Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Please Help Me....

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 09:01 PM
Original message
Please Help Me....
Edited on Sat Oct-18-08 09:16 PM by ancient_nomad
I have no idea what is wrong, and I feel very stupid about now.

First off I have a Toshiba Satellite with a Celeron R CPU, Windows XP 2002, SP2
I use Firefox 99% of the time. Google Chrome very little.

Here is what is happening:
In Firefox, my homepage which is the Firefox Google search, does not open. Instead, I get a re-direction to a site and a certificate verification for this site: www.kitchensinks.nOt which I do not accept.
All that shows up on the homepage is a O (could be an 0 or zero) in the upper left hand corner of the screen.
When I try to open G-Mail the same thing happens. It also does this if I try to use the Google Search from the drop-down menu.
This is also happening in Google Chrome, when I try to use Google search or try to access G Mail.

I have run AVG - No infections.
I ran Advanced Windows Care and CCleaner.

After I did this, and got back online (I have dial-up) the Firefox browser opened with the correct home page. However, when I tried to access G-mail, it started all over again.

Edit to add: I was reading the Security Help at the top of the Page. I tried to go to virusscan.jotti.dhs.org, and the page opened with a O or zero. Arrrgh!

I know very little about computers, and I am lost in XP. I do not have adaware installed because I don't know how to use the new edition.

So, what do I do? I appreciate any help you can give me. TIA.
Printer Friendly | Permalink |  | Top
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-08 09:54 PM
Response to Original message
1. Seems like a hijack ...

Do you have HijackThis?

If not, can you get there and install it?
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 10:35 PM
Response to Reply #1
2. No, I don't have this.
Edited on Sat Oct-18-08 10:43 PM by ancient_nomad
I will give it a try. Thank you so much!

Edit to ask:
Which file do I download?
The HiJack this Installer, Zip, or Executable?

Now you know how computer challenged I am :-)
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-08 10:49 PM
Response to Reply #2
3. Try the installer ...

Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 10:55 PM
Response to Reply #3
4. OK...will give it a try. n/t
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 11:02 PM
Response to Reply #3
5. I downloaded it and saved the scan.
Should I copy and paste the results here?
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Oct-18-08 11:05 PM
Response to Reply #5
6. Yes, go ahead ...

Check the box for posting code snippets when you post. It makes it easier to read stuff like that.

Depending on how big it is, I'm not sure if I can do anything with it tonight, but I'll look, and perhaps someone else will come along who can see something also.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Sat Oct-18-08 11:11 PM
Response to Reply #6
7. Here goes... 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:45 PM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common
Files\AOL\1210525027\ee\aolsoftware.exe
C:\Documents and Settings\RAC\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet
Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar -
{A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDF-XChange Viewer IE-Plugin -
{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program
Files\Tracker Software\PDF-XChange
Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O3 - Toolbar: AVG Security Toolbar -
{A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program
Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe"
/StartUp
O4 - HKCU\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [TPSMain] TPSMain.exe
O4 - HKCU\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKCU\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E9611F26-6F67-4459-9BE6-23BFE896E1BE}:
NameServer = 205.188.146.145
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program
Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America
Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG
Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA
CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric
Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Swupdtmr - Unknown owner -
c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService)
- America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5756 bytes

Thank you so much for your help. I am very grateful. That is
OK if you don't get to it tonight. I am very tired and will
probably log off shortly, and check back tomorrow. Again, a
BIG thank you.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Oct-19-08 10:49 PM
Response to Reply #7
9. You us AOL to connect?

I'm not seeing anything obvious there. There are a couple of things that look questionable to me, but they may be a part of AOL's stuff, which is complex and not something I can wade through well. I posted the log in a forum that spends most of its time analyzing these things, so I'll see if they spot anything I didn't.

If you use AOL, the issue may be related to that somehow ... not the fact you use AOL, just a hijack by some other method than those I'm accustomed to seeing.

In the mean time, follow BushDespiser12's advice.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Mon Oct-20-08 09:40 AM
Response to Reply #9
10. I think you are spot on with the AOL issue.
Before the episode with the O or 0 on the screen, I noticed my Google searches in Firefox came up with AOL search powered by Google. At the time, I wondered WTH. I use AOL to connect to the NET,never use it for anything else, as it is cheap and I have no other choice at this time. But, I hate AOL with a passion. Anyway, after I noticed this is when the "kitchensinks" crap started.

So, thanks to you and BushDespiser12's advice, I am now up and running!

I downloaded SpyBot Search and Destroy. However, I did not install the TeaTimer. Did I need to install the TeaTimer? FWIW, I was reading on Majorgeeks for Malware Removal and they said to not install the TeaTimer. Is this correct?

Somewhere along the way before BushDespiser12 posted, I downloaded ATF Cleaner. After I ran it, the Firefox home screen appeared back to normal.

So, to You and BushDespiser12, a HUGE thank you and :hug:
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Oct-20-08 10:06 AM
Response to Reply #10
12. Glad it's working ...

I should have mentioned Spybot before HijackThis ... the latter is sort of a "when nothing else seems to be working" refuge so the problem can be analyzed in more depth.

TeaTimer is more helpful in theory than it is in practice. What it does, basically, is monitor for known suspicious activity from various processes and halts them if detected.

The problem I found with it was that it you have to know what you're looking at when it throws up its warnings. It throws up a lot of warnings for standard activity like a change in registry keys. That can in fact be suspicious behavior, but then it also happens every time your software updates or you install something new or a hundred other minor events that happen all the time. So, most users end up pressing "Accept" all the time, and in the end, it does no good unless you research each and every warning it gives you to figure out if it means anything.
Printer Friendly | Permalink |  | Top
 
HCE SuiGeneris Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Oct-20-08 06:29 PM
Response to Reply #10
14. I never install TeaTimer or the IE Helper...
My apologies for not mentioning this earlier. The tool I run in the background that provides greater functionality and uses less resources than TeaTimer is SpywareBlaster... http://www.javacoolsoftware.com/sbdownload.html
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-21-08 09:44 AM
Response to Reply #10
17. BTW ...

You don't need this:

C:\WINDOWS\system32\Ati2evxx.exe

You've got two instances of it running, it looks like, eating up resources.

Don't just delete it, but it doesn't need to be running, especially not twice.

It's ATI's hotkey poller. I've yet to find anyone who can genuinely explain to me what it is supposed to do and connect that with anything I might do between now and 2050.

It's installed with the ATI drivers. It can be disabled so it doesn't start up again, if you know how to do that. If not and you want to, let me know, and I'll give instructions.

It's no biggie to leave it running, but, as I said, it eats up resources.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Tue Oct-21-08 10:15 AM
Response to Reply #17
20. Yes. I'd like to know how to disable it.
Sometimes my computer is so slow. Thanks for your help!
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-22-08 08:02 PM
Response to Reply #20
27. Disabling a service ...

There are a few ways of doing this, but this should work ...

Click Start > Control Panel > Administrative Tools > Services

This will open a window with a list of services on your system, e.g. Alerter, Application Layer Gateway, etc. Some will be Started, others with a blank in that field, meaning they aren't running. Some will be labeled as Disabled, some Manual, others Automatic.

Look down the list, and you'll see a few for ATI. There's both a Name and a Description.

Look for one that says ATI Hotkey Poller.

Click on it, then Right Click on it. This will bring up a window with options. Check here in the field that says Path to Executable and make sure it ends with ati2evxx.exe. If so, this is the correct service to disable.

Near the bottom is a row of buttons. First click the STOP button to stop the service.

Then use the drop-down list box above where those Start, Stop, etc buttons are and select Disabled.

Click OK.

Done.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Wed Oct-22-08 09:15 PM
Response to Reply #27
29. Thank you for this.
I will attempt this when I am in a better frame of mind. The "thing" is back! :-(
Printer Friendly | Permalink |  | Top
 
HCE SuiGeneris Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Oct-19-08 10:22 PM
Response to Original message
8. Here are some steps that may help
Edited on Sun Oct-19-08 10:27 PM by BushDespiser12
First run CWShreddder from this link http://us.trendmicro.com/us/products/personal/CWShredder/ -- click on Remove CoolWebSearch and select RUN

Then

For non-viral malware...

Download, install and update the following software...

* Ad-aware SE 2008
http://www.lavasoft.com/products/ad_aware_free.php

* SpyBot Search and Destroy v1.6
http://www.safer-networking.org/en/download/

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

(Also download WinsockXP fix http://www.majorgeeks.com/download4372.html This will repair your internet connection should the removal of malware corrupt your winsock files.)

After the software is updated, I suggest scanning the system in Safe Mode. To boot into safe mode -- restart computer and tap f8 key repeatedly after first black screen appears -- select "safe mode" with the use of the arrow keys.

When done, simply choose restart and windows will boot normally.

Best of luck to you.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Mon Oct-20-08 10:03 AM
Response to Reply #8
11. I can't thank you enough.....
I am back up and running!!

I did not download Ad-aware as I had it before and I didn't like their new version. Will SpyBot Search and Destroy be sufficient? It is easy for me to use and understand.

I :loveya: ! Believe it or not, I did not know how to boot into safe mode in XP. When I was using Windows98 on my old laptop, it was so much easier.

I have saved your entire post!
Printer Friendly | Permalink |  | Top
 
HCE SuiGeneris Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Oct-20-08 04:16 PM
Response to Reply #11
13. Spybot S&D is less effective than Ad-Aware...
The latest version of Ad-Aware is more stable, but still can have "issues". I heartily recommend the SuperAntiSpyware -- when you install it, deselect run at startup so that it is not using system resources when you don't need it. It too, can and should be run in safe mode. This is now the most recommended free malware remover tool on the net. However, Ad-Aware has found items it misses...

Another valuable tool to run is CC Cleaner. It clears all your temp files and helps speed up your computer. Use the default settings after installing and select run cleaner. I do NOT advise doing anything with the registry analyzer.

Glad I could be of help. I do a small business on the side cleaning and updating other people's computers and try to keep updated with the latest free tools that are available...

Thanks for letting me know this helped you out!

:hi:
Printer Friendly | Permalink |  | Top
 
HamdenRice Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-21-08 06:11 AM
Response to Original message
15. Can anyone explain what this thread concluded???
Edited on Tue Oct-21-08 06:11 AM by HamdenRice
I have a similar problem. I recently installed Firefox. I connect using aol dialup, but in the past always used IE explorer. Then I installed Firefox and use that.

Recently, I have been occasionally locked out of google, but it's very intermittent. One minute I can use it; next minute I get just the "0" in the upper left corner; sometimes I get a white screen with something like "you are not permitted blah blah"; and sometimes I get

"Google
Error

We're sorry...

... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x21656

But it's very intermittent. I can check in two minutes and be able to get back to google.

All this started recently. I have Norton antivirus, so I don't think I have a virus or adware.

I've been thinking about what changed recently, and one thing that happened is that aol is pushing it's search engine relentlessly. It's one of the first screens you see when you log on.

Is aol interfering with google? on purpose?

And although you solved the OPer's problem, did anyone figure out what was hijacking him?

Thanks in advance.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-21-08 09:31 AM
Response to Reply #15
16. I think ...

I think it was CoolWebSearch, which would have been solved by CWShredder.

I'd have to know all the actions the OP took to know more than that, a S&D log, etc.

The Hijack log looks pretty clean. There's a couple of processes I'd check if I had the machine in front of me because I don't know if the system really needs them. AOL put so much junk on your machine (and I have so religiously avoided it) that it's hard to wade through for someone who doesn't deal with it often.

I think your problem is different, but I don't know for sure.

The thing where Google throws up some warning that a search term/expression you used looks like automated requests happens to a lot of people in a wide variety of circumstances. I searched for just the word "Oklahoma" once, and it did that. So, for that specific thing, I'm not sure there's much you can do. Or, I should say, I don't know where to begin to diagnose the problem. I haven't had it happen to me in months, but for awhile, it was happening several times per day. A couple others here were having the same problem at the same time.

You might try the CWShredder and see if things improve as far as the other problem is concerned.

Without launching into my typical rant, I'll advise that having Norton should probably not result in your thinking you don't have a virus. I've found more viruses on Norton protected computers than many others I've worked on. It also doesn't stop a lot of spy/adware at all. (Virus checkers in general tend not to.)
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Tue Oct-21-08 10:20 AM
Response to Reply #16
21. When the O was showing up,
I ran the CWShredder, and it said CoolWebSearch was not present. Kind of like from a process of elimination, I am concluding it is AOL.

I am seriously thinking about spending some extra $ and getting DSL from Embarq or Comcast Hi Speed as they have a special going on. I absolutely hate AOL.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-21-08 10:27 AM
Response to Reply #21
23. I'll do some searching ...

This could be an AOL thing. That does seem to be the common denominator here.

I just know so little about how AOL works now that I don't have answers off the top of my head, just experience with things I have seen it do.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Tue Oct-21-08 10:07 AM
Response to Reply #15
18. I still have this darn thing, too!
Edited on Tue Oct-21-08 10:11 AM by ancient_nomad
It is happening intermittently as you describe. I downloaded Firefox 3 this AM, and still get it. My problems began shortly after I noticed when trying to do a Google search from Firefox the results would show up as an AOL search powered by Google.

What I have found eliminates it temporarily is to close out Firefox, then run CCleaner and ATF Cleaner.
I am blaming it on AOL. I wish someone could figure out how it is doing this; maybe then we could correct or block the offender. It is soooo aggravating. I ran SpybotS&D, and SuperAntispyware and they found nothing, neither did AVG. So where it is hiding, God only knows.

I have to sign off for awhile, but will check back later today for more thoughts on this from RoyGBiv and BushDespiser12.


Edited to ask HamdenRice: Do you get the "kitchensinks" Certificate Verification too?
Printer Friendly | Permalink |  | Top
 
HamdenRice Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-21-08 10:14 AM
Response to Reply #18
19. I also think it is aol
It started happening around the time aol launched this thing. I do not however get the kitchensinks thing.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Tue Oct-21-08 10:22 AM
Response to Reply #19
22. Do you have ......
CCleaner and ATF Cleaner?
Printer Friendly | Permalink |  | Top
 
HamdenRice Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-22-08 08:00 AM
Response to Reply #22
24. No. I just noticed something fishy. I can use google within AOL
I just can't use it in a separate browser.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Wed Oct-22-08 10:05 AM
Response to Reply #24
25. That is very wierd.
Edited on Wed Oct-22-08 10:43 AM by ancient_nomad
Do you by any chance have Google Chrome?

Edit to add:

The reason I ask is I had it installed as a backup browser. Last night I had a real battle going on with this "thing".

What was happening was in Firefox Tools Options Privacy, something kept changing my settings to "Accept third party cookies". I never checked that box, yet it kept being checked. Then this "thing" would take over, and I got the "0" over and over. During the time it kept changing the "Accept third party cookies" box, Firefox would become unresponsive. Then a script box would come up stating "http: Chrome preferences (I don't remember the entire thing) encountered a problem", should it continue running script or cancel. I didn't have Google Chrome open. I wondered WTH, how is http chrome in Firefox privacy settings. I was so frustrated, I went into Control Panel and deleted Google Chrome. Ever since, the problem has not recurred. It has now been 14 hours, knock on wood, without a repeat of the problem.

So, if you have Google Chrome installed, try uninstalling it. Somehow, I still think AOL is involved in this whole mess, especially since Google searches in Firefox came up as AOL Searches.

Maybe RoyGBiv or one of the others have an idea what is going on.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-22-08 07:54 PM
Response to Reply #25
26. I'm stumped ...

AOL and Google are in bed together, so there's no telling what is going on behind the scenes. Since you're going through AOL's network, they have the ability to redirect anything they want to specific IPs, so it may be the case that you're being redirected to a specific Google page.

Just to satisfy my own curiosity, can you tell me if this is what you're doing when you search Google. You go to www.google.com, type in your search terms, click "search," and then when the results page pops up you are somewhere getting a message or page or something that shows AOL's name somewhere? If that's not close, could you describe that for me a little?

I think this may be something that if I were able to sit at your computer and look at what's happening, I might be able to give a better explanation, but since I am generally ignorant of the details of how AOL works these days, all I'd be doing at this point is guessing.

Chrome may well be an issue, btw. That too installs some stuff you didn't necessarily ask to be installed. I noticed from the log you posted that you have Google Updater running. This isn't malicious, but I don't like the fact it's "given" to you in a backhanded manner when you install a google app. And, I've read of some problems with it, not the specific thing, but there's no telling what it might influence.

Sorry I couldn't be of more help.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Wed Oct-22-08 09:13 PM
Response to Reply #26
28. Here is what I do.....
I sign onto AOL, and minimize the screen. I do not use AOL. I then open the Firefox browser. (BTW, the damn thing is back! It had been gone 24 hours, and I am angry) If I want to search Google, I use the drop down Google search or sometimes I search from the Mozilla Firefox Start Page, which is my homepage. Right before this "thing" first started, I noticed these Google searches were coming up "AOL search powered by Google". Then the following happened. When I went to TOOLS, Options, Privacy, I tried to open Exceptions, Firefox became unresponsive, a notice comes up "script: chrome.....preferences"(I can't remember it all) has stopped running, do you want to stop running the script or continue. Then when I look at the Privacy page I notice the box to accept third party cookies has been checked. I did not check that box. So, I uncheck it. Next thing I know Firefox is unreponsive, and it is checked again.
Something is accessing the Firefox options. This is so frustrating. And, now I have the "kitchensinks" thing back. So, when I try to access G-Mail or Google Search, I get the "0" page.

I did uninstall Google Chrome, and that gave me 24 hours of normal use. Now it is back...arrrgh. How can I tell if that Google updater is still installed?

You have been a great help. Having an ally through this is a blessing. Thank you for your input.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-22-08 10:22 PM
Response to Reply #28
30. Small experiment ...

Go to www.google.com

Search from there. See what happens.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Wed Oct-22-08 10:55 PM
Response to Reply #30
31. OK...
Edited on Wed Oct-22-08 11:07 PM by ancient_nomad
I typed in www.google.com and the normal Google search page opened.

OMG!! Just for the heck of it I searched for kitchensinks.n0t
You have to check this out. Here is the link from my search results:

http://www.google.com/search?hl=en&q=kitchensinks.n0t&btnG=Search

Does this help? I am not too swift with this. BTW I used the zero in the "n0t"
What does this mean?????

Edit to add:

It looks like a lot of people are getting this. I have been reading the links from the above search.
This one from a lavasupport forum is interesting, maybe you can make sense out of it. Here is the link:
http://www.lavasoftsupport.com/index.php?s=e4c81be9e082e2489bb7e9454974363a&showtopic=21307

All I know is this "thing" is annoying and frustrating. TIA
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-22-08 11:30 PM
Response to Reply #31
32. Well now ...

I feel stupid. I searched for kitchensink.not, rather than with the zero. I have no idea why that didn't occur to me.

But, it seems, what had occurred to me as a possibility before I unfortunately got off on the AOL track is that this is some sort of DNS corruption/attack or a HOSTS file problem.

Or not. This seems to be an ongoing issue with even people from Google not entirely certain what's happening.

After reading through several of these threads, including one on Google's support group on Usenet from *today*, yes, this appears to be a pervasive issue that is spreading.

Seems like we were barking up the wrong tree with AOL being the culprit as several people posting don't use AOL. (That Google via AOL thing is, I think, a result of your using the search bar in Firefox. That thing can be modified so that it redirects things.)

At least I don't feel so bad for being clueless.

There's a couple things you can try. I have no idea if this will work. We'll do this first, and tomorrow I'm going to try to show you how to use OpenDNS as your DNS server to bypass AOL's.

Go to C:\WINDOWS\SYSTEM32\DRIVERS\ETC on your hard drive and look for a file called "hosts" and open it in notepad. If it's not there, just create it with notepad.

If it exists and anything at all is in there, save the file as hosts.bak or something, and then create a new file called hosts ... just hosts, not hosts.txt or any extension at all. Grrr ... I just remembered I can't remember now if notepad automatically adds the .txt extension or allows you to edit it out. You may have to save it as is, then rename it so it doesn't have an extension. Well ... if it comes to that I'll explain that later if you don't know how. It'd just clog this up.

Anyway ... so, where we're at now is we have a clean, new file open in notepad. Add this line:

209.85.171.99 google.com

Save it, again as just hosts in the directory mentions. Restart your browser. (You may have to reboot ... I can't remember if that's required in Windows or not. Do it anyway just in case.) What this does is when you go anywhere on the network, your browser first looks to see if you have a hosts file, and if you do, it gets the IP address out of the hosts file rather than doing a DNS query.

If you get all that done, let me know how it goes.
Printer Friendly | Permalink |  | Top
 
CabalPowered Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 08:47 AM
Response to Reply #32
33. I did see this
Same thing happened to me.

Go to "TOOLS" in Firefox

then "OPTIONS"

then the "CONTENT" tab

then under "LOAD IMAGES", click on 'exceptions'......

in the 'Address Of The Website' space, type ---(I'm using DOT here to signify an actual dot (.) and the word ZERO for the actual numeral)

that's the very address it says the googleDOTcom security certificate is pointing to.....................so type in:

wwwDOTkitchensinksDOTnZEROt

then click the 'BLOCK' button.

It fixed my problem. Apparently Google is using a small image as a cookie tracking device under THAT kitchensinks offensive domain.


http://support.mozilla.com/tiki-view_forum_thread.php?locale=fr&comments_parentId=188363&forumId=1


Which begs the question, how was this hijack delivered?
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 08:56 AM
Response to Reply #33
34. That is the question ...

It's not happening with me, which is one problem I've had trying to figure this out. I can't reproduce the issue. I even fired up an emulated Windows and tried to do stuff I shouldn't do just to see if I could watch it happen.

Anyway, if that tracker is the problem, yeah, that should work.

I'd still recommend the hosts file (with addresses for a lot of sites visited frequently, actually) and using OpenDNS. There was some speculation in a couple threads that the original avenue of attack was a DNS exploit caused by systems not updating to patch the exploit found awhile back.
Printer Friendly | Permalink |  | Top
 
CabalPowered Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 10:35 AM
Response to Reply #34
35. I think you're correct and the host file would fix it
Reading through the gmail help tickets, it appears that aol is the culprit. The simplest explanation might be that aol has not patched all their dns servers and they got poisoned.

Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 10:55 AM
Response to Reply #35
37. Wouldn't surprise me ...

I read an article within the last month estimating large percentages of systems hadn't been patched, and it named a couple of biggies, though I don't recall the details at the moment.

And it does seem centered on AOL users. I'm giving myself whiplash here. Reading last night I was under the impression this was taking place outside AOL's domain, but reading the threads today has turned up some connection to AOL's network all around.

Poisoned DNS is more and more sounding like the problem.
Printer Friendly | Permalink |  | Top
 
CabalPowered Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 11:05 AM
Response to Reply #37
39. It just goes to show how unsecure dns really is
It would seem a basic protection would be to check the mask of the suffix of the entry being updated. It should not be possible to inject a numerical character into what is exclusively an alpha mask.

I also read that the security cert that pops up was supposedly issued in August, which would be about the time the dns exploit was being announced.

Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 11:11 AM
Response to Reply #37
42. Just received this message....
from Poster, Karen, on the Mozilla support forum. Thought this additional info might be of interest to you.

http://support.mozilla.com/tiki-view_forum_thread.php?forumId=1&comments_parentId=188363#threadId190510

Message:
----------------------------------------------------------------------
The suggestion to use Scroogle was general information only, and a suggestion for safer and more private browsing..but it doesn't solve this particular problem.

(In fact, EACH 'solution' has been short lived.)

It' still plaguing me on my home computer, but not here at work--and just like everyone else, it started at the same time, within the past week.

I read in another forum that AOL seems to be connected to this anomalous 'rogue' certificate, and I tend to agree.

My computer at home uses CompuServe to get online and unfortunately, they were bought out by AOL several years back....therefore everything at home is actually pirated and shadowed in some way by AOL, try as I might to keep them out of my browsing experience.

Here at work it's straight Windows Explorer XP on a T1 line, Internet Explorer based with Firefox used for browsing-- and no 'kitchensinks' bogus or hacked security certificate, and no problems viewing either Google websites or Gmail.

Sorry. My 'fix it' was temporary. Whatever is happening, it's finding its way around all solutions.

At home, all I can do to remedy the situation right now, is to constantly clear my cache and cookies (and sometimes even THAT doesn't work) and I have to close out of Firefox and reopen it again.

What I did find is that logging into Gmail through a proxy server works.

Right now that's the only thing that's fullproof, but it's annoying to have to do it.

WHERE ARE THE GOOGLE PROGRAMMERS??? They are ignoring the whole situation--- and that makes me think it's one of their own coding/widget projects gone awry and no one wants to admit it.
----------------------------------------------------------------------
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 11:15 AM
Response to Reply #42
43. Interesting ...

*If* the problem is in fact DNS poisoning, I don't know if Google can really do anything about it directly. This is AOL's problem to fix. Google could put pressure on them, but who knows if they will.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 11:03 AM
Response to Reply #33
38. Thank you!
I went to the link you provided. The poster, Karen, added a couple more things to block, which I did. I guess I'll see how this works. Whatever this "thing" is, it is annoying and frustrating. Makes me want to tear my hair out when it keeps showing up. Am just glad it was not more malicious.

A couple times in the past I had trouble accessing another site due to AOL not updating their DNS files. Someone gave me instructions on how to flush DNS files. I am not computer literate, which presents a real problem. :-( I still blame AOL for this along with Google for not correcting the problem as it's on their sites this is happening.
Printer Friendly | Permalink |  | Top
 
CabalPowered Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 11:10 AM
Response to Reply #38
41. No problem
Might be time to consider another provider.. :hi:
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 11:21 AM
Response to Reply #41
44. Yes...Yes...YES!!!
I am going to look into it this afternoon. :-) Then I want to remove everything AOL off this computer! I know I'll be asking for help to do that. ;-)
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 10:49 AM
Response to Reply #32
36. I don't know how to do this in XP.....
snip:

Go to C:\WINDOWS\SYSTEM32\DRIVERS\ETC on your hard drive and look for a file called "hosts" and open it in notepad. If it's not there, just create it with notepad.

If it exists and anything at all is in there, save the file as hosts.bak or something, and then create a new file called hosts ... just hosts, not hosts.txt or any extension at all. Grrr ... I just remembered I can't remember now if notepad automatically adds the .txt extension or allows you to edit it out. You may have to save it as is, then rename it so it doesn't have an extension. Well ... if it comes to that I'll explain that later if you don't know how. It'd just clog this up.

Anyway ... so, where we're at now is we have a clean, new file open in notepad. Add this line:

209.85.171.99 google.com

Save it, again as just hosts in the directory mentions. Restart your browser. (You may have to reboot ... I can't remember if that's required in Windows or not. Do it anyway just in case.) What this does is when you go anywhere on the network, your browser first looks to see if you have a hosts file, and if you do, it gets the IP address out of the hosts file rather than doing a DNS query.


BUT,I would like to give it a try. I know it is asking a lot, but could you give me step by step directions? BTW, I've already done the things CabalPowered suggested + I went to the mozilla forum and the poster Karen added a couple more things to block under contents which I have done. So, thanks to CabalPowered and you!
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 11:06 AM
Response to Reply #36
40. It's not hard ...
Edited on Thu Oct-23-08 11:12 AM by RoyGBiv
It's just a matter of forcing Windows to let you do things yourself.

Open a folder on your system, any folder. My Documents will do.

At the top, click on Tools > Folder Options

This will bring up a window. Click the View tab. Scroll down the window of options until you see a box labeled "Hide extensions for known file types." Uncheck it. Click OK.

All this does is allow the display of file extensions.

You can now create the hosts file. Notepad will save it as "hosts.txt." You can now rename it just to "hosts." Right click on it, click rename, remove the extension and the DOT (.) character. You'll get a warning from windows that by changing the extension, things may not work properly. For this purpose, ignore that warning.

To edit that file late, you'll either have to start notepad first and load it, or when you click on the file to load it, you'll have to choose which program to use, which can be annoying.

OnEdit: If it annoys you to have the extensions displayed, you can repeat the process above and re-check the box after you've done this.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 11:23 AM
Response to Reply #40
45. Will try this in about an hour....
thanks so much!
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 01:04 PM
Response to Reply #40
46. I am this far....
You can now create the hosts file. Notepad will save it as "hosts.txt." You can now rename it just to "hosts." Right click on it, click rename, remove the extension and the DOT (.) character. You'll get a warning from windows that by changing the extension, things may not work properly. For this purpose, ignore that warning.

QUESTION: How do I create the hosts file? Do I open a new folder in My Documents? I'm afraid I need step by step instructions...again! :-(


Oh, another DUer in GD just asked for help with the same problem. I directed her/him here.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-23-08 01:27 PM
Response to Reply #46
47. It's just a text file ...

Your creation of the hosts file is just naming a file "HOSTS" with some specific text in it.

But hold off for a moment. I've been reading up on how AOL does things, and it appears that using a HOSTS file with AOL doesn't work. It doesn't break anything, but it doesn't fix it either.
Printer Friendly | Permalink |  | Top
 
ancient_nomad Donating Member (474 posts) Send PM | Profile | Ignore Thu Oct-23-08 02:34 PM
Response to Reply #47
48. I'll wait till your next post....
no hurry. :-) My day is interrupting my time working on this.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Fri Apr 26th 2024, 09:20 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC