[TriLUG] what is blocking a website in winxp?
Shane Baker
revolutionkuros at gmail.com
Tue Apr 21 23:49:48 EDT 2009
James Jones wrote:
> Thanks to Neil for the log file suggestion and everyone for their
> thoughts -- I will try these suggestions tomorrow at the Lady's
> computer. If any other suggestions come to mind, please fire away!
>
> jcj
>
> On Tue, Apr 21, 2009 at 9:25 PM, Neil L. Little <nllittle at embarqmail.com> wrote:
>
>> You can also go to the system admin tools and take a look at the logs.
>> Most of the time winders (being the POS it is) never tells you any thing but
>> every once in a (great) while you get lucky.
>>
>> 73,
>> Neil,WA4AZL
>>
>> James Jones wrote:
>>
>>> Ooops,
>>>
>>> Trying to tabulate all the suggestions.
>>>
>>> Looks like tomorrow will be spent scanning for spyware.
>>>
>>> I will tabulate you suggestions and my comments in a better form later
>>> tonight.
>>>
>>> jcj
>>>
>>> On 4/21/09, James Jones <jc.jones at tuftux.com> wrote:
>>>
>>>
>>>> Source Suggestion result other comments
>>>> Glenn Hennessee is it spyware? still to determine ( std )
>>>> Glenn Hennessee Can you ping the site using her pc, I can ping the
>>>> site dns provides correct ip address for the website when pinging –
>>>> confirmed ip address by using dig on my linux laptop
>>>> Glenn Hennessee telnet to port 80 on the site std
>>>> Sean Leinart Any differences in the DNS Servers that either system is
>>>> using? std
>>>> Neil L. Little how about a different dns server like opendns or
>>>> 4.1.1.1 refer to above ping comments
>>>> Neil L. Little .NSLOOKUP
>>>> Carl Crider Have you checked the HOSTS file? confirmed that
>>>> hosts file
>>>> exists without any additions that may block any site Also searched
>>>> the
>>>> system for hidden hosts file
>>>> Carl Crider Clean the machine ASAP. I have done several norton scans
>>>> Suggestion
>>>>
>>>>
>>>>
>>>> On 4/21/09, Carl Crider <c.crider at gmail.com> wrote:
>>>> > "nslookup"
>>>> >
>>>> >
>>>> > On 4/21/09, Neil L. Little <nllittle at embarqmail.com> wrote:
>>>> > > I think you can query the DNS using...LOOKLNS from CMD on a winders
>>>> machine.
>>>> > > That might not be right. Its been a while.
>>>> > >
>>>> > > Carl Crider wrote:
>>>> > >> Have you checked the HOSTS file? Also check for a hidden copy of
>>>> it.
>>>> > >> Sounds like a case of xx_ware to me. I second looking at DNS on
>>>> the
>>>> > >> box Vs your laptop. Clean the machine ASAP.
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > >> On 4/21/09, James Jones <jc.jones at tuftux.com> wrote:
>>>> > >>
>>>> > >>> All,
>>>> > >>>
>>>> > >>> A friend of mine has a winxp-home pc with sp-3 installed. Using
>>>> any of
>>>> > >>> 3 browsers, ( opera, IE6, firefox ), she cannot go to one website
>>>> that
>>>> > >>> she used to visit regularly. She receives a timeout. I can hook
>>>> my
>>>> > >>> laptop into her network and using any browser on either winxp or
>>>> > >>> ubuntu, I can access the website with no problem.
>>>> > >>>
>>>> > >>> From her winxp, I can ping the site and do a tracert to the site
>>>> with
>>>> > >>> no problem.
>>>> > >>>
>>>> > >>> I can disable her norton anti-virus and windows firewall and
>>>> there is
>>>> > >>> no change. There are no entries in restricted areas of ie, no
>>>> entries
>>>> > >>> in hosts file.
>>>> > >>>
>>>> > >>> I have even tried to use the system restore, but system restore
>>>> is
>>>> > >>> always incomplete -- no changes.
>>>> > >>>
>>>> > >>> What am I missing?
>>>> > >>>
>>>> > >>> The website is http://www.healthjobsusa.com ( she is looking for
>>>> a
>>>> > >>> nursing job and needs to connect ).
>>>> > >>>
>>>> > >>> If I don't have a solution soon, I guess I can always install
>>>> ubuntu
>>>> > >>> as a dual boot so she can get to the site --
>>>> > >>>
>>>> > >>>
>>>> > >>> --
>>>> > >>> Jc Jones
>>>> > >>> Blogs -
>>>> > >>> http://www.wendellgeek.com/weblog/
>>>> > >>> http://kixtech.blogspot.com/
>>>> > >>>
>>>> > >>> webmaster for:
>>>> > >>> http://www.raleighchurchofchrist.org
>>>> > >>> http://www.wendellgeek.com
>>>> > >>> http://classof1955.org
>>>> > >>> http://www.tuftux.com
>>>> > >>> http://www.dabeak.com
>>>> > >>> http://www.therealpatpatterson.com
>>>> > >>> http://jonesjc.freeshell.org
>>>> > >>> http://www.trilug.org/~jonesjc
>>>> > >>> --
>>>> > >>> TriLUG mailing list :
>>>> > >>> http://www.trilug.org/mailman/listinfo/trilug
>>>> > >>> TriLUG FAQ :
>>>> http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>> > >>>
>>>> > >>>
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > > --
>>>> > > TriLUG mailing list :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> > > TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>> > >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Carl Crider
>>>> > c.crider at gmail.com
>>>> > 919.923.6733
>>>> > --
>>>> >
>>>> > TriLUG mailing list :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> > TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Jc Jones
>>>> Blogs -
>>>> http://www.wendellgeek.com/weblog/
>>>> http://kixtech.blogspot.com/
>>>>
>>>> webmaster for:
>>>> http://www.raleighchurchofchrist.org
>>>> http://www.wendellgeek.com
>>>> http://classof1955.org
>>>> http://www.tuftux.com
>>>> http://www.dabeak.com
>>>> http://www.therealpatpatterson.com
>>>> http://jonesjc.freeshell.org
>>>> http://www.trilug.org/~jonesjc
>>>>
>>>>
>>>>
>>>
>>>
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
>>
>
>
>
>
On the note of malware (which sounds very likely in your case), probably
the 3 utilities I used most working for ResNet at WCU were: autoruns
(tells you what the registry is starting up with Windows), Malwarebytes,
and Spybot. The *new* combofix is also nice now that it's not
infected. Autoruns is a great place to start though.
Good luck
-kuros
More information about the TriLUG
mailing list