# firewall or virus blocking google?



## sbsankey

I cannot seem to log in or have normal access to google

When I try to sign in to anything google – google groups, google blogger etc. I get a “page cannot be displayed” error in I.E.6 and I get a “The connection was refused when attempting to contact www.google.com” error when using FireFox

I cannot connect to main google page at all in I.E. 6 unless I have tools>options>connections>LAN settings>auto detect settings enabled.

Recently had a virus issue that took a lot to recover from and installed AVG 7.5 which was the only program that was able to get rid of the virus. I thought it was a firewall thing so I disabled it AVG but that didn’t make a difference. I even went into windows safe mode with connections and I still could not access google.

What on earth am I doing wrong? I have run Adaware and deleted all threats. I have specifically made google.com and google.ca allowed sites in I.E. 6 with no effect. Are there any suggestions? Can anyone help me?


----------



## johnwill

Navigate to C:\WINDOWS\system32\drivers\etc and right click on the hosts file. Open it with NOTEPAD and copy/paste the entire contents here. My guess is that something or someone has included an entry in this file to block Google.


----------



## sbsankey

Here is the notepad version of hosts. 

#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
68.145.59.235 conspiracy.hopto.org
127.0.0.1	forums.techguy.org
127.0.0.1	www.castlecops.com
127.0.0.1	castlecops.com
127.0.0.1	www.microsoft.com
127.0.0.1	siri.urz.free.fr
127.0.0.1	www.majorgeeks.com
127.0.0.1	majorgeeks.com
127.0.0.1	www.spywareinfo.dk
127.0.0.1	spywareinfo.dk
127.0.0.1	www.superantispyware.com
127.0.0.1	superantispyware.com
127.0.0.1	www.compu-docs.com
127.0.0.1	compu-docs.com
127.0.0.1	www.pandasoftware.com
127.0.0.1	pandasoftware.com
127.0.0.1	download.bleepingcomputer.com
127.0.0.1	www.bleepingcomputer.com
127.0.0.1	bleepingcomputer.com
127.0.0.1	www.google.com
127.0.0.1	google.com
127.0.0.1	www.google.ca
127.0.0.1	google.ca
127.0.0.1	www.ewido.net
127.0.0.1	ewido.net
127.0.0.1	www.greyknight17.com
127.0.0.1	greyknight17.com
127.0.0.1	help.lockergnome.com
127.0.0.1	cleanup.stevengould.org
127.0.0.1	stevengould.org
127.0.0.1	www.tomcoyote.org
127.0.0.1	tomcoyote.org
127.0.0.1	www.depannetonpc.net
127.0.0.1	depannetonpc.net
127.0.0.1	www.wilderssecurity.com
127.0.0.1	wilderssecurity.com


----------



## johnwill

You had some sort of malware that updated your HOSTS file. Note that all the entries are for computer security sites and search engines.

You can fix this, but I'd also post a HijackThis log in your HJT forum, because we're not fixing the root cause by doing this.

Open HOSTS again with NOTEPAD, and delete EVERYTHING after the line.

127.0.0.1 localhost

You should be left with the following HOSTS contents, save it and see if it works better.

#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


----------



## sbsankey

it worked! Thanks a million. I will try the hijack thing later when I have more time.


----------



## johnwill

Like I said, this didn't happen by accident, you obviously have, or at least had, some malware that put those entries in there.


----------



## achesonj

My computer is having the same problem. I navigated to C:\WINDOWS\system32\drivers\etc\HOSTS and I had a similar looking set of entries. I deleted everything after 127.0.0.1 localhost but when I tried to save the changes I received the error message "Cannot create the C:\WINDOWS\system32\drivers\etc\HOSTS file. Make sure that the path and filename are correct." Do I need to download a program to be able to update these files? Notepad won't do it.


----------



## johnwill

Please follow the instructions here: http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.


----------



## Zars01

Thanks! I was having a similar problem -
But it wasn't just google that wasn't loading for me (maybe especially not google - that's how I found your advice).

Anyways, I opened the host file and found:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1 localhost
#	::1 localhost

I realized that the line
#	127.0.0.1 localhost

had a number sign that was probably "hiding" the code from my computer.
I'm not sure how this happened, but it was an easy fix.
Suddenly my computer works fine. Thanks!


----------

