AltaVista Traversal? - Page 2
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 42

Thread: AltaVista Traversal?

  1. #11
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Carla,

    Don't run HijackThis FIRST. Save it for later. Let's see what we can get rid of using some tools first


    Moissonite has given you a link to SpyBot Search and Destroy. Get that first, and run its update program. Then boot into safe mode and delete what it finds.

    I will get back to you with a couple of other ideas.

    Cheers

    EDIT:

    http://www.lavasoftusa.com/software/adaware

    http://www.SwatIt.org

    Update them and run them in safe mode as well. OH............SwatIT takes a long time but is very thorough.

    Then try CWShredder.............I will post the link in a moment

    http://www.intermute.com/spysubtract..._download.html
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #12
    Member
    Join Date
    Aug 2004
    Posts
    70
    Actually on hindsight my fellow Brit, nihil, is right (even if he is from Bridlington )

    Leave the HijackThis until last.

    I still have painful memories of friends killing their net connections while irradicating an essential link to their modem/ISP after using HT.

    It's a great little program - but can go very wrong if your not entirely sure what should and should not be there.

    Just think - you may lose all contact with us - then you WOULD have something to cry about
    # Now if I ever needed inspiration,
    Right about now where I lose my patience,

  3. #13
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Yes,

    I get quite a few with lots of spy/ad ware on them (kids with P2P and the like ) I find it easier to use the tools then HJT to sort out the rest.

    Too lazy to remove over a hundred by hand

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #14
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    It could be that your ISP really f*ked up their DNS entries. Or maybe implemented an IP-range block for AltaVista's IP block. I know for a fact that my ISP is really slow at updating their DNS entries and they also implement specific IP blocks. Like I can't visit my highschool's website from home and I can't visit my home server from my highschool. Although with proxies I can do so no problem. I'm going to complain to them about it some time soon...

    Anyways, to see if the address is being resolved, you should try Ping-ing altavista. The Ping is a level 8 ICMP packet that contains a random string (usually "ABCDEFGHIJKLMNOP" that repeats for the length indicated) and that gets a reply of the same random string from the destination computer. (The ping of death that is mentioned on the main page recently is just a ping that has an illegally long random string of over 65500 characters that some computers don't have the ability to deal with)

    Open up Command Prompt on your compter by going to Start -> Run -> Type in "CMD" (For Windows XP/2K/NT) -- a black box should appear. Type in the bolded parts:

    Code:
    C:\Documents and Settings\UserName>ping www.altavista.com
    
    Pinging avatw.search.yahoo2.akadns.net [66.94.229.254] with 32 bytes of data:
    
    Reply from 66.94.229.254: bytes=32 time=32ms TTL=243
    Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
    Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
    Reply from 66.94.229.254: bytes=32 time=47ms TTL=243
    
    Ping statistics for 66.94.229.254:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 32ms, Maximum =  47ms, Average =  43ms
    
    C:\Documents and Settings\UserName>
    You should get an IP address that is similar to mine above. If you get some sort of message like "Request timed out." then something is blocking your attempts to connect. Like your computer's firewall or your ISP's firewall. If you get "Unknown host www.altavista.com." then your ISP's DNS is messed up. You'd need to find another DNS server to use, or you could edit your hosts file to point to the IP I have above.


    Anyways, try that and tell us the results.

  5. #15
    Junior Member
    Join Date
    Oct 2004
    Posts
    20
    Hi Moissonite
    (and anyone else who knows what they are doing)

    I've taken you advice; downloaded and ran HijackThis.

    I'm posting my log file because though I've perused it, I cannot see anything in there that screams "I should not be here!" And so I am asking for some help in deteriming what is illegal and should be removed.

    Previously (to running HijackThis) I had downloaded and run Spybot and Adaware SE but I still could not access AltaVista.

    Here's my logfile. Let me know what you think.

    Logfile of HijackThis v1.98.2
    Scan saved at 7:19:49 AM, on 10/24/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Dell\AccessDirect\DadTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\Netscape\Netscape\Netscp.exe
    C:\Program Files\Hijack This\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brandeis.edu/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.library.brandeis.edu/cache.pac
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Carla Harris Pascal\Application Data\Mozilla\Profiles\default\sksbz8qx.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06642396...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094744860468
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    Not Applicable

  6. #16
    Junior Member
    Join Date
    Oct 2004
    Posts
    20
    Jeez Guys and Gals I am such a novice I did not even realize there was a second page counselling me against HijackThis. Anyhow, no harm done. All I did was run it. I have not changed a thing. Just posted my log. I am now going to read the rest of your advice and see if I can progress on that. Will let you know how I get on.

    Please note that I have repeatedly run Spybot and Adaware SE from Lavasoft. Must be a hundred times (or close) - and it has not helped my problem.
    Not Applicable

  7. #17
    Junior Member
    Join Date
    Oct 2004
    Posts
    20
    OK Folks

    I've downloaded and run the following to no avail. They found nothing expect Spybot keeps finding the 5 DSO Exploit thingies which I've read are no issue.
    Adaware
    Spybot
    Swatit
    CWShredder

    I also unistalled and reinstalled Norton and run it.
    It found nothing.

    I've run HijackThis and cannot say that I see anything dangerous (not that I would know), anyhow I posted my logfile to you for advice.

    No, I cannot access altavista from any site/direction/route, not even the last suggested possibility which was http://66.94.229.254


    I appear to be able to access all other sites except AltaVista.

    Time_Axe suggested that my ISP could have interfered with AltaVista's DNS entries. Though I do not quite understand what this means, I find that strange since I was originally able to access AltaVista using the very same ISP.

    Tim_Axe sent me some stuff to type to "ping" altavista. I am not clear as to what I must type in. (DOES IT START FROM?) C:\Documents
    (AND END AT?) C:\Documents and Settings\UserName>

    Do I type in all the stuff in between? Could I just copy and paste the text into the black box that Tim_Axe says should appear when I am going to ping this thing? (and thus avoid mistakes?)

    Just want you to know that it's really great to have the support even if I haven't solved the problem...yet. I almost threw the laptop through the window yesterday before subscribing to this forum.
    Thanx!
    Carla
    Not Applicable

  8. #18
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    This is all you have to type:
    If the output is something like this, then you have DNS issues. Just contact your ISP and tell them your problem.
    C:\Documents and Settings\cgkanchi> ping www.altavista.com
    Ping request could not find host www.altavista.com. Please check the name and try again.
    Otherwise, if it's something like this, you have other issues.
    C:\Documents and Settings\cgkanchi>ping altavista.com

    Pinging altavista.com [66.218.71.198] with 32 bytes of data:

    Reply from 66.218.71.198: bytes=32 time=317ms TTL=240
    Reply from 66.218.71.198: bytes=32 time=317ms TTL=240
    Reply from 66.218.71.198: bytes=32 time=316ms TTL=240
    Reply from 66.218.71.198: bytes=32 time=315ms TTL=239

    Ping statistics for 66.218.71.198:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 315ms, Maximum = 317ms, Average = 316ms
    Also, could you just post the contents of your C:\Windows\System32\drivers\etc\hosts file (just open it in notepad and copy/paste it here), that's one possibility that hasn't been checked.
    Cheers,
    cgkanchi

    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #19
    Junior Member
    Join Date
    Oct 2004
    Posts
    20
    Hey Cgkanchi

    Thanx! I've 'pinged'.
    The result was this and I guess it means that my ping was not successful.

    Pinging avatw.search.yahoo2.akadns.net [216.155.220.155] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 216.155.200.155:
    Packers: Sent = 4, Received = 0, Lost = 4 (100% loss)

    So, I guess we're into one of those other issues you referred to.
    As suggested, I've also posted the contents of my C:\Windows\System32\drivers\etc\hosts file
    Comments?

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    Not Applicable

  10. #20
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    hmmmm whats the avatw.search.yahoo2.akadns.net all about?

    thought it was altavista you were trying to connect to not all the web?

    v_Ln

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides