Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mysteriously blocked sites


  • This topic is locked This topic is locked

#1
defence

defence

    New Member

  • Member
  • Pip
  • 5 posts
Help to penetrate this problem, plz.

Some days ago I suddenly was totally blocked from 5 big sites on the web. 3 of them are public service. Those specific sites can't even be seen from my pc. They all remain totally blocked since then. No official warning or alike have been given from those sites (not any other either).

*** Background: Problem started the same day as a massive harassment started at my work. No similar problem occured ever before in config.
*** PC: Win98, MSIE5, FF1.06,
*** Security: NAT-router, Softw.firewall, Winpatrol, mail filter. Scanned with some of the biggest free (anti- spy /trojan /malware) scanners.
* All ports stealthed except a few that are blocked

*** PROBLEM: # mess: Can't reach that page (found 5 pages (plus subpages) that are blocked) # anonymouse: pages can be viewed without problem.
* Tracert: All positions #1-30 "time-out"
* Ping: Can not ping the blocked sites.

What is the problem?
Where is it located? (my pc, isp, web, site host)

What can more be done to locate?
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Go to c:\windows\ and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like:

127.0.0.1 localhost

If you have anything after that, please post them here.

Also, can the other computers at work access these sites?
  • 0

#3
defence

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks!
In the hosts-file there are 0 records (except localhost)
hosts.sam 0 records

But, there is a file namned "hosts.dk.conf" In it is some kazaa adresses (tot14). All those IP's pointing at 127.0.0.1
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
So in the regular (no extensions) HOSTS file, there are no lines in it at all?

That should be ok for the other one if it's 127.0.0.1 that's starting first followed by the kazaa addresses. Just make sure it's not the other way around :tazz:

Are those sites secure sites? If so, can you access any other secure sites? Try disabling the router and go to the internet directly to those sites to make sure it's not the router causing this problem.
  • 0

#5
defence

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Are those sites secure sites? If so, can you access any other secure sites? Try disabling the router and go to the internet directly to those sites to make sure it's not the router causing this problem.


Bank, stocks and other high secure sites work perfect... and have done so since the router was installed. (long before these problems)

One of the blocked sites have a forum. Thanks to anonymouse I could reach my login there... the login is NOT BLOCKED! (there is no official status block) ...But login time is set so low it's basicly impossible to send any messages even with copy & paste.

The page block occured the same day as a major harassment started at work. I'm really sure that's the key, even if it is some clever malware.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not sure then....any way to find out from work about this issue (harassment)? We don't get involved with this matter....

But if you want us to make sure it's not a program doing this, let's have a look at your HijackThis log:

Please download HijackThis http://www.greyknigh.../HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
  • 0

#7
defence

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I have checked hosts-file (hosts.sam). There is only the localhost-pointer. The sites are blocked both in MSIE and FF.

When traceing IP of the blocked sites not even my own router is found!!! Only Errors. So, it looks (?) like it's in my pc.
---------------

Logfile of HijackThis v1.99.1
Scan saved at 11:26:50, on 2006-02-25
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM\NETVEDA\SAFETY.NET\IPCSVC.EXE
C:\PROGRAM\VANLIGA FILER\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
D:\PROGRAM\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM\NETVEDA\SAFETY.NET\IPCTRAY.EXE
D:\PROGRAM\WINPATROL\WINPATROL.EXE
D:\PROGRAM\AROVAX SHIELD\AROVAXSHIELD.EXE
D:\PROGRAM\BITDEFENDER8\BDNAGENT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM\DISSPY\DISSPY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM\VANLIGA FILER\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
D:\PROGRAM\BITDEFENDER8\BDMCON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM\FIREFOX\FIREFOX.EXE
C:\PROGRAM\WIN32PAD\WIN32PAD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM\WIN32PAD\WIN32PAD.EXE
D:\PROGRAM\FOXMAIL\FOXMAIL.EXE
D:\PROGRAM\AHEAD\NERO\NERO.EXE
D:\PROGRAM\QUERY APPLICATION\QUERYAPP.EXE
D:\PROGRAM\ANTIVIRUS OCH SäKERHET DIVERSE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/
O4 - HKLM\..\Run: [Device Detector 3] C:\Program\Olympus\DeviceDetector\DevDtct2.exe
O4 - HKLM\..\Run: [SafetyNet] C:\Program\NetVeda\Safety.Net\ipcTray.exe
O4 - HKLM\..\Run: [WinPatrol System Monitor] D:\Program\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\PROGRAM\AROVAX SHIELD\AROVAXSHIELD.EXE /h
O4 - HKLM\..\Run: [BDMCon] "D:\Program\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\Program\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ipcsvc] C:\Program\NetVeda\Safety.Net\ipcsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program\Vanliga filer\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program\Vanliga filer\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "D:\Program\BitDefender8\bdinit.exe"
O4 - HKLM\..\RunServices: [avast!] D:\Program\Avast4\ashServ.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [Disspy] C:\PROGRAM\DISSPY\DISSPY.exe - silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program\Spybot\TeaTimer.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

Edited by defence, 25 February 2006 - 04:41 AM.

  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't know what else could be wrong here...If someone did do this in your office, they might be using the server to block you access. Can you connect to another network port that's working? Unplug your network/internet cable and try plugging it in another one that you know has access to those 5 sites.

Otherwise, you will have to deal with this or send a complain to HR...we can't do anything about it here.
  • 0

#9
defence

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
the harassment started against me personally at work the same day as this problem started against my private pc at home.

If anyone have seriouse hints on this, please share them!
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
defence...sorry, we really can't help you if that's the case. You have to bring this to attention with the proper department in your workplace (if they have one). If they blocked you access purposely on their servers, then there's probably nothing we can do there.

Topic closed....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP