Still cant browse certain web sites

[Mark]

Hi,
ok so i posted a problem here about not being able to
browse certain websites that other people could browse.
Even though my netserver could browse them. And a
sugestion was made that it may be the Qhosts virus. So I
dl'ed the patch thingy and ran it and it found nothin. Any
other ideas?

Something i just noticed recently is that i could browse
the page www.quake.net.nz but not www.quake.net.nz/nql
(madness eh)

It says Opening page http://www.quake.net.nz/nql in the
status bar, but the page never loads. (hitting refresh
dont work)

Since it says Opening page in the status bar can i rule
out a DNS problem?

I also dont think its IE6 because Iv tied re-installing it
and i even tried Netscape but still no luck.

The server is running Zonealarm Pro, but I still cant
browse web sites when i turn it off. Could Zonealarm be
affecting it even though its closed?

Im sure if i re-installed the server OS the prob would go
away because i had the same problem when it was running
2K, then i upgraded it to XP pro and the prob went away,
now its coming back! (and slowly gettin worse)
But surely theres something i can do without a re-install.

Any help is greatly apprectiated.

 

[Guest]

Yep, Zone Alarm can still be blocking some ports even
after you have shut it down. To really be sure that it's
not Zone Alarm causing your problems, the computer should
be restarted without Zone Alarm running.

I'm not very confident that this will solve your problems
though. Have you tried changing your security settings and
the like?

 

[Guest]

i tried starting up with Zonealarm Pro disabled on
startup, but that didnt work. All my security settings in
IE6 are exactly the same as my flatmates PC and he has no
problems browsing web pages.

 

[Chuck]

Hi,
ok so i posted a problem here about not being able to
browse certain websites that other people could browse.
Even though my netserver could browse them. And a
sugestion was made that it may be the Qhosts virus. So I
dl'ed the patch thingy and ran it and it found nothin. Any
other ideas?

Something i just noticed recently is that i could browse
the page www.quake.net.nz but not www.quake.net.nz/nql
(madness eh)

It says Opening page http://www.quake.net.nz/nql in the
status bar, but the page never loads. (hitting refresh
dont work)

Since it says Opening page in the status bar can i rule
out a DNS problem?

Mark,

Try browsing http://202.27.219.162/nql and let us know what happens.
Also, ping www.quake.net.nz then 202.27.219.162 and let us know what
happens.

Did you search all of C:\, including hidden and system folders, for
"hosts" ? What patch thingy did you run and found nuthin?

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Mark,

Try browsing http://202.27.219.162/nql and let us know what happens.
Also, ping www.quake.net.nz then 202.27.219.162 and let us know what
happens.

Did you search all of C:\, including hidden and system

folders, for

"hosts" ? What patch thingy did you run and found nuthin?

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
.
ok, when i try to browse http://202.27.219.162/nql i got

This page cannt be displayed.

When i try to ping quake.net.nz i get Unknown host.

When i ping 202.27.219.162 i get Request timed out.

I used this removal tool but it found nothing
http://securityresponse.symantec.com/avcenter/venc/data/tro
jan.qhosts.removal.tool.html

 

[Chuck]

This page cannt be displayed.

When i try to ping quake.net.nz i get Unknown host.

When i ping 202.27.219.162 i get Request timed out.

I used this removal tool but it found nothing
http://securityresponse.symantec.com/avcenter/venc/data/tro
jan.qhosts.removal.tool.html

Mark,

OK, there is a difference between www.quake.net.nz and quake.net.nz -
the first resolves to 202.27.219.162, the second resolves to nothing.
Try pinging "www.quake.net.nz".

I can get an ip address for www.quake.net.nz. I can browse the
website. I can't ping it successfully - it looks to be behind a
firewall and is blocking ping packets. Not a surprising setup for a
server.

Note too that "www.quake.net.nz" is an alias for
"mars.linuxsystems.net.nz".

This is what I'm getting from my pings:

-----------------------------------------------------------------------

C:\Documents and Settings\XXX>ping quake.net.nz
Ping request could not find host quake.net.nz. Please check the name
and try again.

C:\Documents and Settings\XXX>ping www.quake.net.nz

Pinging mars.linuxsystems.net.nz [202.27.219.162] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 202.27.219.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

-----------------------------------------------------------------------

I'm also being told by VisualRoute:
Report for www.quake.net.nz [202.27.219.162]

Analysis: Connections to HTTP port 80 on host 'www.quake.net.nz'
[mars.linuxsystems.net.nz] are working, but ICMP packets are being
blocked past network "Subnetted for customers of" at hop 16. It is a
HTTP server (running Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
mod_ssl/2.8.9 OpenSSL/0.9.6g mod_perl/1.26).

-----------------------------------------------------------------------

You say other folks can browse this website. Please be specific. Are
these other folks on your subnet? Can they ping this website? Can
they browse the website when you can't? Can you get an output from
"ipconfig /all" from somebody's computer that works properly, and one
from your server, and compare the two? Maybe post them here?

Are there other websites with similar problems? Other websites with
no problems?

Did you do a complete search of your hard drive, including all hidden
and system folders, for "hosts"? I've heard from others who have
reported your symptoms, the Symantec tool finds no "Qhosts infection",
but they do find extra hosts files causing the problem.

I'm intrigued by your earlier statement about the problem having gone
away, returned, and now getting worse. You said the problem went away
when you "upgraded it to XP pro". Did you reinstall anything or clear
or delete any files when you upgraded the OS?

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Mark,

OK, there is a difference between www.quake.net.nz and quake.net.nz -
the first resolves to 202.27.219.162, the second resolves to nothing.
Try pinging "www.quake.net.nz".

I can get an ip address for www.quake.net.nz. I can browse the
website. I can't ping it successfully - it looks to be behind a
firewall and is blocking ping packets. Not a surprising setup for a
server.

Note too that "www.quake.net.nz" is an alias for
"mars.linuxsystems.net.nz".

This is what I'm getting from my pings:

---------------------------------------------------------- -------------

C:\Documents and Settings\XXX>ping quake.net.nz
Ping request could not find host quake.net.nz. Please check the name
and try again.

C:\Documents and Settings\XXX>ping www.quake.net.nz

Pinging mars.linuxsystems.net.nz [202.27.219.162] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 202.27.219.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

---------------------------------------------------------- -------------

I'm also being told by VisualRoute:
Report for www.quake.net.nz [202.27.219.162]

Analysis: Connections to HTTP port 80 on host 'www.quake.net.nz'
[mars.linuxsystems.net.nz] are working, but ICMP packets are being
blocked past network "Subnetted for customers of" at hop 16. It is a
HTTP server (running Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2
mod_ssl/2.8.9 OpenSSL/0.9.6g mod_perl/1.26).

---------------------------------------------------------- -------------

You say other folks can browse this website. Please be specific. Are
these other folks on your subnet? Can they ping this website? Can
they browse the website when you can't? Can you get an output from
"ipconfig /all" from somebody's computer that works properly, and one
from your server, and compare the two? Maybe post them here?

Are there other websites with similar problems? Other websites with
no problems?

Did you do a complete search of your hard drive, including all hidden
and system folders, for "hosts"? I've heard from others who have
reported your symptoms, the Symantec tool finds no "Qhosts infection",
but they do find extra hosts files causing the problem.

I'm intrigued by your earlier statement about the problem having gone
away, returned, and now getting worse. You said the problem went away
when you "upgraded it to XP pro". Did you reinstall anything or clear
or delete any files when you upgraded the OS?

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
.

Hi, ok so when i ping www.quake.net.nz i get Request times
out.

One of my flatmates which is on the same local network as
me can browse pages without a problem, also our netserver
can browse pages without a problem. Its just myself and
one other flatmate.

Some other pages that wont load for me are
http://www.indyracingleague.com/indycar/
http://www.esreality.com/

Yeh we used to have the same problem when the server was
running 2000pro. Then i upgraded it to XP pro and the
problem went away. The server harddrive was formatted
during installation. The only programs that the server
runs are things like adaware, norton 03, zonealarm, spybot

Heres some more info that may help

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

D:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : cypher
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139
(A) PCI Fast Ethernet
Adapter #2
Physical Address. . . . . . . . . : 00-05-1C-03-B9-
CE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.42
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 203.96.91.1
192.168.0.1

D:\Documents and Settings\Administrator>ping
www.quake.net.nz

Pinging mars.linuxsystems.net.nz [202.27.219.162] with 32
bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 202.27.219.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

D:\Documents and Settings\Administrator>ping
indyracingleague.com

Pinging indyracingleague.com [206.53.239.149] with 32
bytes of data:

Request timed out.
Reply from 206.53.239.149: bytes=32 time=211ms TTL=111
Request timed out.
Request timed out.

Ping statistics for 206.53.239.149:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 211ms, Maximum = 211ms, Average = 52ms

D:\Documents and Settings\Administrator>ping
indyracingleague.com/indycar
Unknown host indyracingleague.com/indycar.

 

[Chuck]

I also did a full scan for "hosts" on my pc and found a
couple of files which i deleted.

Mark,

That's possible Qhosts or another DNS hijack. Did you retest after
deleting those files? Any chance of getting those files back, so you
can look in them and see if anything interesting like familiar
websites with funky ip addresses?

I'm going to check out the details above and post back on that in a
bit.

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Chuck]

Hi, ok so when i ping www.quake.net.nz i get Request times
out.

SNIP<

Some other pages that wont load for me are
http://www.indyracingleague.com/indycar/
http://www.esreality.com/

SNIP<
D:\Documents and Settings\Administrator>ping
www.quake.net.nz

Pinging mars.linuxsystems.net.nz [202.27.219.162] with 32
bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 202.27.219.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

D:\Documents and Settings\Administrator>ping
indyracingleague.com

Pinging indyracingleague.com [206.53.239.149] with 32
bytes of data:

Request timed out.
Reply from 206.53.239.149: bytes=32 time=211ms TTL=111
Request timed out.
Request timed out.

Ping statistics for 206.53.239.149:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 211ms, Maximum = 211ms, Average = 52ms

D:\Documents and Settings\Administrator>ping
indyracingleague.com/indycar
Unknown host indyracingleague.com/indycar.

Well Mark,

OK, it doesn't look like a DNS hijack. At least, the ip addresses for
the 3 examples you've provided resolve properly.

www.quake.net.nz - New Zealand
www.indyracingleague.com - Indiana, USA
www.esreality.com - London, UK

Excepting your inability to browse the webpages, you're seeing the
same network problems, for those hosts, as I am.

I can get web pages for all 3. I can ping indyracingleague OK, the
other two appear to be behind a firewall or router (per VisualRoute),
but the traceroutes for the latter two time out well before the
firewall / router. See below.

Where are you located? Your ip address (10.40.1.164) doesn't help me
a bit. You're nicely anonymous.

Right now, I'm thinking there's a marginal network problem that
affects you but not your flatmate. What differences are there between
you and your flatmate's computers?

Would be interesting if you did reformat and reload your OS, and see
if the problem went away.

Try tuning your computer. PCPitStop gives a useful evaluation.
http://www.pcpitstop.com/default.asp

Cheers,

Chuck

C:\>ping www.quake.net.nz

Pinging mars.linuxsystems.net.nz [202.27.219.162] with 32 bytes of
data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 202.27.219.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>ping www.indyracingleague.com

Pinging www.indyracingleague.com [206.53.239.149] with 32 bytes of
data:

Reply from 206.53.239.149: bytes=32 time=122ms TTL=116
Reply from 206.53.239.149: bytes=32 time=127ms TTL=116
Reply from 206.53.239.149: bytes=32 time=122ms TTL=116
Reply from 206.53.239.149: bytes=32 time=121ms TTL=116

Ping statistics for 206.53.239.149:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 121ms, Maximum = 127ms, Average = 123ms

C:\>ping www.esreality.com

Pinging www.esreality.com [213.221.172.77] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 213.221.172.77:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


C:\>tracert www.quake.net.nz

Tracing route to mars.linuxsystems.net.nz [202.27.219.162]
over a maximum of 30 hops:

1 73 ms 71 ms 71 ms adsl-209-204-141-1.sonic.net
[209.204.141.1]
2 69 ms 69 ms 69 ms fast1-0-0.border.sr.sonic.net
[208.201.224.194]
3 74 ms 75 ms 80 ms fast0-0.gw.equinix-sj.sonic.net
[64.142.0.14]
4 85 ms 80 ms 84 ms bpr1-t3-7-2-0.SanJoseEquinix.cw.net
[208.173.54.45]
5 80 ms 77 ms 80 ms dcr1-so-4-3-0.SantaClara.cw.net
[208.173.54.66]
6 87 ms 86 ms 84 ms bpr1-as0-0.PaloAltoPaix.cw.net
[208.172.147.62]
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

C:\>tracert www.indyracingleague.com

Tracing route to www.indyracingleague.com [206.53.239.149]
over a maximum of 30 hops:

1 69 ms 73 ms 74 ms adsl-209-204-141-1.sonic.net
[209.204.141.1]
2 71 ms 73 ms 70 ms fast1-0-0.border.sr.sonic.net
[208.201.224.194]
3 72 ms 67 ms 71 ms fast4-1-0.border2.sr.sonic.net
[64.142.0.26]
4 68 ms 73 ms 71 ms serial1-0.gw.focal-sf.sonic.net
[64.142.0.2]
5 81 ms 73 ms 73 ms 500.Serial2-11.GW3.SFO4.ALTER.NET
[157.130.203.233]
6 76 ms 78 ms 75 ms 129.ATM2-0.XR2.SFO4.ALTER.NET
[152.63.51.126]
7 74 ms 71 ms 73 ms 0.so-0-0-0.XL2.SFO4.ALTER.NET
[152.63.55.69]
8 77 ms 78 ms 76 ms 0.so-4-0-0.TL2.SCL2.ALTER.NET
[152.63.1.61]
9 116 ms 120 ms 120 ms 0.so-6-0-0.TL2.CHI2.ALTER.NET
[152.63.13.22]
10 125 ms 123 ms 128 ms 0.so-7-0-0.CL2.IND6.ALTER.NET
[152.63.69.113]
11 122 ms 128 ms 128 ms 190.ATM7-0.GW5.IND1.ALTER.NET
[152.63.68.245]
12 131 ms 128 ms 125 ms iquest-gw1oc.customer.alter.net
[65.195.244.174]
13 127 ms 132 ms 128 ms www.indyracingleague.com
[206.53.239.149]

Trace complete.

C:\>tracert www.esreality.com

Tracing route to www.esreality.com [213.221.172.77]
over a maximum of 30 hops:

1 72 ms 75 ms 75 ms adsl-209-204-141-1.sonic.net
[209.204.141.1]
2 74 ms 69 ms 69 ms fast1-0-0.border.sr.sonic.net
[208.201.224.194]
3 81 ms 80 ms 73 ms fast0-0.gw.equinix-sj.sonic.net
[64.142.0.14]
4 84 ms 77 ms 73 ms bpr1-t3-7-2-0.SanJoseEquinix.cw.net
[208.173.54.45]
5 78 ms 84 ms 82 ms dcr1-so-4-3-0.SantaClara.cw.net
[208.173.54.66]
6 82 ms 80 ms 80 ms bpr1-as0-0.PaloAltoPaix.cw.net
[208.172.147.62]
7 79 ms 80 ms 82 ms
cable-and-wireless-peering.PaloAltoPaix.cw.net [206.
8 79 ms 85 ms 80 ms so-6-1-0.mpr4.sjc2.us.above.net
[209.249.0.126]
9 155 ms 158 ms 151 ms so-5-1-0.cr2.dca2.us.above.net
[64.125.30.165]
10 152 ms 152 ms 156 ms so-6-0-0.cr2.iad1.us.above.net
[208.184.233.130]
11 159 ms 160 ms 158 ms so-2-0-0.cr2.lga1.us.above.net
[208.184.233.66]
12 * 283 ms 258 ms so-6-0-0.cr2.lhr3.uk.above.net
[64.125.31.181]
13 263 ms 262 ms 256 ms pos3-0.mpr2.lhr1.uk.above.net
[208.185.156.1]
14 262 ms 260 ms 258 ms pos0-0.mpr1.lhr1.uk.above.net
[208.185.156.13]
15 254 ms 260 ms 249 ms 213.161.78.194
16 272 ms 271 ms 271 ms ge1-1.he2.uk.as21099.net
[213.221.179.115]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.