April 4th, 2010, 05:58 AM
Browsers Cannot Access Any Website on Vista
Oh man... what an evening...
I've just spent 4 hours trying to get the browsers on a Vista machine to access the Internet - to no avail. I finally had the client back up her data and left her to do an HP System Recovery. (that's how I roll - - I'm going back tomorrow to check up)
Here's the deal - she had previously had some malware or a virus that had removed her Norton System Security icon and was causing browser redirects. She managed to get rid of it using Spybot S&D and then Malwarebyte's. But days later she was unable to access the web. She has another computer on the network that has no problems.
Here are the things I tried:
Ran rkill, then Malwarebytes' Antimalware in Safe Mode with Networking which found nothing. Then I ran HijackThis and removed a couple of leftover malicious looking entries that had (file missing). Then I ran combofix - it took about 15 minutes, and it removed some things - I looked at the log, and it looked good to me.
I was still unable to access the web in Safe Mode with Networking or in Normal Mode. However, I had a router-assigned IP address, I could ping google.com, and my Malwarebyte's was able to download updates. It was also able to get Windows updates and she could check her email using Outlook. I ran SUPERAntispyware to see if Malwarebytes had missed anything, but it came back clean.
So I installed a new browser (Opera) - same results.
Then I uninstalled everything from Norton/Symantec (which took some work - I finally had to delete some registry entries that would allow me to delete the folder - the uninstaller would die at the last second - because it couldn't access the internet. )
I went to her network adapter properties, and uninstalled/reinstalled all of the connection items. No difference.
I downloaded and ran several fixes for winsock, lps, etc. And I entered the command prompt and did netsh winsock reset and several other commands I don't recollect ATM.
I checked the hosts file and related files. Nothing.
I reinstalled her wireless adapter. I tried a new wireless adapter, and I tried resetting the router. Nothing.
I ran CCleaner, disabled *everything* in startup via msconfig except Microsoft processes.
After four hours, I had to give in and go for the reinstall (what happened to my 45 minute rule!? )
Can any of you gurus think of something else I could have or should have tried?
Last edited by wiskic10_4; April 4th, 2010 at 06:58 AM.
April 4th, 2010, 11:50 AM
The redirecting sounds familiar to a certain malware that would create in the root directory of any drive or removable drive a folder called resycled
it would appear as
inside there would be
if you deleted it would respwawn upon reboot you had to go into the command prompt and change it's attrib settings then use the search feature to search for the files/folders and delete 'em that way.
also using combo fix afterwards would delete the remainder bits left around the system.
April 5th, 2010, 10:00 PM
I would imagine that installing Opera would have debunked this theory, but I have seen various malware add a registry entry that sets the proxy server of the computer to 127.0.0.1 and break internet connectivity. Just a thought.
April 5th, 2010, 10:37 PM
I know it had to have been something like that. But I completely uninstalled Firefox, then ran CCleaner to clean up any entries that might remain for the browser's configuration (and there were some). Then I rebooted and reinstalled Firefox, and still no dice. So that's when I installed Opera, but again, no intrawebz... so hell if I know...
I went back to finish the job yesterday, and the client was just tickled to death with her fresh reinstall, so I guess the problem is technically solved - she even gave me $20 just for driving over there on top of the $249 she's already had to pay to the company I'm contracting through (of which I get $100). I just wish that I could have found what the deal was.
Then again, a fresh reinstall is beneficial, since you clean out whatever crap the malware and other programs have left in the registry that CCleaner or similar programs aren't picking up on. The computer was running like a champ! So, mission accomplished I guess...
Thanks for the replies everyone.
April 6th, 2010, 12:53 AM
here's more detail about what i was trying to explain, i am curious if it was similar?
from the search string ./ resycled
By acidtone in forum AntiOnline's General Chit Chat
Last Post: March 26th, 2007, 04:33 PM
By Irongeek in forum The Security Tutorials Forum
Last Post: September 12th, 2006, 06:17 AM
By catch in forum The Security Tutorials Forum
Last Post: March 31st, 2005, 06:14 AM
By \/IP3R in forum AntiOnline's General Chit Chat
Last Post: March 7th, 2005, 09:25 PM
By th3spid3r in forum AntiOnline's General Chit Chat
Last Post: October 26th, 2003, 11:17 AM