On my laptop, I cannot access any of these microsoft newsgroups - it just
comes back with "sorry, the page you requested is not available"

I can access them from another computer sharing the same internet connection
(cable modem and router) so I know it's not the sites themselves that are
having problems.

If I do a ping to "support.microsoft.com", the name is resolved to the IP
address but ping times out.

All other websites (so far) I can access just fine, even other Microsoft
pages - just newsgroups that fail.

Any thoughts?

On Fri, 22 Oct 2004 10:55:03 -0700, adrian916
<(E-Mail Removed)> wrote:

>On my laptop, I cannot access any of these microsoft newsgroups - it just
>comes back with "sorry, the page you requested is not available"
>
>I can access them from another computer sharing the same internet connection
>(cable modem and router) so I know it's not the sites themselves that are
>having problems.
>
>If I do a ping to "support.microsoft.com", the name is resolved to the IP
>address but ping times out.
>
>All other websites (so far) I can access just fine, even other Microsoft
>pages - just newsgroups that fail.
>
>Any thoughts?

Adrian,

Do you perchance have PPPoE service?
http://www.dslreports.com/tweaks/MTU
http://www.annoyances.org/exec/show/article04-107
http://www.mynetwatchman.com/kb/adsl/pppoemtu.htm
http://www.netheaven.com/pmtulist.html <== Microsoft.com reference

Microsoft (and other sites) does protect their servers by blocking pings, so
ping may not be the best diagnostic in this case. I too get:

C:\>ping support.microsoft.com

Pinging support.microsoft.akadns.net [207.46.248.248] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.248.248:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

What IP address are you getting for support.microsoft.com? Are there any other
websites that give problems?

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Thanks Chuck for the information and the informative links (I understand MTU
a little better now) Unfortunately, this did not solve the problem as I can
get replies from an MTU of 1500. All other websites are fine.

HOWEVER! interestingly, looking at your post, you were getting
support.microsoft.com to resolve to the IP 207.46.248.248. I was getting
207.46.196.46 (another valid address )

when i tried to view the newsgroups, I was getting "the page you requested
is unavailable", but if I change the support.microsoft.com part of the
address in the address bar to any of the IP addresses (and leave all the
subdirectories etc intact) then i can find/display the newsgroups

(i.e
http://support.microsoft.com/newsgro....network...etc won't work,
but,
http://217.46.196.46/newsgroups/news....network...etc, will!)

It seems to be something to do with DNS, though I'm not sure what, as
nslookup or ping can resolve the addresses and I have cleared the local
temporary files and run ipcong / flushdns to remove any potentially stale
records on my machine.

If you have any other thoughts on what is happening to the DNS, I'd be
grateful, but at least now I know how to get into the newsgroups whilst the
problem exists!

Thanks again for your input

Adrian
"Chuck" wrote:

> On Fri, 22 Oct 2004 10:55:03 -0700, adrian916
> <(E-Mail Removed)> wrote:
>
> >On my laptop, I cannot access any of these microsoft newsgroups - it just
> >comes back with "sorry, the page you requested is not available"
> >
> >I can access them from another computer sharing the same internet connection
> >(cable modem and router) so I know it's not the sites themselves that are
> >having problems.
> >
> >If I do a ping to "support.microsoft.com", the name is resolved to the IP
> >address but ping times out.
> >
> >All other websites (so far) I can access just fine, even other Microsoft
> >pages - just newsgroups that fail.
> >
> >Any thoughts?
>
> Adrian,
>
> Do you perchance have PPPoE service?
> http://www.dslreports.com/tweaks/MTU
> http://www.annoyances.org/exec/show/article04-107
> http://www.mynetwatchman.com/kb/adsl/pppoemtu.htm
> http://www.netheaven.com/pmtulist.html <== Microsoft.com reference
>
> Microsoft (and other sites) does protect their servers by blocking pings, so
> ping may not be the best diagnostic in this case. I too get:
>
> C:\>ping support.microsoft.com
>
> Pinging support.microsoft.akadns.net [207.46.248.248] with 32 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
>
> Ping statistics for 207.46.248.248:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
>
> What IP address are you getting for support.microsoft.com? Are there any other
> websites that give problems?
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
>

On Sun, 24 Oct 2004 04:23:01 -0700, adrian916
<(E-Mail Removed)> wrote:

>Thanks Chuck for the information and the informative links (I understand MTU
>a little better now) Unfortunately, this did not solve the problem as I can
>get replies from an MTU of 1500. All other websites are fine.
>
>HOWEVER! interestingly, looking at your post, you were getting
>support.microsoft.com to resolve to the IP 207.46.248.248. I was getting
>207.46.196.46 (another valid address )
>
>when i tried to view the newsgroups, I was getting "the page you requested
>is unavailable", but if I change the support.microsoft.com part of the
>address in the address bar to any of the IP addresses (and leave all the
>subdirectories etc intact) then i can find/display the newsgroups
>
>(i.e
>http://support.microsoft.com/newsgro....network...etc won't work,
>but,
>http://217.46.196.46/newsgroups/news....network...etc, will!)
>
>It seems to be something to do with DNS, though I'm not sure what, as
>nslookup or ping can resolve the addresses and I have cleared the local
>temporary files and run ipcong / flushdns to remove any potentially stale
>records on my machine.
>
>If you have any other thoughts on what is happening to the DNS, I'd be
>grateful, but at least now I know how to get into the newsgroups whilst the
>problem exists!
>
>Thanks again for your input
>
>Adrian

Adrian,

I believe "support.microsoft.akadns.net" is a Microsoft server using Akamai
(edge delivery) for DNS resolution. Which makes the fact that we get different
ip addresses normal.

If you continue to get problems with your DNS, you might want to investigate a
bit.

DNS resolution is affected by the LSP / Winsock subsystem.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259

Give LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>, or WinsockFix
<http://www.tacktech.com/display.cfm?ttid=257> a shot.

If XP SP2, Start - Run - "cmd". Type "netsh winsock reset catalog" into the
command window.

If no help yet, reset TCP/IP.
http://support.microsoft.com/?id=299357

Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
window.

Consider a DNS hijack. Microsoft has been targeted in the past, and your
symptoms are consistent with this.

Search your entire system drive, including hidden and system folders, for file
"hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\ (for
Windows NT/2000/XP, for instance). The others are possibly bogus, and part (but
just part) of the problem.

Examine the contents of each copy of "hosts" found, using Notepad. Scroll to the
end of each Hosts file, by hitting Ctrl-End, then back up to the top, page by
page, before deciding that any "hosts" file is empty. Look out for blank lines
at the beginning and end of the file, after localhost, placed there by an
exploit!

How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware, CWShredder, and Spybot S&D have install
routines - run them. The other downloaded programs can be copied into, and run
from, any convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.

Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then
scan. When scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://forums.spywareinfo.com/index.php?showtopic=11150>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.

How did I get infected in the first place?
http://forums.net-integration.net/in...showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Thanks again for a timely and comprehensive reply.
Certainly my antivirus, adaware and firewall are up to date and have just
finished installing SP2.
I'll run through all your other suggestions one by one when I return to work.

Many thanks

Adrian

"Chuck" wrote:

> On Sun, 24 Oct 2004 04:23:01 -0700, adrian916
> <(E-Mail Removed)> wrote:
>
> >Thanks Chuck for the information and the informative links (I understand MTU
> >a little better now) Unfortunately, this did not solve the problem as I can
> >get replies from an MTU of 1500. All other websites are fine.
> >
> >HOWEVER! interestingly, looking at your post, you were getting
> >support.microsoft.com to resolve to the IP 207.46.248.248. I was getting
> >207.46.196.46 (another valid address )
> >
> >when i tried to view the newsgroups, I was getting "the page you requested
> >is unavailable", but if I change the support.microsoft.com part of the
> >address in the address bar to any of the IP addresses (and leave all the
> >subdirectories etc intact) then i can find/display the newsgroups
> >
> >(i.e
> >http://support.microsoft.com/newsgro....network...etc won't work,
> >but,
> >http://217.46.196.46/newsgroups/news....network...etc, will!)
> >
> >It seems to be something to do with DNS, though I'm not sure what, as
> >nslookup or ping can resolve the addresses and I have cleared the local
> >temporary files and run ipcong / flushdns to remove any potentially stale
> >records on my machine.
> >
> >If you have any other thoughts on what is happening to the DNS, I'd be
> >grateful, but at least now I know how to get into the newsgroups whilst the
> >problem exists!
> >
> >Thanks again for your input
> >
> >Adrian
>
> Adrian,
>
> I believe "support.microsoft.akadns.net" is a Microsoft server using Akamai
> (edge delivery) for DNS resolution. Which makes the fact that we get different
> ip addresses normal.
>
> If you continue to get problems with your DNS, you might want to investigate a
> bit.
>
> DNS resolution is affected by the LSP / Winsock subsystem.
> http://support.microsoft.com/?id=318584
> http://support.microsoft.com/?id=811259
>
> Give LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>, or WinsockFix
> <http://www.tacktech.com/display.cfm?ttid=257> a shot.
>
> If XP SP2, Start - Run - "cmd". Type "netsh winsock reset catalog" into the
> command window.
>
> If no help yet, reset TCP/IP.
> http://support.microsoft.com/?id=299357
>
> Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
> window.
>
> Consider a DNS hijack. Microsoft has been targeted in the past, and your
> symptoms are consistent with this.
>
> Search your entire system drive, including hidden and system folders, for file
> "hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\ (for
> Windows NT/2000/XP, for instance). The others are possibly bogus, and part (but
> just part) of the problem.
>
> Examine the contents of each copy of "hosts" found, using Notepad. Scroll to the
> end of each Hosts file, by hitting Ctrl-End, then back up to the top, page by
> page, before deciding that any "hosts" file is empty. Look out for blank lines
> at the beginning and end of the file, after localhost, placed there by an
> exploit!
>
> How current is your virus protection? Try one or more of these free online
> virus scans, which should complement your current protection:
> <http://www.bitdefender.com/scan/license.php>
> <http://www.pandasoftware.com/activescan>
> <http://www.ravantivirus.com/scan/>
> <http://security.symantec.com/ssc/home.asp>
> <http://housecall.trendmicro.com/housecall/start_corp.asp>
>
> Now check for, and learn to defend against, additional problems - adware,
> crapware, spyware.
>
> Start by downloading each of the following additional free tools:
> AdAware <http://www.lavasoftusa.com/>
> CWShredder <http://www.majorgeeks.com/download4086.html>
> HijackThis <http://www.majorgeeks.com/download.php?det=3155>
> Spybot S&D <http://www.safer-networking.org/index.php?page=download>
> Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
>
> Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> downloaded file there. AdAware, CWShredder, and Spybot S&D have install
> routines - run them. The other downloaded programs can be copied into, and run
> from, any convenient folder.
>
> First, run Stinger. Have it remove any problems found.
>
> Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
> it fix all problems found.
>
> Next, run AdAware. First update it ("Check for updates now"), configure for
> full scan (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then
> scan. When scanning finishes, remove all Critical Objects found.
>
> Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
> ("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
> that is displayed in Red.
>
> Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
> HJT Log.
> <http://forums.spywareinfo.com/index.php?showtopic=227>
> <http://forums.spywareinfo.com/index.php?showtopic=11150>
>
> Finally, have your HJT log interpreted by experts at one or more of the
> following security forums (and please post a link to your forum posts, here):
> Aumha: <http://forum.aumha.org/index.php>
> Net-Integration: <http://forums.net-integration.net/>
> Spyware Info: <http://forums.spywareinfo.com/>
> Spyware Warrior: <http://spywarewarrior.com/index.php>
> Tom Coyote: <http://forums.tomcoyote.org/>
>
> If removal of any spyware affects your ability to access the internet (some
> spyware builds itself into the network software, and its removal may damage your
> network), run LSP-Fix and / or WinsockXPFIx.
>
> Finally, improve your chances for the future.
>
> Harden your browser. There are various websites which will check for
> vulnerabilities, here are three which I use.
> http://www.jasons-toolbox.com/BrowserSecurity/
> http://bcheck.scanit.be/bcheck/
> https://testzone.secunia.com/browser_checker/
>
> Block Internet Explorer ActiveX scripting from hostile websites (Restricted
> Zone).
> <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
>
> Block known dangerous scripts from installing.
> <http://www.javacoolsoftware.com/spywareblaster.html>
>
> Block known spyware from installing.
> <http://www.javacoolsoftware.com/spywareguard.html>
>
> Make sure that the spyware detection / protection products that you use are
> reliable:
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Harden your operating system. Check at least monthly for security updates.
> http://windowsupdate.microsoft.com/
>
> Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
> use:
> http://www.accs-net.com/hosts/get_hosts.html
> http://www.mvps.org/winhelp2002/hosts.htm
> (The third is included, and updated, with Spybot (see above)).
>
> Maintain your Hosts file (merge / eliminate duplicate entries) with:
> eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> Hostess <http://accs-net.com/hostess/>
>
> Secure your operating system, and applications. Don't use, or leave activated,
> any accounts with names or passwords with trivial (guessable) values. Don't use
> an account with administrative authority, except when you're intentionally doing
> administrative tasks.
>
> Use common sense. Yours. Don't install software based upon advice from unknown
> sources. Don't install free software, without researching it carefully. Don't
> open email unless you know who it's from, and how and why it was sent.
>
> Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
> various web pages that discuss security problems. Check the logs from the
> security products that you use regularly, look for things that don't belong, and
> take action when necessary.
>
> How did I get infected in the first place?
> http://forums.net-integration.net/in...showtopic=3051
> Essential tips for infection prevention
> http://forums.spywareinfo.com/index.php?showtopic=24339
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
>

link to posting in forums for Hijack this log:
http://forums.spywareinfo.com/index.php?showtopic=32493

"adrian916" wrote:

> Thanks again for a timely and comprehensive reply.
> Certainly my antivirus, adaware and firewall are up to date and have just
> finished installing SP2.
> I'll run through all your other suggestions one by one when I return to work.
>
> Many thanks
>
> Adrian
>
> "Chuck" wrote:
>
> > On Sun, 24 Oct 2004 04:23:01 -0700, adrian916
> > <(E-Mail Removed)> wrote:
> >
> > >Thanks Chuck for the information and the informative links (I understand MTU
> > >a little better now) Unfortunately, this did not solve the problem as I can
> > >get replies from an MTU of 1500. All other websites are fine.
> > >
> > >HOWEVER! interestingly, looking at your post, you were getting
> > >support.microsoft.com to resolve to the IP 207.46.248.248. I was getting
> > >207.46.196.46 (another valid address )
> > >
> > >when i tried to view the newsgroups, I was getting "the page you requested
> > >is unavailable", but if I change the support.microsoft.com part of the
> > >address in the address bar to any of the IP addresses (and leave all the
> > >subdirectories etc intact) then i can find/display the newsgroups
> > >
> > >(i.e
> > >http://support.microsoft.com/newsgro....network...etc won't work,
> > >but,
> > >http://217.46.196.46/newsgroups/news....network...etc, will!)
> > >
> > >It seems to be something to do with DNS, though I'm not sure what, as
> > >nslookup or ping can resolve the addresses and I have cleared the local
> > >temporary files and run ipcong / flushdns to remove any potentially stale
> > >records on my machine.
> > >
> > >If you have any other thoughts on what is happening to the DNS, I'd be
> > >grateful, but at least now I know how to get into the newsgroups whilst the
> > >problem exists!
> > >
> > >Thanks again for your input
> > >
> > >Adrian
> >
> > Adrian,
> >
> > I believe "support.microsoft.akadns.net" is a Microsoft server using Akamai
> > (edge delivery) for DNS resolution. Which makes the fact that we get different
> > ip addresses normal.
> >
> > If you continue to get problems with your DNS, you might want to investigate a
> > bit.
> >
> > DNS resolution is affected by the LSP / Winsock subsystem.
> > http://support.microsoft.com/?id=318584
> > http://support.microsoft.com/?id=811259
> >
> > Give LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>, or WinsockFix
> > <http://www.tacktech.com/display.cfm?ttid=257> a shot.
> >
> > If XP SP2, Start - Run - "cmd". Type "netsh winsock reset catalog" into the
> > command window.
> >
> > If no help yet, reset TCP/IP.
> > http://support.microsoft.com/?id=299357
> >
> > Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
> > window.
> >
> > Consider a DNS hijack. Microsoft has been targeted in the past, and your
> > symptoms are consistent with this.
> >
> > Search your entire system drive, including hidden and system folders, for file
> > "hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\ (for
> > Windows NT/2000/XP, for instance). The others are possibly bogus, and part (but
> > just part) of the problem.
> >
> > Examine the contents of each copy of "hosts" found, using Notepad. Scroll to the
> > end of each Hosts file, by hitting Ctrl-End, then back up to the top, page by
> > page, before deciding that any "hosts" file is empty. Look out for blank lines
> > at the beginning and end of the file, after localhost, placed there by an
> > exploit!
> >
> > How current is your virus protection? Try one or more of these free online
> > virus scans, which should complement your current protection:
> > <http://www.bitdefender.com/scan/license.php>
> > <http://www.pandasoftware.com/activescan>
> > <http://www.ravantivirus.com/scan/>
> > <http://security.symantec.com/ssc/home.asp>
> > <http://housecall.trendmicro.com/housecall/start_corp.asp>
> >
> > Now check for, and learn to defend against, additional problems - adware,
> > crapware, spyware.
> >
> > Start by downloading each of the following additional free tools:
> > AdAware <http://www.lavasoftusa.com/>
> > CWShredder <http://www.majorgeeks.com/download4086.html>
> > HijackThis <http://www.majorgeeks.com/download.php?det=3155>
> > Spybot S&D <http://www.safer-networking.org/index.php?page=download>
> > Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
> >
> > Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> > downloaded file there. AdAware, CWShredder, and Spybot S&D have install
> > routines - run them. The other downloaded programs can be copied into, and run
> > from, any convenient folder.
> >
> > First, run Stinger. Have it remove any problems found.
> >
> > Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
> > it fix all problems found.
> >
> > Next, run AdAware. First update it ("Check for updates now"), configure for
> > full scan (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then
> > scan. When scanning finishes, remove all Critical Objects found.
> >
> > Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
> > ("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
> > that is displayed in Red.
> >
> > Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
> > HJT Log.
> > <http://forums.spywareinfo.com/index.php?showtopic=227>
> > <http://forums.spywareinfo.com/index.php?showtopic=11150>
> >
> > Finally, have your HJT log interpreted by experts at one or more of the
> > following security forums (and please post a link to your forum posts, here):
> > Aumha: <http://forum.aumha.org/index.php>
> > Net-Integration: <http://forums.net-integration.net/>
> > Spyware Info: <http://forums.spywareinfo.com/>
> > Spyware Warrior: <http://spywarewarrior.com/index.php>
> > Tom Coyote: <http://forums.tomcoyote.org/>
> >
> > If removal of any spyware affects your ability to access the internet (some
> > spyware builds itself into the network software, and its removal may damage your
> > network), run LSP-Fix and / or WinsockXPFIx.
> >
> > Finally, improve your chances for the future.
> >
> > Harden your browser. There are various websites which will check for
> > vulnerabilities, here are three which I use.
> > http://www.jasons-toolbox.com/BrowserSecurity/
> > http://bcheck.scanit.be/bcheck/
> > https://testzone.secunia.com/browser_checker/
> >
> > Block Internet Explorer ActiveX scripting from hostile websites (Restricted
> > Zone).
> > <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
> >
> > Block known dangerous scripts from installing.
> > <http://www.javacoolsoftware.com/spywareblaster.html>
> >
> > Block known spyware from installing.
> > <http://www.javacoolsoftware.com/spywareguard.html>
> >
> > Make sure that the spyware detection / protection products that you use are
> > reliable:
> > http://www.spywarewarrior.com/rogue_anti-spyware.htm
> >
> > Harden your operating system. Check at least monthly for security updates.
> > http://windowsupdate.microsoft.com/
> >
> > Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
> > use:
> > http://www.accs-net.com/hosts/get_hosts.html
> > http://www.mvps.org/winhelp2002/hosts.htm
> > (The third is included, and updated, with Spybot (see above)).
> >
> > Maintain your Hosts file (merge / eliminate duplicate entries) with:
> > eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> > Hostess <http://accs-net.com/hostess/>
> >
> > Secure your operating system, and applications. Don't use, or leave activated,
> > any accounts with names or passwords with trivial (guessable) values. Don't use
> > an account with administrative authority, except when you're intentionally doing
> > administrative tasks.
> >
> > Use common sense. Yours. Don't install software based upon advice from unknown
> > sources. Don't install free software, without researching it carefully. Don't
> > open email unless you know who it's from, and how and why it was sent.
> >
> > Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
> > various web pages that discuss security problems. Check the logs from the
> > security products that you use regularly, look for things that don't belong, and
> > take action when necessary.
> >
> > How did I get infected in the first place?
> > http://forums.net-integration.net/in...showtopic=3051
> > Essential tips for infection prevention
> > http://forums.spywareinfo.com/index.php?showtopic=24339
> >
> > Cheers,
> > Chuck
> > Paranoia comes from experience - and is not necessarily a bad thing.
> >

On Mon, 25 Oct 2004 08:03:03 -0700, adrian916
<(E-Mail Removed)> wrote:

>link to posting in forums for Hijack this log:
>http://forums.spywareinfo.com/index.php?showtopic=32493

Adrian,

Thanks for the link. I checked out your HJT log, and it is reasonably clean.

You might want to read the various pinned topics (at the top) in the Malware
forum, as you wait for a response. The SWI Forum is becoming impressively
organised as a help center - they have procedural documentation, a queuing
process for help, and a training and certification process for their helpers.
http://forums.spywareinfo.com/index.php?showforum=18

Anyway, what I spotted:

You have traces of the AdvancedToolbar <http://www.advancedsearchbar.com> (which
is listed as Open to Debate as to legitimacy, by SysInfo):
O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} -
C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL

You have an ActiveX control from Netster, which is blocked by SpywareBlaster:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/184467c80e78675...p/RdxIE601.cab

You can disable AdvancedToolbar, if it's not something you intentionally
installed, using BHODemon (reversible process):
http://www.definitivesolutions.com/bhodemon.htm

You should definitely remove Netster. SpywareBlaster is widely trusted for
protection, and, if SWB has an object in its nono database, get rid of it.
<http://www.javacoolsoftware.com/spywareblaster.html> (for future protection)

How to use HJT to remove Netster (and ATB if appropriate):
http://members.aol.com/jrmc137/Tutorial/

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.