02-05-2005, 16:54
|
#1
|
|
Inactive
Join Date: Nov 2003
Location: Grimsby
Posts: 2,004
|
404 Hijacked by Google
I've had my 404 page hijacked by google, it now goes straight to google.com. Ran hijackthis and can't see anything of any relevance, can anybody tell me what files ie querys when it gets a 404?
|
|
|
|
02-05-2005, 16:57
|
#2
|
|
Inactive
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
|
Re: 404 Hijacked by Google
Do you mean that instead of getting a 404 on any site you are getting a google page, or do you mean that you are getting a google page instead of a specific site's 404 page?
|
|
|
|
|
02-05-2005, 17:09
|
#3
|
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 63
Services: IDNet FTTP (1000M), Sky Q TV, Sky Mobile, Flextel SIP
Posts: 30,140
|
Re: 404 Hijacked by Google
404 pages are served up by the remote server - I don't see how anyone, or anything, could hijack them locally.
__________________
 Baby, I was born this way.
|
|
|
|
|
02-05-2005, 17:20
|
#4
|
|
Inactive
Join Date: Nov 2003
Location: Grimsby
Posts: 2,004
|
Re: 404 Hijacked by Google
Any site, i'm not talking about custom remote 404 pages, but the 'This page cannot be displayed', I've just noticed that within ms, usually instantly i'm forwarded to google.com.
|
|
|
|
|
02-05-2005, 17:29
|
#5
|
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 63
Services: IDNet FTTP (1000M), Sky Q TV, Sky Mobile, Flextel SIP
Posts: 30,140
|
Re: 404 Hijacked by Google
Quote:
|
Originally Posted by jtwn
Any site, i'm not talking about custom remote 404 pages, but the 'This page cannot be displayed', I've just noticed that within ms, usually instantly i'm forwarded to google.com.
|
Ah, "this page cannot be displayed" is something totally different - it is not a 404 error, that is a locally displayed thing. That will be a registry setting somewhere.
__________________
Baby, I was born this way.
|
|
|
|
|
02-05-2005, 17:45
|
#6
|
|
Inactive
Join Date: Jul 2003
Posts: 2,820
|
Re: 404 Hijacked by Google
Ah...now my mind seems to recall something about this.
In IE's settings you can tell IE to use the default search page when it finds a URL it can't open. The default for this is the MSN search page, but you can change this..I think there's an option (but I am probably wrong) in XP PowerToys to do this...or as Paul say in the registry.
|
|
|
|
|
02-05-2005, 17:53
|
#7
|
|
cf.mega poster
Join Date: Nov 2003
Location: Reading
Age: 41
Services: Virgin Media Broadband Size M
Posts: 6,546
|
Re: 404 Hijacked by Google
download hijackthis- you can then delete the entry that tells IE to use google as the default search.
If you are not sure which it is, post the log back here, and i will point it out for you.
|
|
|
|
|
02-05-2005, 20:48
|
#8
|
|
Inactive
Join Date: Nov 2003
Location: Grimsby
Posts: 2,004
|
Re: 404 Hijacked by Google
Thanks for your help guys.
Hijackthis log -
Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:38:06, on 02/05/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files (x86)\Devices\Audio Deck\EnMixCPL.exe
C:\Program Files (x86)\Internet Apps\NetLimiter\NetLimiter.exe
C:\Program Files (x86)\Microsoft IntelliType Pro\type32.exe
C:\Games\Valve\Steam\Steam.exe
C:\Program Files (x86)\Devices\SpeedFan\speedfan.exe
C:\Program Files (x86)\File Sharing\Azureus\Azureus.exe
C:\Program Files (x86)\Internet Apps\Java\jre1.5.0_02\bin\javaw.exe
C:\Program Files (x86)\Internet Apps\NoNameScript\mirc.exe
C:\Program Files (x86)\Internet Apps\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Outlook Express\msimn.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache1-lang.server.ntli.net:8080
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Internet Apps\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\SysWow64\winvbie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\SysWow64\msiev32.dll
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files (x86)\Devices\Audio Deck\EnMixCPL.exe"
O4 - HKLM\..\Run: [NetLimiter] "C:\Program Files (x86)\Internet Apps\NetLimiter\NetLimiter.exe" /s
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files (x86)\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\RunServices: [Microsoft Message Queue Manager (Critical)] msmdsrvx.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files (x86)\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Internet Apps\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Internet Apps\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{161798E9-D96D-4797-928A-469378B957DC}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{161798E9-D96D-4797-928A-469378B957DC}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{161798E9-D96D-4797-928A-469378B957DC}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
This is on Windows x64 and comes up with many errors when first searching. Also, after running avast earlier, came across with my WinSock32.dll (cannot be sure whether it was a clone in the wrong folder/slight file name difference) but it was a trojan/infected and was deleted, i'm guessing that might of had some relevance?
|
|
|
|
|
02-05-2005, 20:52
|
#9
|
|
cf.mega poster
Join Date: Dec 2003
Location: Baw deep in a munter
Age: 49
Services: Initiations, rep rigging and orgies!
Posts: 5,750
|
Re: 404 Hijacked by Google
Might seem like a daft suggestion - but - you do have Google toolbar installed by the look of it.
Is it an option within that?
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
And
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
|
|
|
|
|
02-05-2005, 20:59
|
#10
|
|
Inactive
Join Date: Jun 2003
Location: Los Angeles, CA
Age: 46
Posts: 6,343
|
Re: 404 Hijacked by Google
Quote:
|
Originally Posted by TheBlueRaja
Is it it an option within that?
|
Looks like it.
I couldn't help noticing you're running the 64-bit version of XP BTW.  
|
|
|
|
|
02-05-2005, 21:22
|
#11
|
|
cf.mega poster
Join Date: Dec 2003
Location: Baw deep in a munter
Age: 49
Services: Initiations, rep rigging and orgies!
Posts: 5,750
|
Re: 404 Hijacked by Google
 Rich - if you say - had a heart attack (just theoretically speaking mind - this aint no voodoo curse), would your sig change to say Current Status :- Call an ambulance or something?
|
|
|
|
|
02-05-2005, 22:14
|
#12
|
|
cf.mega poster
Join Date: Dec 2003
Age: 50
Posts: 7,101
|
Re: 404 Hijacked by Google
Bluey, yeah it would... have a look here http://www.phpfuture.net/code/MySync/about/
Quote:
|
Included in this message would be a personal message from myself and several instructions that are to be carried out.
|
I want to know what these instructions will contain. Ricin bombs planted in the underground...? Transfer of money from Swiss bank accounts...?
|
|
|
|
|
02-05-2005, 22:43
|
#13
|
|
Inactive
Join Date: Nov 2003
Location: Grimsby
Posts: 2,004
|
Re: 404 Hijacked by Google
Quote:
|
Originally Posted by TheBlueRaja
Might seem like a daft suggestion - but - you do have Google toolbar installed by the look of it.
Is it an option within that?
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
And
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
|
Nope, not as far as i can see. Tried 'Reset web settings' in the internet options - nothing 
Quote:
|
Originally Posted by Richard M
Looks like it.
I couldn't help noticing you're running the 64-bit version of XP BTW. |
Yep  Solid as rock too, well impressed with it. Just need to get more drivers built for it.
|
|
|
|
|
02-05-2005, 23:02
|
#14
|
|
cf.mega poster
Join Date: Dec 2003
Location: Baw deep in a munter
Age: 49
Services: Initiations, rep rigging and orgies!
Posts: 5,750
|
Re: 404 Hijacked by Google
Quote:
|
Originally Posted by Gareth
Bluey, yeah it would... have a look here http://www.phpfuture.net/code/MySync/about/
I want to know what these instructions will contain. Ricin bombs planted in the underground...? Transfer of money from Swiss bank accounts...? |
Mental!
jtwn - Out of curiosity - could you uninstall the toolbar and see what happens? You could just reinstall it afterwards - shouldnt take more than 5 mins..
|
|
|
|
|
02-05-2005, 23:40
|
#15
|
|
Inactive
Join Date: Jun 2003
Location: Los Angeles, CA
Age: 46
Posts: 6,343
|
Re: 404 Hijacked by Google
Quote:
|
Originally Posted by TheBlueRaja
Quote:
|
Originally Posted by Gareth
Bluey, yeah it would... have a look here http://www.phpfuture.net/code/MySync/about/
I want to know what these instructions will contain. Ricin bombs planted in the underground...? Transfer of money from Swiss bank accounts...? |
Mental! |
I think it's sensible, but that's your opinion. 
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 13:07.
|
Join CF
You are here: 
