Earlier this week my little brothers informed me they were unable to sign on to YouTube with their (Windows XP) computer. When they attempted to do so, Firefox returned an error stating, “The connection to www.google.com was interrupted while the page was loading”.
Over the phone I walked the more tech-savvy of the two through routine troubleshooting steps… clearing browser cache,
ipconfig /release and /flushdns, and rebooting the computer and router.
When the problem persisted after the reboot, I decided to log in remotely and poke around. Soon I realized the error occurred with any Google service… which handle sign ons through https://www.google.com/. Firefox’s network settings appeared kosher and though I could access http://www.google.com, https://www.google.com returned the interrupted connection error.
So I fired up the command prompt and pinged www.google.com. The IP returned was 204.152.194.149 which turned out to be owned by QuadraNet. My first thought was malware had altered the DNS settings of the computer, but ipconfig stated it was using the DNS servers I had specified some years earlier, and netstat didn’t reveal anything which could have been intercepting DNS lookups.
Having hit a wall, I ran full scans with Microsoft Security Essentials and Malwarebytes. Neither found any problems. Grrr.
Pondering possible causes to DNS problems, I wondered if Windows had an equivalent to *nix’s /etc/hosts. If so, malware could have altered it to have www.google.com resolve to 204.152.194.149. After a bit of googling, I learned Windows’ hosts file is located at WINDOWS/system32/drivers/etc/hosts. I opened the file and saw this. Most ungood. I removed the entries save the required 127.0.0.1 localhost line and tried to save the file, only to be hindered by another error. Oops, it was read-only. But what now? “Access denied” when I attempt to remove the attributes protecting the file? No matter, for I was able to rename the file thus rendering it impotent. Upon creating a new, proper, hosts file, immediately the issues vanished. www.google.com resolved to a Google-owned IP, and the ability to sign on to Google services was restored.
I don’t know what altered the hosts file. Last month I removed the malicious Internet Antivirus 2011 from the same computer, but the sign on problem wasn’t reported until over a week later.
