Some of our users have been getting the "Access to resource 'xyz' has been
disallowed" error message when they type in just 'xyz' in the address bar of
IE without the http.

If they type in "http://xyz" instead, the URL is parsed correctly without
any problems. I looked through the Microsoft Knowledge Base and the only tech
note that discusses a similar error message doesn't seem to apply in our
case. (We're running IE 6.0.2900.2180 on Win XP Professional.)

Our users cannot change their settings in IE, so it's odd that some users
see this problem and some don't. We've been unable to consistently reproduce
this problem across all our users' machines.

Any ideas as to why we might be seeing this problem?

There is a very good chance are that you are seeing the affects of a
hijackware infection. Note that if all these computers are on a network and
just one of them is infected, the infection could rapidly spread to all
other machines. If you don't remove all machines from the network and make
sure every single one of them is clean before reconnecting them to the
network, you'll be back to Square One within seconds!

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

2. Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe
Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/...moving_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Popeye wrote:
> Some of our users have been getting the "Access to resource 'xyz' has been
> disallowed" error message when they type in just 'xyz' in the address bar
> of
> IE without the http.
>
> If they type in "http://xyz" instead, the URL is parsed correctly without
> any problems. I looked through the Microsoft Knowledge Base and the only
> tech note that discusses a similar error message doesn't seem to apply in
> our case. (We're running IE 6.0.2900.2180 on Win XP Professional.)
>
> Our users cannot change their settings in IE, so it's odd that some users
> see this problem and some don't. We've been unable to consistently
> reproduce
> this problem across all our users' machines.
>
> Any ideas as to why we might be seeing this problem?

Thanks a lot; this is most helpful. I'll ask our admins to take a look at the
affected machines to see what we find.

If it is the result of a hijackware infection, is it likely to manifest
itself only when the users try to access certain sites? For instance, if the
affected users type in just "google" in the address bar, they are redirected
to Windows Live Search for "google". They only see the "Access to resource
has been disallowed" with a couple of URLs.

"PA Bear [MS MVP]" wrote:

> There is a very good chance are that you are seeing the affects of a
> hijackware infection. Note that if all these computers are on a network and
> just one of them is infected, the infection could rapidly spread to all
> other machines. If you don't remove all machines from the network and make
> sure every single one of them is clean before reconnecting them to the
> network, you'll be back to Square One within seconds!

[To keep track of things, it helps immensely if you include all of previous
message(s) in your replies to the newsgroup. Thank you.]

> If it is the result of a hijackware infection, is it likely to manifest
> itself only when the users try to access certain sites?

No! If a hijackware infection is the cause, the Operating System (Windows)
is infected, not IE.

Popeye wrote:
> Thanks a lot; this is most helpful. I'll ask our admins to take a look at
> the affected machines to see what we find.
>
> If it is the result of a hijackware infection, is it likely to manifest
> itself only when the users try to access certain sites? For instance, if
> the
> affected users type in just "google" in the address bar, they are
> redirected
> to Windows Live Search for "google". They only see the "Access to resource
> has been disallowed" with a couple of URLs.
>
> "PA Bear [MS MVP]" wrote:
>> There is a very good chance are that you are seeing the affects of a
>> hijackware infection. Note that if all these computers are on a network
>> and just one of them is infected, the infection could rapidly spread to
>> all
>> other machines. If you don't remove all machines from the network and
>> make
>> sure every single one of them is clean before reconnecting them to the
>> network, you'll be back to Square One within seconds!
<paste>
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/ma...e/default.mspx
>
> 2. Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe
> Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 3. Run a /thorough/ check for hijackware, including posting the requested
> logs in an appropriate forum, not here.
>
> Checking for/Help with Hijackware
> http://aumha.net/viewtopic.php?f=30&t=4075
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://www.elephantboycomputers.com/...moving_Malware
>
> **Seek expert assistance in
> http://spywarehammer.com/simplemachi...php?board=10.0,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
>
> If the procedures look too complex - and there is no shame in admitting
> this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>
> Popeye wrote:
>> Some of our users have been getting the "Access to resource 'xyz' has
>> been
>> disallowed" error message when they type in just 'xyz' in the address bar
>> of
>> IE without the http.
>>
>> If they type in "http://xyz" instead, the URL is parsed correctly without
>> any problems. I looked through the Microsoft Knowledge Base and the only
>> tech note that discusses a similar error message doesn't seem to apply in
>> our case. (We're running IE 6.0.2900.2180 on Win XP Professional.)
>>
>> Our users cannot change their settings in IE, so it's odd that some users
>> see this problem and some don't. We've been unable to consistently
>> reproduce
>> this problem across all our users' machines.
>>
>> Any ideas as to why we might be seeing this problem?