Chuck -
Thanks for the advice.
After my post and before your reply, I did a system
restore (I had only installed it on 11/29 and hadn't put "work" on it.
I meant to restore it to pre-SP2, but the system restore instructions
are misleading.)
Anyway, the behavior I described did not return, so I'm foolishly happy
now.
I'm still curious as to what it was doing - 1) Reboot 2) Browse between
1 and 5 websites 3) next link goes to "can't display page" 4) can't
display any other pages 5) Reboot....
So the settings were viable. My only guess is
a hijacking. Any other ideas?
Len,
If a hijack of any type is at all a suspect, you should investigate. I can't
count the times that I idly considered a spyware problem in a diagnosis, mildly
suggested it, and with expert advice, a noticeable infection was identified at
one of the HijackThis interpretation forums.
Start by checking for LSP / Winsock corruption.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259
If XP SP2, Start - Run - "cmd". Type "netsh winsock reset catalog" into the
command window.
Give LSP-Fix <
http://www.cexx.org/lspfix.htm>, WinsockFix
<
http://www.tacktech.com/display.cfm?ttid=257>, or WinsockXPFix
<
http://www.spychecker.com/program/winsockxpfix.html> a shot.
If no help yet, reset TCP/IP.
http://support.microsoft.com/?id=299357
Start - Run - "cmd". Type "netsh int ip reset c:\netsh.txt" into the command
window.
Next check for, and learn to defend against, additional problems - adware,
crapware, spyware.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
CWShredder <
http://www.majorgeeks.com/download4086.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <
http://www.cexx.org/lspfix.htm>
WinsockXPFix <
http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
TrendMicro Engine <
http://www.trendmicro.com/download/dcs.asp>
TrendMicro Signatures <
http://www.trendmicro.com/download/pattern.asp>
TrendMicro Instructions <
http://www.trendmicro.com/ftp/products/tsc/readme.txt>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the two TrendMicro files,
such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, disable System Restore.
<
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
computer, and re enable System Restore.
Next, run AdAware. First update it, configure for full scan
(<
http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
<
http://forums.spywareinfo.com/index.php?showtopic=11150>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<
https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<
http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<
http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
How did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339