×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

IE8 will not connect to any site after cleanup

IE8 will not connect to any site after cleanup

IE8 will not connect to any site after cleanup

(OP)
This is a continuation from this thread: thread779-1587231: Can't boot, plus boot menu lockup, here is what I have done so far:

Machine would not boot in normal mode (hung before login screen) and would not boot in Safe Mode (rebooted after MUP.SYS). Goombawahoo assisted me, and I got the machine booting again. Ran multiple scans (MalwareBytes and Super Antispyware) until I got clean scans, checked Hijackthis logs and all was clean. Except I had a search engine redirector going on (all links from Google or Bing redirected).

Since the machine had IE6, I decided to upgrade to IE8 (probably a mistake to upgrade at this point, but it's done). Now, when I load IE8, it never connects to a page (says "Connecting...", but never connects, never gives up either). Internet connection is fine, I can ping by IP and by domain name, just cannot browse anywhere in IE. Tried resetting settings, still nothing.

I ran GMER, and it pointed to suspicious activity in "atapi.sys" (just like this post: thread760-1587515: Still seeing Antivirus Live after ComboFix!!!). So I ran ComboFix, and it found and cleaned a rootkit, and replaced atapi.sys. This fixed the "Safe Mode" reboot problem, so now I can boot in safe mode. But I STILL cannot get IE8 to connect to any web site.

I tried "netsh winsock reset". I tried SFC /SCANNOW. Still no help. Any ideas on how to proceed?

RE: IE8 will not connect to any site after cleanup

Are you able to ping external sites from your PC?  If so, that will at least narrow down whether it's the connection, or specifically a browser issue.

I wonder if you could still find the Install Executable for IE8 in Windows Temp files, and reinstall it... especially since you apparently did still have some sort of infection on the machine before the install... it apparently murked up the install.

Another option - after all, you've spent this much time already, just wipe the drive with Active KillDisk or DBAN, reinstall Windows, and start over from scratch - to be sure all malware gone for certain, AND any/all such bugs/issues.

I'm thinking of this last option, b/c if the malware was so bad, then who knows what else it could have messed up.  You might try to do something for the first time, say a month down the road, and find a new issue.

--

"If to err is human, then I must be some kind of human!" -Me

RE: IE8 will not connect to any site after cleanup

(OP)
kjv1611,
Well, yeah, at some point I will cut my losses and reformat/reinstall... but I seem so close smile

Yes, I can ping by IP address, and I can ping by domain name.

RE: IE8 will not connect to any site after cleanup

I would download (from another PC if necessary) and run Winsock XP Fix.  It resets your IP stack and then you reboot, then things usually work.

http://www.snapfiles.com/get/winsockxpfix.html

Check your hosts file for anything weird.

Tell us whether you can ping the following from a CMD prompt:
127.0.0.1
your router ip address
www.google.com

RE: IE8 will not connect to any site after cleanup

(OP)
goombawaho,

Thanks for that... To answer your questions, the machine could always ping the router IP, any other IP, and any domain name like google.com. Hosts was clean. I hadn't tried the utility you pointed to, but I did try "netsh winsock reset" to no avail.

This machine is just whacked. This morning, I uninstalled Superantispyware, and at the end it opens a web page on its website... and it opened in IE! If I browsed to sites that had an html in the name (like http://www.superantispyware.com/index.html), the site would open in IE. But sites like http://www.superantispyware.com or http://www.google.com would NOT open. Then, I logged into the user's profile (I had been doing all this work in a separate profile I created), and noticed that Task Manager was disabled, their desktop icons didn't show up... so, basically was still hosed. Then I ran ComboFix again in safe mode in this user account, and now everything seems okay (including IE working fine for all sites).

The user wants their machine back, but I am going to advise that if anything seems wacky that they really need a clean install. This virus/rootkit is just particular nasty, and it looks like you have been fighting something similar. One step forward, two steps back :(

RE: IE8 will not connect to any site after cleanup

Thanks for the detailed followup, guitarzan.

--

"If to err is human, then I must be some kind of human!" -Me

RE: IE8 will not connect to any site after cleanup

(OP)
kjv1611, I could write a book on just this one machine alone smile

RE: IE8 will not connect to any site after cleanup

Did you check the hosts file?  I just found one today that had almost all the search engine sites listed in it as 127.0.0.1.

If you were using HJT, click on "other tools" and see if you can open and check the hosts file.  If you find a long list of cr*p, reset it.

If you already did this, apologies -- I try not to make assumptions....

Brian

RE: IE8 will not connect to any site after cleanup

(OP)
ronin77: The computer is back with the owner, so far so good... I'm pretty sure I had checked the hosts file, and the only entry was "127.0.0.1 localhost".  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close