Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access certain websites: possible infection?


  • This topic is locked This topic is locked
3 replies to this topic

#1 commonwealths

commonwealths

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 29 March 2014 - 08:50 AM

Hello all,

 

I am using Windows 7 Ultimate, 64-bit. It is using SP1 and is fully updated with Windows Update. This is a desktop with a wired connection to a Linksys E1200 router, which is in turn connected to an Arris cable modem.

 

Recently I have been not able to access certain websites in normal boot.

 

The symptom is: I boot the system, attempt to access these websites; the websites load partially (clearly missing the bottom portions); when I hit Refresh, error messages are displayed and I can no longer see anything.

 

All three browsers on my machine bahave the same. Firefox shows "The connection was reset"; Chrome shows "No data received"; IE shows "This page cannot be displayed".

 

 

I suspect this is an infection of sorts, because:

 

1. I am able to access these websites correctly when I boot into Safe Mode with Networking;

 

2. My Android tablet, using my WLAN connection, can access these websites correctly;

 

3. I have verified my hosts file. It holds no entries except for localhost;

 

4. I have verified my DNS servers. I changed them to Google's public DNS (the famous 8.8.8.8); ipconfig -all correctly shows this DNS; I have used ipconfig -flushdns; yet I am still unable to access these websites;

 

5. ping to these websites correctly return packets with a delay of about 35 ms and a TTL of around 55-57; tracert to these websites ends correctly at the same IP address as the ping;

 

6. I have verified that the system is not connecting using a proxy, to the best of my knowledge. I checked both inetcpl.cpl and Ethernet adapter configuration;

 

7. All of my friends can access these websites correctly. They are not on my LAN.

 

 

Steps I have taken (in no particular order):

 

1. I reinstalled Java (Java 7 update 51) because I initially suspected that this is a network sockets problem. Reinstalling Java did not do anything;

 

2. I performed a boot-time full scan with the lastest edition of Avast Free; it returned nothing bad;

 

3. I performed both quick-scan and full-scan with the latest edition of Malwarebytes; it returned nothing bad;

 

4. I performed scans using rkill, TDSSkiller and RogueKiller; they returned nothing bad;

 

5. I performed scans with ComboFix and this is where it gets funny: After the ComboFix run, I am able to access those websites correctly until the next boot. Which is to say, I run ComboFix, then I browse these websites correctly; I restart the system and I am no longer able to browse them correctly;

 

6. I then suspected this to be some sort of MBR virus; I used multiple tools to check the MBR and they all correctly return Windows 7 MBR code.

 

7. I attempted to perform System Restore to a date known to me when I still could correctly access these sites; System Restore returned error 0xc0000022. I performed sfc -scannow and it did not find any violations. System Restore still does not work and still returns error 0xc0000022;

 

8. The only changes I made to my system (that I know of) in the last few days were that I downloaded games through Steam and I installed Dropbox. I have removed Dropbox; the problem persists.

 

 

One of my friends, who holds two CCNA certificates and one CCNP certificate, has absolutely no idea what could be causing this.

 

I am ready to follow expert instructions to the letter.

 

Thank you all very much for your help!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 02 April 2014 - 11:09 AM

Hello, having run ComboFix we now need to see that and a DDS log in a new topic.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 commonwealths

commonwealths
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 03 April 2014 - 08:29 AM

Hello, having run ComboFix we now need to see that and a DDS log in a new topic.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.

I have created a new topic in the Virus board. Thank you.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 03 April 2014 - 09:50 AM

You're welcome ! http://www.bleepingcomputer.com/forums/t/529742/cannot-access-certain-websites-logs-inside/#entry3332273

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users