Cannot access some web sites

G

Guest

I can no longer access certain websites that i have been able to access in
the past. Sites i cannot access are a mix of home pages and onward links
from home pages, which are themselves a mix of secure and non-secure links. I
always get the same "The page cannot be displayed" error message.
I am running XP Home Edition, with IE2 SP2 and have four user accounts set
up. Every account has exactly the same issue. I have Notron Firewall and
Antivirus software running on my PC since 'day one' and have not changed its
settings since.
I have seen other discussion threads with similar issues, and tried all the
following without success as a result:
1. Scanned my PC for viruses with latest versions of Spybot, Ad-aware, MS
Anti spyware, and Norton. No problems found.
2. checked LMHosts file (keep it set to 'read only')
3. Deleted all cookies, TIFs, history etc. for all 4 accounts
4. Downloaded latest MS Add On Manager
5. Disabled all Add Ons
6. Run ipconfig /flushdns
7. Returned to earlier system restore points

All with no success what so ever. Would appreciate an advice on what else to
try.
 
D

Don Varnau

Hi,
Some possibilities:

It sounds like perhaps you didn't find the "real" HOSTS file:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad. If
there are entries you wish to disable, you can put the pound sign (#) in
front an entry to disable it. Then File> Save. Or you can rename the HOSTS
file to HOSTS.OLD to disable it.
More on the HOSTS file at http://mvps.org/winhelp2002/hosts.htm and
http://www.accs-net.com/hosts/

Enable the Windows firewall and disable the Norton firewall. See if that
helps.
See:
http://www.symantec.com/techsupp/nis/nis_2004_info_solve.html
http://www.symantec.com/techsupp/nis/nis_2005_info_solve.html
Or start here http://www.symantec.com/techsupp/consumer.html

Disable Norton AV temporarily. Any change?

Many of the steps in this article will be worth a try:
870700 - How to troubleshoot problems accessing secure Web pages with IE 6
[XP] SP2: http://support.microsoft.com/default.aspx?scid=kb;en-us;870700

Delete the Temporary Internet Files *folder* for a couple of these accounts.
See if that helps.
You should be able to delete another user's TIF folder from an administrator
login from Windows Explorer. http://mvps.org/winhelp2002/delcache.htm

You may have malware that the programs didn't find. Start at
http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Be patient. It's a busy forum.

HijackThis logs are also analyzed at these (and other) forums:
http://castlecops.com/forums.html
http://tomcoyote.com/forums/
http://www.bleepingcomputer.com/forums/
http://forums.spywareinfo.com/

Hope this helps,
Don
[MS MVP- IE/OE]



"Paul W" wrote in message
 
G

Guest

Don,
thanks for the feedback. No joy so far. I have gone through each step you
suggested:
Host file renamed to .old
Turned off Norton firewall
Turned off Norton AV
Deleted temp files etc in all accounts
Followed instructions at the MS website you supplied (covered each step
including sfc / scannow, etc)
Followed the 'quick fix' instructions at 'aumha' web site. No parasites
found in the prechecks.
To be safe i am now creating a hostlog for the 'aumha' discussion group to
validate, but its looking unlikely to be malware.

Any other ideas in the meantime are welcome. I'm going mad with this!



Don Varnau said:
Hi,
Some possibilities:

It sounds like perhaps you didn't find the "real" HOSTS file:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad. If
there are entries you wish to disable, you can put the pound sign (#) in
front an entry to disable it. Then File> Save. Or you can rename the HOSTS
file to HOSTS.OLD to disable it.
More on the HOSTS file at http://mvps.org/winhelp2002/hosts.htm and
http://www.accs-net.com/hosts/

Enable the Windows firewall and disable the Norton firewall. See if that
helps.
See:
http://www.symantec.com/techsupp/nis/nis_2004_info_solve.html
http://www.symantec.com/techsupp/nis/nis_2005_info_solve.html
Or start here http://www.symantec.com/techsupp/consumer.html

Disable Norton AV temporarily. Any change?

Many of the steps in this article will be worth a try:
870700 - How to troubleshoot problems accessing secure Web pages with IE 6
[XP] SP2: http://support.microsoft.com/default.aspx?scid=kb;en-us;870700

Delete the Temporary Internet Files *folder* for a couple of these accounts.
See if that helps.
You should be able to delete another user's TIF folder from an administrator
login from Windows Explorer. http://mvps.org/winhelp2002/delcache.htm

You may have malware that the programs didn't find. Start at
http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Be patient. It's a busy forum.

HijackThis logs are also analyzed at these (and other) forums:
http://castlecops.com/forums.html
http://tomcoyote.com/forums/
http://www.bleepingcomputer.com/forums/
http://forums.spywareinfo.com/

Hope this helps,
Don
[MS MVP- IE/OE]



"Paul W" wrote in message
I can no longer access certain websites that i have been able to access in
the past. Sites i cannot access are a mix of home pages and onward links
from home pages, which are themselves a mix of secure and non-secure links. I
always get the same "The page cannot be displayed" error message.
I am running XP Home Edition, with IE2 SP2 and have four user accounts set
up. Every account has exactly the same issue. I have Notron Firewall and
Antivirus software running on my PC since 'day one' and have not changed its
settings since.
I have seen other discussion threads with similar issues, and tried all the
following without success as a result:
1. Scanned my PC for viruses with latest versions of Spybot, Ad-aware, MS
Anti spyware, and Norton. No problems found.
2. checked LMHosts file (keep it set to 'read only')
3. Deleted all cookies, TIFs, history etc. for all 4 accounts
4. Downloaded latest MS Add On Manager
5. Disabled all Add Ons
6. Run ipconfig /flushdns
7. Returned to earlier system restore points

All with no success what so ever. Would appreciate an advice on what else to
try.
Click to expand...
Click to expand...
 
D

Don Varnau

Hi,
You might look over http://inetexplorer.mvps.org/answers/16.html to see if
there's anything else to try.

Have you tried creating a new user account?

Try deleting the Temporary Internet Files *folder* and History *folder* for
one or two user accounts. You can delete the TIF and History folder of
another user from an Administrator login

Especially if connecting via cable or DSL, has everything (modem, router,
computer) been shut down for at least 5 minutes at some point?

Winsock corruption *should be* all or nothing. But you might try this:
Log on as an administrator.
From Start> Run, type cmd, and then click OK.
At the command prompt, type the following, and then press ENTER:
netsh Winsock reset

Next, try this winsock repair tool:
WinsockXPFix http://www.iup.edu/house/resnet/winfix.shtm

Hope this helps,
Don
[MS MVP- IE/OE]


"Paul W" wrote in message
Don,
thanks for the feedback. No joy so far. I have gone through each step you
suggested:
Host file renamed to .old
Turned off Norton firewall
Turned off Norton AV
Deleted temp files etc in all accounts
Followed instructions at the MS website you supplied (covered each step
including sfc / scannow, etc)
Followed the 'quick fix' instructions at 'aumha' web site. No parasites
found in the prechecks.
To be safe i am now creating a hostlog for the 'aumha' discussion group to
validate, but its looking unlikely to be malware.

Any other ideas in the meantime are welcome. I'm going mad with this!
Click to expand...
Don Varnau said:
Hi,
Some possibilities:

It sounds like perhaps you didn't find the "real" HOSTS file:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad. If
there are entries you wish to disable, you can put the pound sign (#) in
front an entry to disable it. Then File> Save. Or you can rename the HOSTS
file to HOSTS.OLD to disable it.
More on the HOSTS file at http://mvps.org/winhelp2002/hosts.htm and
http://www.accs-net.com/hosts/

Enable the Windows firewall and disable the Norton firewall. See if that
helps.
See:
http://www.symantec.com/techsupp/nis/nis_2004_info_solve.html
http://www.symantec.com/techsupp/nis/nis_2005_info_solve.html
Or start here http://www.symantec.com/techsupp/consumer.html

Disable Norton AV temporarily. Any change?

Many of the steps in this article will be worth a try:
870700 - How to troubleshoot problems accessing secure Web pages with IE 6
[XP] SP2: http://support.microsoft.com/default.aspx?scid=kb;en-us;870700

Delete the Temporary Internet Files *folder* for a couple of these accounts.
See if that helps.
You should be able to delete another user's TIF folder from an administrator
login from Windows Explorer. http://mvps.org/winhelp2002/delcache.htm

You may have malware that the programs didn't find. Start at
http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Be patient. It's a busy forum.

HijackThis logs are also analyzed at these (and other) forums:
http://castlecops.com/forums.html
http://tomcoyote.com/forums/
http://www.bleepingcomputer.com/forums/
http://forums.spywareinfo.com/

"Paul W" wrote in message
I can no longer access certain websites that i have been able to access in
the past. Sites i cannot access are a mix of home pages and onward links
from home pages, which are themselves a mix of secure and non-secure links. I
always get the same "The page cannot be displayed" error message.
I am running XP Home Edition, with IE2 SP2 and have four user accounts set
up. Every account has exactly the same issue. I have Notron Firewall and
Antivirus software running on my PC since 'day one' and have not
Click to expand...
changed
its
settings since.
I have seen other discussion threads with similar issues, and tried
Click to expand...
all
the
following without success as a result:
1. Scanned my PC for viruses with latest versions of Spybot, Ad-aware, MS
Anti spyware, and Norton. No problems found.
2. checked LMHosts file (keep it set to 'read only')
3. Deleted all cookies, TIFs, history etc. for all 4 accounts
4. Downloaded latest MS Add On Manager
5. Disabled all Add Ons
6. Run ipconfig /flushdns
7. Returned to earlier system restore points

All with no success what so ever. Would appreciate an advice on what else
to try.
Click to expand...
Click to expand...
Click to expand...
 
R

Robert Aldwinckle

....
Don Varnau said:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad.
Click to expand...
Click to expand...
Don,
thanks for the feedback. No joy so far. I have gone through each step you
suggested:
Host file renamed to .old
Click to expand...

In fact, for completeness you could check if a HOSTS file is still being used
and if that is where it was really being read from. (An old Trojan called QHOSTS
taught us how HOSTS can be copied and used from an obscure directory.)

E.g. open a cmd window and enter:

ipconfig /displaydns >displaydns.txt
notepad displaydns.txt

What do you see? If you still see localhost in there
here is an excerpt from a previous reply which could help you find
where it is coming from:

<excerpt>
To find the location of your HOSTS file (if there is one) enter:

netsh diag show adapter /v | find /i "DatabasePath"


The path for your HOSTS file is usually
<example>
DatabasePath = %SystemRoot%\System32\drivers\etc
</example>

However, certain malware is known to change this
So be certain that you find and edit the correct file.


HTH

Robert Aldwinckle
 
G

Guest

Robert,
I am not sure i understood your instructions fully. Would appreciate if you
can help clarify. Steps i took:

1. Ran> ipconfig /displaydns >displaydns.txt
notepad displaydns.txt
Click to expand...
There was no 'local host' reference in the file. Is this correct?

2. Ran> netsh diag show adapter /v | find /i "DatabasePath"

Retruned> DatabasePath = %SystemRoot%\System32\drivers\etc
This is correct?


Robert Aldwinckle said:
....
Don Varnau said:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad.
Click to expand...
Click to expand...
Don,
thanks for the feedback. No joy so far. I have gone through each step you
suggested:
Host file renamed to .old
Click to expand...

In fact, for completeness you could check if a HOSTS file is still being used
and if that is where it was really being read from. (An old Trojan called QHOSTS
taught us how HOSTS can be copied and used from an obscure directory.)

E.g. open a cmd window and enter:

ipconfig /displaydns >displaydns.txt
notepad displaydns.txt

What do you see? If you still see localhost in there
here is an excerpt from a previous reply which could help you find
where it is coming from:

<excerpt>
To find the location of your HOSTS file (if there is one) enter:

netsh diag show adapter /v | find /i "DatabasePath"


The path for your HOSTS file is usually
<example>
DatabasePath = %SystemRoot%\System32\drivers\etc
</example>

However, certain malware is known to change this
So be certain that you find and edit the correct file.


HTH

Robert Aldwinckle
Click to expand...
 
G

Guest

Don,
Thanks. Tried the 6 steps suggested. Still no success, incluidng creating a
new account. It has exactly the same issues as the existing accounts. Are you
aware of any trace files i can check or utilities that might provide a trace
file?. Its the only thing i can think of to try and understand what is going
wrong.

Don Varnau said:
Hi,
You might look over http://inetexplorer.mvps.org/answers/16.html to see if
there's anything else to try.

Have you tried creating a new user account?

Try deleting the Temporary Internet Files *folder* and History *folder* for
one or two user accounts. You can delete the TIF and History folder of
another user from an Administrator login

Especially if connecting via cable or DSL, has everything (modem, router,
computer) been shut down for at least 5 minutes at some point?

Winsock corruption *should be* all or nothing. But you might try this:
Log on as an administrator.
From Start> Run, type cmd, and then click OK.
At the command prompt, type the following, and then press ENTER:
netsh Winsock reset

Next, try this winsock repair tool:
WinsockXPFix http://www.iup.edu/house/resnet/winfix.shtm

Hope this helps,
Don
[MS MVP- IE/OE]


"Paul W" wrote in message
Don,
thanks for the feedback. No joy so far. I have gone through each step you
suggested:
Host file renamed to .old
Turned off Norton firewall
Turned off Norton AV
Deleted temp files etc in all accounts
Followed instructions at the MS website you supplied (covered each step
including sfc / scannow, etc)
Followed the 'quick fix' instructions at 'aumha' web site. No parasites
found in the prechecks.
To be safe i am now creating a hostlog for the 'aumha' discussion group to
validate, but its looking unlikely to be malware.

Any other ideas in the meantime are welcome. I'm going mad with this!
Click to expand...
Don Varnau said:
Hi,
Some possibilities:

It sounds like perhaps you didn't find the "real" HOSTS file:
To check the HOSTS file in Windows XP...
Make sure that Windows is showing hidden files and is not hiding file
extensions for known file types then check for a HOSTS file at
[C:\Windows\System32\Drivers\etc] Open the HOSTS file with notepad. If
there are entries you wish to disable, you can put the pound sign (#) in
front an entry to disable it. Then File> Save. Or you can rename the HOSTS
file to HOSTS.OLD to disable it.
More on the HOSTS file at http://mvps.org/winhelp2002/hosts.htm and
http://www.accs-net.com/hosts/

Enable the Windows firewall and disable the Norton firewall. See if that
helps.
See:
http://www.symantec.com/techsupp/nis/nis_2004_info_solve.html
http://www.symantec.com/techsupp/nis/nis_2005_info_solve.html
Or start here http://www.symantec.com/techsupp/consumer.html

Disable Norton AV temporarily. Any change?

Many of the steps in this article will be worth a try:
870700 - How to troubleshoot problems accessing secure Web pages with IE 6
[XP] SP2: http://support.microsoft.com/default.aspx?scid=kb;en-us;870700

Delete the Temporary Internet Files *folder* for a couple of these accounts.
See if that helps.
You should be able to delete another user's TIF folder from an administrator
login from Windows Explorer. http://mvps.org/winhelp2002/delcache.htm

You may have malware that the programs didn't find. Start at
http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Be patient. It's a busy forum.

HijackThis logs are also analyzed at these (and other) forums:
http://castlecops.com/forums.html
http://tomcoyote.com/forums/
http://www.bleepingcomputer.com/forums/
http://forums.spywareinfo.com/

"Paul W" wrote in message
I can no longer access certain websites that i have been able to access in
the past. Sites i cannot access are a mix of home pages and onward links
from home pages, which are themselves a mix of secure and non-secure
links. I
always get the same "The page cannot be displayed" error message.
I am running XP Home Edition, with IE2 SP2 and have four user accounts set
up. Every account has exactly the same issue. I have Notron Firewall and
Antivirus software running on my PC since 'day one' and have not changed
its
settings since.
I have seen other discussion threads with similar issues, and tried all
the
following without success as a result:
1. Scanned my PC for viruses with latest versions of Spybot, Ad-aware, MS
Anti spyware, and Norton. No problems found.
2. checked LMHosts file (keep it set to 'read only')
3. Deleted all cookies, TIFs, history etc. for all 4 accounts
4. Downloaded latest MS Add On Manager
5. Disabled all Add Ons
6. Run ipconfig /flushdns
7. Returned to earlier system restore points

All with no success what so ever. Would appreciate an advice on what else
to try.
Click to expand...
Click to expand...
Click to expand...
 
R

Robert Aldwinckle

Paul W said:
Robert,
I am not sure i understood your instructions fully. Would appreciate if you
can help clarify. Steps i took:

1. Ran> ipconfig /displaydns >displaydns.txt
There was no 'local host' reference in the file. Is this correct?
Click to expand...

Except for the space you have put in localhost that is probably Ok.
The point is that if you still had a HOSTS file and if it had an entry
<example>
127.0.0.1 localhost
</example>

the displaydns would have a reference to it.

2. Ran> netsh diag show adapter /v | find /i "DatabasePath"

Retruned> DatabasePath = %SystemRoot%\System32\drivers\etc
This is correct?
Click to expand...

Yes. My understanding is that the QHosts Trojan (e.g.) could put one somewhere else
and make it the active one.


So we can conclude now that is more likely that you don't have an active HOSTS file
or if you do that it probably is in the normal location.


Robert
---
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot access non-secure web sites 2
Cannot access non-secure web sites 2
Unable to Access Some Web sites 9
Strange IE6 (SP1) behaviour for accessing some sites? 4
Cannot access any Microsoft pages or some secure sites 4
cannot access secure sites 3
cannot access secure sites 1
Can't access some web sites 3

Top