Problems accessing some websites after trojan clean-up

Windows XP Home, SP3

Some time ago I received help from Bleeping Computer in cleaning up my computer after infection with Google Redirect.

Since then many websites fail to load completely, with the 'twirler' (sorry, don't know what else to call it!) continuing to rotate.

Some sites are totally inaccessible, for example PayPal and the UK National Theatre < http://www.nationaltheatre.org.uk/ >

The problem seems to be connected in some way with Javascript since experimentation has enabled me to load some sites by turning that off. For example pages such as < http://broadwayworld.com/article/Photo_Flash_First_Look_at_THE_WIZARD_OF_OZ_in_London_20110225 > show only the main heading and side menus but turning off Javascript and refreshing reveals the full content.

Firefox is my browser of choice but the problem also occurs with IE. I tried re-installing both - no improvement. I even downloaded Chrome which had not been on the computer before but that will not load the 'problem' sites either.

Any helpful suggestions as to what is going on, please?

Can you go to start then run and type in cmd hit enter.

In the big black box that comes up type in ipconfig /all hit enter and copy and paste the output to your next post.

Hi cryptodan, hadn't expected such a speedy reply !!

I can't work out how to copy and paste the contents of the cmd window. Right click and Copy is greyed out. Click 'Select all' and the text is highlighted but any other mouse click and it's deselected again.

I have to go out and visit friends soon, so must apologise if I am unable to reply again until tomorrow (on UK time)

Then do this in the same big black box type in:

ipconfig /all >> c:\ipconfig.txt

Open up the text file by going to the c drive.

Using notepad hit ctrl+c then use ctrl+v in your next post.

OK, that works !

Windows IP Configuration

Host Name . . . . . . . . . . . . : riscube

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-01-80-5D-57-51

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 26 February 2011 18:17:16

Lease Expires . . . . . . . . . . : 26 February 2011 19:17:16

Do the folloiwng now or when you get back from Singapore:

ping google.com >> c:\ping_google.txt

ping 72.14.204.103 >> c:\ping_72.14.204.103.txt

paste the contents of the files.

Singapore !!?? I'll only be a mile or so from home but must leave soon.

Do I type those commands into Start, Run as before? Tried that and no text files appeared on the C drive.

Sorry... not used to the inner workings of Windows - just realised what you wanted me to do!


Files here:

Pinging google.com [74.125.230.147] with 32 bytes of data:


Reply from 74.125.230.147: bytes=32 time=28ms TTL=54
Reply from 74.125.230.147: bytes=32 time=28ms TTL=54
Reply from 74.125.230.147: bytes=32 time=28ms TTL=54
Reply from 74.125.230.147: bytes=32 time=27ms TTL=54

Ping statistics for 74.125.230.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 28ms, Average = 27ms




Pinging 72.14.204.103 with 32 bytes of data:

Reply from 72.14.204.103: bytes=32 time=104ms TTL=55
Reply from 72.14.204.103: bytes=32 time=104ms TTL=55
Reply from 72.14.204.103: bytes=32 time=103ms TTL=55
Reply from 72.14.204.103: bytes=32 time=104ms TTL=55

Ping statistics for 72.14.204.103:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 104ms, Average = 103ms

Many thanks for your help so far but must leave it there until tomorrow morning UK time.
.

Edited by Ramblin'_Boy, 26 February 2011 - 02:07 PM.

You can resolve names and vice versa so your DNS Settings are correct. Can you go to Internet Options in Control Panel and take a look at thje Proxy Settings under the Connection Tab and the LAN Settings.

Hello again

You can resolve names and vice versa so your DNS Settings are correct.

Sorry, I don't understand what you mean by 'resolve names' or 'DNS settings'. Are you saying the settings are incorrect?

Can you go to Internet Options in Control Panel and take a look at the Proxy Settings under the Connection Tab and the LAN Settings.

I don't use a proxy server. Under 'LAN Settings', 'Automatically detect settings' and 'Use automatic configuration script' are both unselected.

Yes the settings are correct.

Reboot your router or modem and see if that makes a difference.

Yes the settings are correct.

Reboot your router or modem and see if that makes a difference.

Not absolutely sure how to do that unless you mean simply turning it off and on again which I have tried many times. However I doubt if the problem lies with the router as I had the same difficulties when using a simple modem supplied by my ISP.

As mentioned in my first post the problem does seem to be related in some way to the handling of Javascript. As an example, I can access the home page of < http://www.eBay.co.uk > OK but if I try to 'Sign In' nothing happens except that the 'page loading' icon keeps rotating with the green bar (in Firefox) showing just 2 blocks. *BUT* I discovered that I can sign in using the following process:
* Turn off Javascript
* Click 'Sign In' - the Sign In page doesn't load.
* Click 'stop page loading' - the 'Sign In' page appears in text form.
* My User ID and password are already inserted so click 'Sign In'
* The next page will not load until I click 'stop page loading' again.
* I can then turn Javascript back on and use the site as normal.

I know nothing at all about the internal working of the operating system but is it possible that something relating to handling of Javascript is messed up in the Registry or elsewhere? See my description in the first post of what happens with the BroadwayWorld website. The same thing occurs with many newspaper sites, too - it is necessary to turn off Javascript for the full contents to load.

If it is simply a Java issue I would try this and if that didn't work I would uninstall-reinstall java.

Can you access other HTTPS Sites?

There is a difference between Java Script and Java Programming Language. Java Script can be ran without installation of Java. Jave Applets like on Facebook and stuff cannot be ran until you install Java Plugin from the link provided in post 13.

If it is simply a Java issue I would try this and if that didn't work I would uninstall-reinstall java.

Before I deal with your question in post #14, I removed the old version of Java and installed latest. While the new version of Java was installing I had an alert from Spywareguard -

WARNING! A BHO (Browser Help Object) has been added!

The following has been added to your system:
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
ProgID: n/a
File Location: n/a

I've never had this sort of alert before.
Option to Remove or Keep - what is it and what action should I take, please?

The Spywareguard window is still on my screen.