Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mysteriously blocked sites

Started by defence , Feb 21 2006 11:59 AM

  • This topic is locked This topic is locked

#1
defence
Posted 21 February 2006 - 11:59 AM

defence

    New Member

  • Member
  • Pip
  • 5 posts
Help to penetrate this problem, plz.

Some days ago I suddenly was totally blocked from 5 big sites on the web. 3 of them are public service. Those specific sites can't even be seen from my pc. They all remain totally blocked since then. No official warning or alike have been given from those sites (not any other either).

*** Background: Problem started the same day as a massive harassment started at my work. No similar problem occured ever before in config.
*** PC: Win98, MSIE5, FF1.06,
*** Security: NAT-router, Softw.firewall, Winpatrol, mail filter. Scanned with some of the biggest free (anti- spy /trojan /malware) scanners.
* All ports stealthed except a few that are blocked

*** PROBLEM: # mess: Can't reach that page (found 5 pages (plus subpages) that are blocked) # anonymouse: pages can be viewed without problem.
* Tracert: All positions #1-30 "time-out"
* Ping: Can not ping the blocked sites.

What is the problem?
Where is it located? (my pc, isp, web, site host)

What can more be done to locate?
  • 0

Advertisements

#2
greyknight17
Posted 22 February 2006 - 08:47 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Go to c:\windows\ and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like:

127.0.0.1 localhost

If you have anything after that, please post them here.

Also, can the other computers at work access these sites?
  • 0

#3
defence
Posted 23 February 2006 - 03:19 AM

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks!
In the hosts-file there are 0 records (except localhost)
hosts.sam 0 records

But, there is a file namned "hosts.dk.conf" In it is some kazaa adresses (tot14). All those IP's pointing at 127.0.0.1
  • 0

#4
greyknight17
Posted 23 February 2006 - 09:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
So in the regular (no extensions) HOSTS file, there are no lines in it at all?

That should be ok for the other one if it's 127.0.0.1 that's starting first followed by the kazaa addresses. Just make sure it's not the other way around :tazz:

Are those sites secure sites? If so, can you access any other secure sites? Try disabling the router and go to the internet directly to those sites to make sure it's not the router causing this problem.
  • 0

#5
defence
Posted 24 February 2006 - 07:45 AM

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Are those sites secure sites? If so, can you access any other secure sites? Try disabling the router and go to the internet directly to those sites to make sure it's not the router causing this problem.


Bank, stocks and other high secure sites work perfect... and have done so since the router was installed. (long before these problems)

One of the blocked sites have a forum. Thanks to anonymouse I could reach my login there... the login is NOT BLOCKED! (there is no official status block) ...But login time is set so low it's basicly impossible to send any messages even with copy & paste.

The page block occured the same day as a major harassment started at work. I'm really sure that's the key, even if it is some clever malware.
  • 0

#6
greyknight17
Posted 24 February 2006 - 11:34 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not sure then....any way to find out from work about this issue (harassment)? We don't get involved with this matter....

But if you want us to make sure it's not a program doing this, let's have a look at your HijackThis log:

Please download HijackThis http://www.greyknigh.../HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
  • 0

#7
defence
Posted 25 February 2006 - 04:40 AM

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I have checked hosts-file (hosts.sam). There is only the localhost-pointer. The sites are blocked both in MSIE and FF.

When traceing IP of the blocked sites not even my own router is found!!! Only Errors. So, it looks (?) like it's in my pc.
---------------

Logfile of HijackThis v1.99.1
Scan saved at 11:26:50, on 2006-02-25
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM\NETVEDA\SAFETY.NET\IPCSVC.EXE
C:\PROGRAM\VANLIGA FILER\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
D:\PROGRAM\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE
C:\PROGRAM\NETVEDA\SAFETY.NET\IPCTRAY.EXE
D:\PROGRAM\WINPATROL\WINPATROL.EXE
D:\PROGRAM\AROVAX SHIELD\AROVAXSHIELD.EXE
D:\PROGRAM\BITDEFENDER8\BDNAGENT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM\DISSPY\DISSPY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM\VANLIGA FILER\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
D:\PROGRAM\BITDEFENDER8\BDMCON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM\FIREFOX\FIREFOX.EXE
C:\PROGRAM\WIN32PAD\WIN32PAD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM\WIN32PAD\WIN32PAD.EXE
D:\PROGRAM\FOXMAIL\FOXMAIL.EXE
D:\PROGRAM\AHEAD\NERO\NERO.EXE
D:\PROGRAM\QUERY APPLICATION\QUERYAPP.EXE
D:\PROGRAM\ANTIVIRUS OCH SäKERHET DIVERSE\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/
O4 - HKLM\..\Run: [Device Detector 3] C:\Program\Olympus\DeviceDetector\DevDtct2.exe
O4 - HKLM\..\Run: [SafetyNet] C:\Program\NetVeda\Safety.Net\ipcTray.exe
O4 - HKLM\..\Run: [WinPatrol System Monitor] D:\Program\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\PROGRAM\AROVAX SHIELD\AROVAXSHIELD.EXE /h
O4 - HKLM\..\Run: [BDMCon] "D:\Program\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\Program\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Aktivitetsfältet] SysTray.Exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ipcsvc] C:\Program\NetVeda\Safety.Net\ipcsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program\Vanliga filer\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program\Vanliga filer\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "D:\Program\BitDefender8\bdinit.exe"
O4 - HKLM\..\RunServices: [avast!] D:\Program\Avast4\ashServ.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [Disspy] C:\PROGRAM\DISSPY\DISSPY.exe - silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program\Spybot\TeaTimer.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

Edited by defence, 25 February 2006 - 04:41 AM.

  • 0

#8
greyknight17
Posted 25 February 2006 - 12:27 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't know what else could be wrong here...If someone did do this in your office, they might be using the server to block you access. Can you connect to another network port that's working? Unplug your network/internet cable and try plugging it in another one that you know has access to those 5 sites.

Otherwise, you will have to deal with this or send a complain to HR...we can't do anything about it here.
  • 0

#9
defence
Posted 26 February 2006 - 01:06 PM

defence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
the harassment started against me personally at work the same day as this problem started against my private pc at home.

If anyone have seriouse hints on this, please share them!
  • 0

#10
greyknight17
Posted 26 February 2006 - 05:21 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
defence...sorry, we really can't help you if that's the case. You have to bring this to attention with the proper department in your workplace (if they have one). If they blocked you access purposely on their servers, then there's probably nothing we can do there.

Topic closed....
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP