Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IE8 will not connect to any site after cleanup 1

Status
Not open for further replies.
guitarzan

guitarzan

Programmer
Apr 22, 2003
2,236
US
This is a continuation from this thread: thread779-1587231, here is what I have done so far:

Machine would not boot in normal mode (hung before login screen) and would not boot in Safe Mode (rebooted after MUP.SYS). Goombawahoo assisted me, and I got the machine booting again. Ran multiple scans (MalwareBytes and Super Antispyware) until I got clean scans, checked Hijackthis logs and all was clean. Except I had a search engine redirector going on (all links from Google or Bing redirected).

Since the machine had IE6, I decided to upgrade to IE8 (probably a mistake to upgrade at this point, but it's done). Now, when I load IE8, it never connects to a page (says "Connecting...", but never connects, never gives up either). Internet connection is fine, I can ping by IP and by domain name, just cannot browse anywhere in IE. Tried resetting settings, still nothing.

I ran GMER, and it pointed to suspicious activity in "atapi.sys" (just like this post: thread760-1587515!!!). So I ran ComboFix, and it found and cleaned a rootkit, and replaced atapi.sys. This fixed the "Safe Mode" reboot problem, so now I can boot in safe mode. But I STILL cannot get IE8 to connect to any web site.

I tried "netsh winsock reset". I tried SFC /SCANNOW. Still no help. Any ideas on how to proceed?
 
Sort by date Sort by votes
Are you able to ping external sites from your PC? If so, that will at least narrow down whether it's the connection, or specifically a browser issue.

I wonder if you could still find the Install Executable for IE8 in Windows Temp files, and reinstall it... especially since you apparently did still have some sort of infection on the machine before the install... it apparently murked up the install.

Another option - after all, you've spent this much time already, just wipe the drive with Active KillDisk or DBAN, reinstall Windows, and start over from scratch - to be sure all malware gone for certain, AND any/all such bugs/issues.

I'm thinking of this last option, b/c if the malware was so bad, then who knows what else it could have messed up. You might try to do something for the first time, say a month down the road, and find a new issue.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
kjv1611,
Well, yeah, at some point I will cut my losses and reformat/reinstall... but I seem so close :)

Yes, I can ping by IP address, and I can ping by domain name.
 
Upvote 0 Downvote
I would download (from another PC if necessary) and run Winsock XP Fix. It resets your IP stack and then you reboot, then things usually work.


Check your hosts file for anything weird.

Tell us whether you can ping the following from a CMD prompt:
127.0.0.1
your router ip address
 
Upvote 0 Downvote
goombawaho,

Thanks for that... To answer your questions, the machine could always ping the router IP, any other IP, and any domain name like google.com. Hosts was clean. I hadn't tried the utility you pointed to, but I did try "netsh winsock reset" to no avail.

This machine is just whacked. This morning, I uninstalled Superantispyware, and at the end it opens a web page on its website... and it opened in IE! If I browsed to sites that had an html in the name (like the site would open in IE. But sites like or would NOT open. Then, I logged into the user's profile (I had been doing all this work in a separate profile I created), and noticed that Task Manager was disabled, their desktop icons didn't show up... so, basically was still hosed. Then I ran ComboFix again in safe mode in this user account, and now everything seems okay (including IE working fine for all sites).

The user wants their machine back, but I am going to advise that if anything seems wacky that they really need a clean install. This virus/rootkit is just particular nasty, and it looks like you have been fighting something similar. One step forward, two steps back :(
 
Upvote 0 Downvote
Thanks for the detailed followup, guitarzan.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
kjv1611, I could write a book on just this one machine alone :)
 
Upvote 0 Downvote
Did you check the hosts file? I just found one today that had almost all the search engine sites listed in it as 127.0.0.1.

If you were using HJT, click on "other tools" and see if you can open and check the hosts file. If you find a long list of cr*p, reset it.

If you already did this, apologies -- I try not to make assumptions....

Brian
 
Upvote 0 Downvote
ronin77: The computer is back with the owner, so far so good... I'm pretty sure I had checked the hosts file, and the only entry was "127.0.0.1 localhost".
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
630
Yoko Littner
Yoko Littner
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
428
ChrisHirst
ChrisHirst
kjv1611
  • Locked
  • Question
AdwCleaner - Any Good? 1
Replies
2
Views
124
kjv1611
kjv1611
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
120
goombawaho
goombawaho
riobogmedacaliaires
  • Locked
  • Question
how to exclude folders in trend officescan 11 client side
Replies
0
Views
96
riobogmedacaliaires
riobogmedacaliaires

Part and Inventory Search

Sponsor

Back
Top