 2, 2013 at 00:42:13
"Thanks for your reply but my problem still remains same...."

WARNING: Your computer has been compromised with a Backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, download and execute files.
You should disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to advise them of your situation.
I can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Report •

#13
December 2, 2013 at 02:12:30
ok, please tell how can i clean my system? also, suggest me how can i secure my system in long run plz

Report •

#14
December 2, 2013 at 02:24:43
Ok, lets start here.

Please Copy and Paste the instructions into a text file, print/write down steps & info. You will need them, as they are hard to remember, for when you are offline. Cross off each step as you do it.

Note: Is your important stuff backed up, including your emails & address book. Anything can happen, during the clean up.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are irremovable.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair.

If any program won't run ( due to the infection ) let me know.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
SecurityCheck is a program that searches for installed and running security programs on a user's computer. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall.
The log file that SecurityCheck creates is broken down into different sections. These sections are:
The Antivirus/Firewall Check section will contain information about antivirus programs that are installed on your computer and whether or not you have a firewall enabled.
The Anti-malware/Other Utilities Check lists installed anti-malware programs as well as utility programs that include Java, Adobe Reader, and Flash.
The Process Check section will list all of the running processes at the time the log was created.

4: Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.
If Listparts won't run. May get the message > The disk management services could not complete the operation
1: Restart the computer. Any messages after the reboot?
2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts, Copy & Paste the contents the log in your next reply.
Run ListParts, Copy & Paste the contents of the log please.


message edited by Johnw


Report •

#15
December 2, 2013 at 03:14:51
Contents of security check -

Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Gmer
Java(TM) 6 Update 26
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.3 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 16% [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#16
December 2, 2013 at 13:29:28
Read my post #14 again.

Then do 1:, 2: & 4:


Report •

Ask Question