Google hater

[DrVirus]

Hey guys it's me again. Like I said before, what a day !! Here I was enjoying the ending of my exam with loads of Bleach. But this Canadian guy wont let me.
I have a new computer arrival. It seems something is blocking gmail in it. You can reach the gmail.com but once you try to log in :

Chrome :


Firefox :


Pretty pathetic hah !! I tried all sorts of Malware, Trojan, Spyware cleaner I ever heard of. There were a few but cleaning them didn't help a whole lot. So then I did what anyone it their right mind would do. I did a Hijackthis scan.
And bingo !! Would ya look at that :

O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O1 - Hosts: 64.86.17.32 google.com.ag
O1 - Hosts: 64.86.17.32 google.com.ar
O1 - Hosts: 64.86.17.32 google.com.au
O1 - Hosts: 64.86.17.32 google.com.bn
O1 - Hosts: 64.86.17.32 google.com.br
O1 - Hosts: 64.86.17.32 google.com.by
O1 - Hosts: 64.86.17.32 google.com.bz
O1 - Hosts: 64.86.17.32 google.com.cu
O1 - Hosts: 64.86.17.32 google.com.ec
O1 - Hosts: 64.86.17.32 google.com.fj

In case the reader (that's you) don't know what the hell is going on, See O1 in Hijackthis log represents host file redirection. So when I enter anything related to google. I am redirected to 64.86.17.32. Which is :

General information on 64.86.17.32:

IPv4 address: 64.86.17.32
IPv6 address: ::ffff:4056:1120
Host name: ice.cypher.ca
Reverse DNS: ice.cypher.ca
Country: Canada
City: Montreal, QC

RBL (Real-Time Blocking List) lookup on 64.86.17.32:

SPAMCOP: Not Found
SBL: Listed in Spamhaus Block List (sbl.spamhaus.org)
XBL: Not Found
CBL: Not Found
NJABL: Not Found
SORBS: Not Found
SURBL: Not Found

Whois information on 64.86.17.32:

OrgName: Tata Communications
OrgID: TATAC
Address: 1555 Carrie-Derick
City: Montreal
StateProv: QC
PostalCode: H3C-6W2
Country: CA

NetRange: 64.86.0.0 - 64.86.255.255
CIDR: 64.86.0.0/16
OriginAS: AS6453
NetName: TATAC-ARIN-2
NetHandle: NET-64-86-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
RegDate: 2000-05-04
Updated: 2009-07-13

OrgAbuseHandle: ABUSE1643-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-514-868-7875
OrgAbuseEmail: cabuse@tatacommunications.com

OrgNOCHandle: IPNOC8-ARIN
OrgNOCName: IPNOC
OrgNOCPhone: +1 514 868-7888
OrgNOCEmail: ipnoc@tatacommunications.com

OrgTechHandle: ZT129-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1 514 868-7777
OrgTechEmail: ip-addr@tatacommunications.com

And the ip 74.125.45.100 belongs to google. In case you were wondering. Now anyone has any general idea what should be my course of action ? What to do with a guy who hates google ??

DrV

[Big-E]

My guess would be the attack is targeting 64.86.17.32, no one in their right mind in Canada would distribute malware and redirect traffic to their own servers - that would land them in jail. Our laws are pretty strict that way.

If you mean course of action towards removing the malware, you will have to give us more info on the infection. Perheps start with the complete hijackthis log.

[lilrofl]

I agree with Big-E, sort of a Ddos by proxy... got more info?

Inquiring minds want to know

[DrVirus]

Well I'm pretty curious too. But my knowledge about these things are limited. Any idea what I can do in order to gather more info ??

And Big-E thanks man, but I'll try and clean it up myself. I have a feeling that cleaning up the hosts will allow gmail to work properly again. And the rest of the shit is mostly gone due to the intense virus/spyware/malware/trojan scans in went through.

DrV

[Kirk]

I would like to know more about hijakthis. I've never heard of it. Where can I get it, What does it do (primary functions), etc.

[lilrofl]

I would like to know more about hijakthis. I've never heard of it. Where can I get it, What does it do (primary functions), etc.

Code: Select all

http://free.antivirus.com/hijackthis/

Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer

the big deference between Hijackthis and other malware scanners, is that the program doesn't not tell you what is good or what is bad... only what is running. Leaving the purpose of the program for you to decided. It does however have a large following so finding help interpreting the files is not hard

[DrVirus]

If you are going to use Hijackthis then you should read about all the things that show up in a scan.
Here's a good tut I myself use :

Code: Select all

http://www.bleepingcomputer.com/tutorials/tutorial42.html

DrV