• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

.Windows XP update site not connecting..

K

kraut

Flightless Bird
The last couple days when I try to connect to the Windows XP Update
site at http://windowsupdate.microsoft.com/ I get an "Internet
Explorer cannot display the webpage" error message. It worked fine
before. I have no problem connecting to other sites whether Microsoft
sites or non MS sites. I hit the "diagnose connection" box that came
up along with the error message and it said there was no problem with
my internet (DSL) connection.

I was running MSIE version 8 for a couple weeks BEFORE I started
having this problem and had no problems with installing updates.

I am running:

Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
System Type X86-based PC
Internet Explorer
Version 8.0.6001.18702
Build 86001

My wife's system which has Vista with MSIE 7 I believe with a dialup
connection at a different site and different phone line has no problem
connecting to the Vista update site and installing updates for what it
is worth.

Any suggestions or help on what may be causing this and how to remedy
would be greatly appreciated. Keep in mine that I am a non expert or
whatever when it comes to what makes this system or the programs run.

Thanks much.
 
T

Twayne

Flightless Bird
In news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com,
kraut <kraut3852@yahoo.comg> typed:

> The last couple days when I try to connect to the Windows
> XP Update site at http://windowsupdate.microsoft.com/ I get
> an "Internet Explorer cannot display the webpage" error
> message. It worked fine before. I have no problem
> connecting to other sites whether Microsoft sites or non MS
> sites. I hit the "diagnose connection" box that came up
> along with the error message and it said there was no
> problem with my internet (DSL) connection.

Is there any chance you restricted the site by accident?
Check by opening IE and click Tools; Internet Options.
Click the Security tab.
Click on Restricted Sites.
Click the Sites button.
Go through the list and make sure the microsoft update web
address is NOT listed there. It's a long list, but it's
alphabetical, so it's not too hard to check it. IF it's there,
remove it from the Restricted Sites and check to see if it
works now.

If no luck, those symptoms sound like a good possibility for a
virus or other malware. Update and run your Antivirus
program, and then all of the anti-spyware programs you have
available to you. Be sure to update them before using them.
If still no luck, post back with the results, plus include
the name and versions of:
Your Antivirus program
Your antispyware programs
Your firewall
Any other Security programs, like WinPatrol, etc. etc..
The most recent changes, and dates, of the last couple
installs, uninstalls, customizations you have done from the
date this problem showed up, going back say 2 weeks.
Date this problem showed up.
Any other problems that may be happening on the computer
whether you think they are related or not.

With the preceding work done and the above information, it's
likely someone here is going to be able to help you out.
>
> I was running MSIE version 8 for a couple weeks BEFORE I
> started having this problem and had no problems with
> installing updates.

According to the list below you are still using IE8; right? So
am I.
>
....
> Microsoft Windows XP Home Edition
> Version 5.1.2600 Service Pack 3 Build 2600
> System Type X86-based PC
> Internet Explorer
> Version 8.0.6001.18702
> My wife's system which has Vista with MSIE 7 I believe with
> a dialup connection at a different site and different phone
> line has no problem connecting to the Vista update site and
> installing updates for what it is worth.

Other than proving that the update site works, your wif'es
machine has little other meaning w/r to your problem.

>
> Any suggestions or help on what may be causing this and how
> to remedy would be greatly appreciated. Keep in mine that
> I am a non expert or whatever when it comes to what makes
> this system or the programs run.
>
> Thanks much.

HTH,

Twayne`
 
R

Robert Aldwinckle

Flightless Bird
"kraut" <kraut3852@yahoo.comg> wrote in message
news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
>
>
>
>
> The last couple days when I try to connect to the Windows XP Update
> site at http://windowsupdate.microsoft.com/ I get an "Internet
> Explorer cannot display the webpage" error message. It worked fine
> before. I have no problem connecting to other sites whether Microsoft
> sites or non MS sites. I hit the "diagnose connection" box that came
> up along with the error message and it said there was no problem with
> my internet (DSL) connection.


Unfortunately that isn't a very good diagnostic for this symptom.

Moreover for that particular URL there are some immediate redirects so you
might as well start past them, since failure to find the first site name may
not be the cause of your problem symptom.

For example telnet + HEAD / HTTP/1.1 shows this:

Content-Location: http://windowsupdate.microsoft.com/Default.htm

That suggests that there is a script redirect buried in that "page"...

<script Language="javascript" Src="redirect.js"></script>

In the <noscript> element you can find

<A
href="http://v4.windowsupdate.microsoft.com/en/dialog_learnabout.asp?topic=0&
amp;noscripting=true">Tell me about active scripting and ActiveX
controls</a>

(Tip: delete the amp; symbolic name to leave the ampersand as is if you
want to try that link. However, it doesn't help your cause.)

So we would actually have to download that redirect.js script file and
manually interpret it to see where it might have taken you.

All this suggests that you need to pay very close attention to *all* your
symptoms. The most useful clues will be seen in the Status bar, so
maximize your window to maximize how much you can see in there. Maximize
it rather than use Fullscreen because there may be more information about
the transitions being made to be seen in the Address bar, the Title bar, the
Tab label, as well as the Status bar and the display area. You could also
slow down what you would see in there by setting Active Scripting, Script
ActiveX controls marked safe for scripting* and Run ActiveX controls and
plug-ins (all 3) to Prompt (instead of Enable). Hint: doubleclick on
the security zone icon in the Status bar to open the Security Settings
dialog if you want to make such changes.


HTH

Robert Aldwinckle
---


>
> I was running MSIE version 8 for a couple weeks BEFORE I started
> having this problem and had no problems with installing updates.
>
> I am running:
>
> Microsoft Windows XP Home Edition
> Version 5.1.2600 Service Pack 3 Build 2600
> System Type X86-based PC
> Internet Explorer
> Version 8.0.6001.18702
> Build 86001
>
> My wife's system which has Vista with MSIE 7 I believe with a dialup
> connection at a different site and different phone line has no problem
> connecting to the Vista update site and installing updates for what it
> is worth.
>
> Any suggestions or help on what may be causing this and how to remedy
> would be greatly appreciated. Keep in mine that I am a non expert or
> whatever when it comes to what makes this system or the programs run.
>
> Thanks much.
>
>
 
K

kraut

Flightless Bird
On Thu, 15 Apr 2010 14:07:21 -0400, "Twayne" <nobody@spamcop.net>
wrote:

>In news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com,
>kraut <kraut3852@yahoo.comg> typed:
>
>> The last couple days when I try to connect to the Windows
>> XP Update site at http://windowsupdate.microsoft.com/ I get
>> an "Internet Explorer cannot display the webpage" error
>> message. It worked fine before. I have no problem
>> connecting to other sites whether Microsoft sites or non MS
>> sites. I hit the "diagnose connection" box that came up
>> along with the error message and it said there was no
>> problem with my internet (DSL) connection.
>
>Is there any chance you restricted the site by accident?
> Check by opening IE and click Tools; Internet Options.
> Click the Security tab.
> Click on Restricted Sites.
> Click the Sites button.
>Go through the list and make sure the microsoft update web
>address is NOT listed there. It's a long list, but it's
>alphabetical, so it's not too hard to check it. IF it's there,
>remove it from the Restricted Sites and check to see if it
>works now.
>
>If no luck, those symptoms sound like a good possibility for a
>virus or other malware. Update and run your Antivirus
>program, and then all of the anti-spyware programs you have
>available to you. Be sure to update them before using them.
> If still no luck, post back with the results, plus include
>the name and versions of:
> Your Antivirus program
> Your antispyware programs
> Your firewall
> Any other Security programs, like WinPatrol, etc. etc..
> The most recent changes, and dates, of the last couple
>installs, uninstalls, customizations you have done from the
>date this problem showed up, going back say 2 weeks.
> Date this problem showed up.
> Any other problems that may be happening on the computer
>whether you think they are related or not.
>
>With the preceding work done and the above information, it's
>likely someone here is going to be able to help you out.
>>
>> I was running MSIE version 8 for a couple weeks BEFORE I
>> started having this problem and had no problems with
>> installing updates.
>
>According to the list below you are still using IE8; right? So
>am I.
>>
>...
>> Microsoft Windows XP Home Edition
>> Version 5.1.2600 Service Pack 3 Build 2600
>> System Type X86-based PC
>> Internet Explorer
>> Version 8.0.6001.18702
>> My wife's system which has Vista with MSIE 7 I believe with
>> a dialup connection at a different site and different phone
>> line has no problem connecting to the Vista update site and
>> installing updates for what it is worth.
>
>Other than proving that the update site works, your wif'es
>machine has little other meaning w/r to your problem.
>
>>
>> Any suggestions or help on what may be causing this and how
>> to remedy would be greatly appreciated. Keep in mine that
>> I am a non expert or whatever when it comes to what makes
>> this system or the programs run.
>>
>> Thanks much.
>
>HTH,
>
>Twayne`
>


Hard to read when the post is entertwined with thr original post but
here goes.

There are no sites listed under restricted site and I would not have
known how to before your post and the level of whatever the restricted
sites are is set to high.

I am running MSIE as it was installed. I am not one to tinker with
things when I have no idea what they are for.

As for virus programs the system has AVG Free I think they said which
is set to update the virus daily although I have no idea why it would
want to update a virus.

Also I just ran it this AM and told it to scan the whole computer I
think it was and it said the thing did not have any virus.
 
N

Neil Harrington

Flightless Bird
"kraut" <kraut3852@yahoo.comg> wrote in message
news:4bmes5te6r95s2till9b4segrhhm2h2i3a@4ax.com...


>
> As for virus programs the system has AVG Free I think they said which
> is set to update the virus daily although I have no idea why it would
> want to update a virus.

Antivirus programs update the virus DEFINITIONS (not the viruses themselves)
frequently in the attempt to catch all the latest viruses -- new viruses are
coming out all the time.
 
D

Dan

Flightless Bird
I would suggest you get Malwarebytes Anti-Malware and run it, your AVG won't
find most malware because it's not classed as a virus. I've had to fix a few
PCs recently that had variants of the Zlob infection on them which prevented
IE from accessing Windows Updates as well as most of the major AV and
malware removal sites, it does this by changing the DNS settings in Windows
to point to DNS servers that return invalid IPs for those sites. You may
have to download Anti-Malware using another PC and copy it across to the
infected one, and run it in safe mode as this is most likely to stop the
components loading that will prevent Anti-Malware from running (quite a few
of these infections will block most tools that can remove them from running
at all, making removal tricky).

You can get Anti-Malware from http://www.malwarebytes.org/ - just download
the free version.


Also check your hosts files (c:/windows\system32\drivers\hosts) to see if
you have any entries in there with MS site hostnames, if so delete those
lines as they are local DNS mappings that will override the real DNS results
and are occassionally inserted by malware as another way to try and block
access to Windows Update.

Dan


"kraut" <kraut3852@yahoo.comg> wrote in message
news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
>
>
>
>
> The last couple days when I try to connect to the Windows XP Update
> site at http://windowsupdate.microsoft.com/ I get an "Internet
> Explorer cannot display the webpage" error message. It worked fine
> before. I have no problem connecting to other sites whether Microsoft
> sites or non MS sites. I hit the "diagnose connection" box that came
> up along with the error message and it said there was no problem with
> my internet (DSL) connection.
>
> I was running MSIE version 8 for a couple weeks BEFORE I started
> having this problem and had no problems with installing updates.
>
> I am running:
>
> Microsoft Windows XP Home Edition
> Version 5.1.2600 Service Pack 3 Build 2600
> System Type X86-based PC
> Internet Explorer
> Version 8.0.6001.18702
> Build 86001
>
> My wife's system which has Vista with MSIE 7 I believe with a dialup
> connection at a different site and different phone line has no problem
> connecting to the Vista update site and installing updates for what it
> is worth.
>
> Any suggestions or help on what may be causing this and how to remedy
> would be greatly appreciated. Keep in mine that I am a non expert or
> whatever when it comes to what makes this system or the programs run.
>
> Thanks much.
>
>
 
T

Twayne

Flightless Bird
In news:8493CADD-C557-4EC7-91B4-7984D2673BE1@microsoft.com,
Dan <news@worldofspack.com> typed:
> I would suggest you get Malwarebytes Anti-Malware and run
> it, your AVG won't find most malware because it's not
> classed as a virus. I've had to fix a few PCs recently that
> had variants of the Zlob infection on them which prevented
> IE from accessing Windows Updates as well as most of the
> major AV and malware removal sites, it does this by
> changing the DNS settings in Windows to point to DNS
> servers that return invalid IPs for those sites. You may
> have to download Anti-Malware using another PC and copy it
> across to the infected one, and run it in safe mode as this
> is most likely to stop the components loading that will
> prevent Anti-Malware from running (quite a few of these
> infections will block most tools that can remove them from
> running at all, making removal tricky).
> You can get Anti-Malware from http://www.malwarebytes.org/ -
> just download the free version.
>
>
> Also check your hosts files
> (c:/windows\system32\drivers\hosts) to see if you have any
> entries in there with MS site hostnames, if so delete those
> lines as they are local DNS mappings that will override the
> real DNS results and are occassionally inserted by malware
> as another way to try and block access to Windows Update.
> Dan

Caveat: I'd like to just add about the Hosts file: If you
have downloaded one to use, as many do, be careful of removing
EVERY microsoft entry! Only delete valid addresses that you
recognize. There may be several MS addresses in there but
they are actually redirectors and other malware of varying
types that are good to avoid.

But if you've never done that, the Hosts file is probably
fairly small and won't contaim many entries.
Also, unless there is a VERY good, known reason for it, you
should NOT see anything but "127.0.0.1" in the left column of
IP numbers. Anything else is a redirect you normally wouldn't
want.

HTH,

Twayne`
 
K

kraut

Flightless Bird
Re: .Windows XP update site not connecting.. Update for "Dan" <news@worldofspack.com>

Dan I DLed and ran Anti-Malware and it did find infected things which
I deleted and restarted system. Tryed to connect to the Windows
Update site and it worked fine thanks to you. I really appreciate
your help.

Below is a log of what the prog found for your info:

*********************

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3996

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/16/2010 11:28:44 AM
mbam-log-2010-04-16 (11-28-44).txt

Scan type: Quick scan
Objects scanned: 102201
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 5

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
(Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
Quarantined and deleted successfully.

Files Infected:
C:/WINDOWS\Ssedia.exe (Trojan.Fraudpack) -> Quarantined and deleted
successfully.
C:/WINDOWS\system32\spool\prtprocs\w32x86\00000b9e.tmp
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:/WINDOWS\system32\spool\prtprocs\w32x86\000048e2.tmp
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:/WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:/WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
(Trojan.Downloader) -> Quarantined and deleted successfully.

*******************


On Fri, 16 Apr 2010 09:39:50 +0100, "Dan" <news@worldofspack.com>
wrote:

>I would suggest you get Malwarebytes Anti-Malware and run it, your AVG won't
>find most malware because it's not classed as a virus. I've had to fix a few
>PCs recently that had variants of the Zlob infection on them which prevented
>IE from accessing Windows Updates as well as most of the major AV and
>malware removal sites, it does this by changing the DNS settings in Windows
>to point to DNS servers that return invalid IPs for those sites. You may
>have to download Anti-Malware using another PC and copy it across to the
>infected one, and run it in safe mode as this is most likely to stop the
>components loading that will prevent Anti-Malware from running (quite a few
>of these infections will block most tools that can remove them from running
>at all, making removal tricky).
>
>You can get Anti-Malware from http://www.malwarebytes.org/ - just download
>the free version.
>
>
>Also check your hosts files (c:/windows\system32\drivers\hosts) to see if
>you have any entries in there with MS site hostnames, if so delete those
>lines as they are local DNS mappings that will override the real DNS results
>and are occassionally inserted by malware as another way to try and block
>access to Windows Update.
>
>Dan
>
>
>"kraut" <kraut3852@yahoo.comg> wrote in message
>news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
>>
>>
>>
>>
>> The last couple days when I try to connect to the Windows XP Update
>> site at http://windowsupdate.microsoft.com/ I get an "Internet
>> Explorer cannot display the webpage" error message. It worked fine
>> before. I have no problem connecting to other sites whether Microsoft
>> sites or non MS sites. I hit the "diagnose connection" box that came
>> up along with the error message and it said there was no problem with
>> my internet (DSL) connection.
>>
>> I was running MSIE version 8 for a couple weeks BEFORE I started
>> having this problem and had no problems with installing updates.
>>
>> I am running:
>>
>> Microsoft Windows XP Home Edition
>> Version 5.1.2600 Service Pack 3 Build 2600
>> System Type X86-based PC
>> Internet Explorer
>> Version 8.0.6001.18702
>> Build 86001
>>
>> My wife's system which has Vista with MSIE 7 I believe with a dialup
>> connection at a different site and different phone line has no problem
>> connecting to the Vista update site and installing updates for what it
>> is worth.
>>
>> Any suggestions or help on what may be causing this and how to remedy
>> would be greatly appreciated. Keep in mine that I am a non expert or
>> whatever when it comes to what makes this system or the programs run.
>>
>> Thanks much.
>>
>>
>
>
 
D

Dan

Flightless Bird
Re: .Windows XP update site not connecting.. Update for "Dan" <news@worldofspack.com>

Glad I could help. They're a tricky thing to get rid of sometimes. The
following lines were stopping you connecting to the MS servers:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
(Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
(Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
Quarantined and deleted successfully.


These registry entries were forcing all DNS requests to the IP addresses
shown, and these servers were returning either invalid IP addresses or
simply no response at all for the Windows Update hostnames (and probably a
lot more too!).

Dan


"kraut" <kraut3852@yahoo.comg> wrote in message
news:kq3hs5pm3qj71bd7te3jvkgiavef7s616i@4ax.com...
>
> Dan I DLed and ran Anti-Malware and it did find infected things which
> I deleted and restarted system. Tryed to connect to the Windows
> Update site and it worked fine thanks to you. I really appreciate
> your help.
>
> Below is a log of what the prog found for your info:
>
> *********************
>
> Malwarebytes' Anti-Malware 1.45
> www.malwarebytes.org
>
> Database version: 3996
>
> Windows 5.1.2600 Service Pack 3
> Internet Explorer 8.0.6001.18702
>
> 4/16/2010 11:28:44 AM
> mbam-log-2010-04-16 (11-28-44).txt
>
> Scan type: Quick scan
> Objects scanned: 102201
> Time elapsed: 3 minute(s), 40 second(s)
>
> Memory Processes Infected: 0
> Memory Modules Infected: 0
> Registry Keys Infected: 0
> Registry Values Infected: 0
> Registry Data Items Infected: 5
> Folders Infected: 0
> Files Infected: 5
>
> Registry Data Items Infected:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> Good: (0) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> Good: (0) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> Good: (0) -> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> Quarantined and deleted successfully.
>
> Files Infected:
> C:/WINDOWS\Ssedia.exe (Trojan.Fraudpack) -> Quarantined and deleted
> successfully.
> C:/WINDOWS\system32\spool\prtprocs\w32x86\00000b9e.tmp
> (Trojan.FakeAlert) -> Quarantined and deleted successfully.
> C:/WINDOWS\system32\spool\prtprocs\w32x86\000048e2.tmp
> (Trojan.FakeAlert) -> Quarantined and deleted successfully.
> C:/WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
> (Trojan.Downloader) -> Quarantined and deleted successfully.
> C:/WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
> (Trojan.Downloader) -> Quarantined and deleted successfully.
>
> *******************
>
>
> On Fri, 16 Apr 2010 09:39:50 +0100, "Dan" <news@worldofspack.com>
> wrote:
>
>>I would suggest you get Malwarebytes Anti-Malware and run it, your AVG
>>won't
>>find most malware because it's not classed as a virus. I've had to fix a
>>few
>>PCs recently that had variants of the Zlob infection on them which
>>prevented
>>IE from accessing Windows Updates as well as most of the major AV and
>>malware removal sites, it does this by changing the DNS settings in
>>Windows
>>to point to DNS servers that return invalid IPs for those sites. You may
>>have to download Anti-Malware using another PC and copy it across to the
>>infected one, and run it in safe mode as this is most likely to stop the
>>components loading that will prevent Anti-Malware from running (quite a
>>few
>>of these infections will block most tools that can remove them from
>>running
>>at all, making removal tricky).
>>
>>You can get Anti-Malware from http://www.malwarebytes.org/ - just
>>download
>>the free version.
>>
>>
>>Also check your hosts files (c:/windows\system32\drivers\hosts) to see if
>>you have any entries in there with MS site hostnames, if so delete those
>>lines as they are local DNS mappings that will override the real DNS
>>results
>>and are occassionally inserted by malware as another way to try and block
>>access to Windows Update.
>>
>>Dan
>>
>>
>>"kraut" <kraut3852@yahoo.comg> wrote in message
>>news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
>>>
>>>
>>>
>>>
>>> The last couple days when I try to connect to the Windows XP Update
>>> site at http://windowsupdate.microsoft.com/ I get an "Internet
>>> Explorer cannot display the webpage" error message. It worked fine
>>> before. I have no problem connecting to other sites whether Microsoft
>>> sites or non MS sites. I hit the "diagnose connection" box that came
>>> up along with the error message and it said there was no problem with
>>> my internet (DSL) connection.
>>>
>>> I was running MSIE version 8 for a couple weeks BEFORE I started
>>> having this problem and had no problems with installing updates.
>>>
>>> I am running:
>>>
>>> Microsoft Windows XP Home Edition
>>> Version 5.1.2600 Service Pack 3 Build 2600
>>> System Type X86-based PC
>>> Internet Explorer
>>> Version 8.0.6001.18702
>>> Build 86001
>>>
>>> My wife's system which has Vista with MSIE 7 I believe with a dialup
>>> connection at a different site and different phone line has no problem
>>> connecting to the Vista update site and installing updates for what it
>>> is worth.
>>>
>>> Any suggestions or help on what may be causing this and how to remedy
>>> would be greatly appreciated. Keep in mine that I am a non expert or
>>> whatever when it comes to what makes this system or the programs run.
>>>
>>> Thanks much.
>>>
>>>
>>
>>
>
 
S

Startrek4d

Flightless Bird
Re: .Windows XP update site not connecting.. Update for "Dan" <ne

Dan< Could I possibly impose to ask just one more question. I have followed
this entire thread with the same virus, which MBites deletes, but it just
comes right back. Can you perscribe anything further? PLZ.. TY Donna
MY SCAN RESULTS:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3994

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

5/3/2010 10:36:59 PM
mbam-log-2010-05-03 (22-36-59).txt

Scan type: Quick scan
Objects scanned: 104598
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer
(Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63589442-6514-49ad-9604-b19bc4f38322}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b731530c-c4f0-43c0-9842-de418e214d31}\DhcpNameServer
(Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined and
deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

"Dan" wrote:

>
> Glad I could help. They're a tricky thing to get rid of sometimes. The
> following lines were stopping you connecting to the MS servers:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> Quarantined and deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> Quarantined and deleted successfully.
>
>
> These registry entries were forcing all DNS requests to the IP addresses
> shown, and these servers were returning either invalid IP addresses or
> simply no response at all for the Windows Update hostnames (and probably a
> lot more too!).
>
> Dan
>
>
> "kraut" <kraut3852@yahoo.comg> wrote in message
> news:kq3hs5pm3qj71bd7te3jvkgiavef7s616i@4ax.com...
> >
> > Dan I DLed and ran Anti-Malware and it did find infected things which
> > I deleted and restarted system. Tryed to connect to the Windows
> > Update site and it worked fine thanks to you. I really appreciate
> > your help.
> >
> > Below is a log of what the prog found for your info:
> >
> > *********************
> >
> > Malwarebytes' Anti-Malware 1.45
> > www.malwarebytes.org
> >
> > Database version: 3996
> >
> > Windows 5.1.2600 Service Pack 3
> > Internet Explorer 8.0.6001.18702
> >
> > 4/16/2010 11:28:44 AM
> > mbam-log-2010-04-16 (11-28-44).txt
> >
> > Scan type: Quick scan
> > Objects scanned: 102201
> > Time elapsed: 3 minute(s), 40 second(s)
> >
> > Memory Processes Infected: 0
> > Memory Modules Infected: 0
> > Registry Keys Infected: 0
> > Registry Values Infected: 0
> > Registry Data Items Infected: 5
> > Folders Infected: 0
> > Files Infected: 5
> >
> > Registry Data Items Infected:
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> > Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> > Good: (0) -> Quarantined and deleted successfully.
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> > Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> > Good: (0) -> Quarantined and deleted successfully.
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
> > Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
> > Good: (0) -> Quarantined and deleted successfully.
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
> > (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> > Quarantined and deleted successfully.
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
> > (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
> > Quarantined and deleted successfully.
> >
> > Files Infected:
> > C:/WINDOWS\Ssedia.exe (Trojan.Fraudpack) -> Quarantined and deleted
> > successfully.
> > C:/WINDOWS\system32\spool\prtprocs\w32x86\00000b9e.tmp
> > (Trojan.FakeAlert) -> Quarantined and deleted successfully.
> > C:/WINDOWS\system32\spool\prtprocs\w32x86\000048e2.tmp
> > (Trojan.FakeAlert) -> Quarantined and deleted successfully.
> > C:/WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
> > (Trojan.Downloader) -> Quarantined and deleted successfully.
> > C:/WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
> > (Trojan.Downloader) -> Quarantined and deleted successfully.
> >
> > *******************
> >
> >
> > On Fri, 16 Apr 2010 09:39:50 +0100, "Dan" <news@worldofspack.com>
> > wrote:
> >
> >>I would suggest you get Malwarebytes Anti-Malware and run it, your AVG
> >>won't
> >>find most malware because it's not classed as a virus. I've had to fix a
> >>few
> >>PCs recently that had variants of the Zlob infection on them which
> >>prevented
> >>IE from accessing Windows Updates as well as most of the major AV and
> >>malware removal sites, it does this by changing the DNS settings in
> >>Windows
> >>to point to DNS servers that return invalid IPs for those sites. You may
> >>have to download Anti-Malware using another PC and copy it across to the
> >>infected one, and run it in safe mode as this is most likely to stop the
> >>components loading that will prevent Anti-Malware from running (quite a
> >>few
> >>of these infections will block most tools that can remove them from
> >>running
> >>at all, making removal tricky).
> >>
> >>You can get Anti-Malware from http://www.malwarebytes.org/ - just
> >>download
> >>the free version.
> >>
> >>
> >>Also check your hosts files (c:/windows\system32\drivers\hosts) to see if
> >>you have any entries in there with MS site hostnames, if so delete those
> >>lines as they are local DNS mappings that will override the real DNS
> >>results
> >>and are occassionally inserted by malware as another way to try and block
> >>access to Windows Update.
> >>
> >>Dan
> >>
> >>
> >>"kraut" <kraut3852@yahoo.comg> wrote in message
> >>news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
> >>>
> >>>
> >>>
> >>>
> >>> The last couple days when I try to connect to the Windows XP Update
> >>> site at http://windowsupdate.microsoft.com/ I get an "Internet
> >>> Explorer cannot display the webpage" error message. It worked fine
> >>> before. I have no problem connecting to other sites whether Microsoft
> >>> sites or non MS sites. I hit the "diagnose connection" box that came
> >>> up along with the error message and it said there was no problem with
> >>> my internet (DSL) connection.
> >>>
> >>> I was running MSIE version 8 for a couple weeks BEFORE I started
> >>> having this problem and had no problems with installing updates.
> >>>
> >>> I am running:
> >>>
> >>> Microsoft Windows XP Home Edition
> >>> Version 5.1.2600 Service Pack 3 Build 2600
> >>> System Type X86-based PC
> >>> Internet Explorer
> >>> Version 8.0.6001.18702
> >>> Build 86001
> >>>
> >>> My wife's system which has Vista with MSIE 7 I believe with a dialup
> >>> connection at a different site and different phone line has no problem
> >>> connecting to the Vista update site and installing updates for what it
> >>> is worth.
> >>>
> >>> Any suggestions or help on what may be causing this and how to remedy
> >>> would be greatly appreciated. Keep in mine that I am a non expert or
> >>> whatever when it comes to what makes this system or the programs run.
> >>>
> >>> Thanks much.
> >>>
> >>>
> >>
> >>
> >
>
>
>
> .
>
 
D

Dan

Flightless Bird
Re: .Windows XP update site not connecting.. Update for "Dan" <ne

Have you tried it in Safe Mode?

If this still doesn't shift it, you may have a boot sector virus that is
resetting this, get ComboFix and run it through completely (it will take a
while to run).

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download it from the BleepingComputer.com link (just above the first
screenshot image).

Dan


"Startrek4d" <Startrek4d@discussions.microsoft.com> wrote in message
news:C7C4A790-715A-48E9-AC1D-68F94164A16D@microsoft.com...
> Dan< Could I possibly impose to ask just one more question. I have
> followed
> this entire thread with the same virus, which MBites deletes, but it just
> comes right back. Can you perscribe anything further? PLZ.. TY Donna
> MY SCAN RESULTS:
> Malwarebytes' Anti-Malware 1.45
> www.malwarebytes.org
>
> Database version: 3994
>
> Windows 6.0.6002 Service Pack 2
> Internet Explorer 8.0.6001.18882
>
> 5/3/2010 10:36:59 PM
> mbam-log-2010-05-03 (22-36-59).txt
>
> Scan type: Quick scan
> Objects scanned: 104598
> Time elapsed: 5 minute(s), 51 second(s)
>
> Memory Processes Infected: 0
> Memory Modules Infected: 0
> Registry Keys Infected: 0
> Registry Values Infected: 0
> Registry Data Items Infected: 3
> Folders Infected: 0
> Files Infected: 0
>
> Memory Processes Infected:
> (No malicious items detected)
>
> Memory Modules Infected:
> (No malicious items detected)
>
> Registry Keys Infected:
> (No malicious items detected)
>
> Registry Values Infected:
> (No malicious items detected)
>
> Registry Data Items Infected:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer
> (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined
> and
> deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63589442-6514-49ad-9604-b19bc4f38322}\DhcpNameServer
> (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined
> and
> deleted successfully.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b731530c-c4f0-43c0-9842-de418e214d31}\DhcpNameServer
> (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 -> Quarantined
> and
> deleted successfully.
>
> Folders Infected:
> (No malicious items detected)
>
> Files Infected:
> (No malicious items detected)
>
> "Dan" wrote:
>
>>
>> Glad I could help. They're a tricky thing to get rid of sometimes. The
>> following lines were stopping you connecting to the MS servers:
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
>> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
>> Quarantined and deleted successfully.
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
>> (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
>> Quarantined and deleted successfully.
>>
>>
>> These registry entries were forcing all DNS requests to the IP addresses
>> shown, and these servers were returning either invalid IP addresses or
>> simply no response at all for the Windows Update hostnames (and probably
>> a
>> lot more too!).
>>
>> Dan
>>
>>
>> "kraut" <kraut3852@yahoo.comg> wrote in message
>> news:kq3hs5pm3qj71bd7te3jvkgiavef7s616i@4ax.com...
>> >
>> > Dan I DLed and ran Anti-Malware and it did find infected things which
>> > I deleted and restarted system. Tryed to connect to the Windows
>> > Update site and it worked fine thanks to you. I really appreciate
>> > your help.
>> >
>> > Below is a log of what the prog found for your info:
>> >
>> > *********************
>> >
>> > Malwarebytes' Anti-Malware 1.45
>> > www.malwarebytes.org
>> >
>> > Database version: 3996
>> >
>> > Windows 5.1.2600 Service Pack 3
>> > Internet Explorer 8.0.6001.18702
>> >
>> > 4/16/2010 11:28:44 AM
>> > mbam-log-2010-04-16 (11-28-44).txt
>> >
>> > Scan type: Quick scan
>> > Objects scanned: 102201
>> > Time elapsed: 3 minute(s), 40 second(s)
>> >
>> > Memory Processes Infected: 0
>> > Memory Modules Infected: 0
>> > Registry Keys Infected: 0
>> > Registry Values Infected: 0
>> > Registry Data Items Infected: 5
>> > Folders Infected: 0
>> > Files Infected: 5
>> >
>> > Registry Data Items Infected:
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
>> > Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
>> > Good: (0) -> Quarantined and deleted successfully.
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
>> > Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
>> > Good: (0) -> Quarantined and deleted successfully.
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
>> > Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
>> > Good: (0) -> Quarantined and deleted successfully.
>> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
>> > (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
>> > Quarantined and deleted successfully.
>> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{faf09c74-f4f8-4a5b-b382-f888ed62882b}\NameServer
>> > (Trojan.DNSChanger) -> Data: 93.188.165.127,93.188.161.143 ->
>> > Quarantined and deleted successfully.
>> >
>> > Files Infected:
>> > C:/WINDOWS\Ssedia.exe (Trojan.Fraudpack) -> Quarantined and deleted
>> > successfully.
>> > C:/WINDOWS\system32\spool\prtprocs\w32x86\00000b9e.tmp
>> > (Trojan.FakeAlert) -> Quarantined and deleted successfully.
>> > C:/WINDOWS\system32\spool\prtprocs\w32x86\000048e2.tmp
>> > (Trojan.FakeAlert) -> Quarantined and deleted successfully.
>> > C:/WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
>> > (Trojan.Downloader) -> Quarantined and deleted successfully.
>> > C:/WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
>> > (Trojan.Downloader) -> Quarantined and deleted successfully.
>> >
>> > *******************
>> >
>> >
>> > On Fri, 16 Apr 2010 09:39:50 +0100, "Dan" <news@worldofspack.com>
>> > wrote:
>> >
>> >>I would suggest you get Malwarebytes Anti-Malware and run it, your AVG
>> >>won't
>> >>find most malware because it's not classed as a virus. I've had to fix
>> >>a
>> >>few
>> >>PCs recently that had variants of the Zlob infection on them which
>> >>prevented
>> >>IE from accessing Windows Updates as well as most of the major AV and
>> >>malware removal sites, it does this by changing the DNS settings in
>> >>Windows
>> >>to point to DNS servers that return invalid IPs for those sites. You
>> >>may
>> >>have to download Anti-Malware using another PC and copy it across to
>> >>the
>> >>infected one, and run it in safe mode as this is most likely to stop
>> >>the
>> >>components loading that will prevent Anti-Malware from running (quite a
>> >>few
>> >>of these infections will block most tools that can remove them from
>> >>running
>> >>at all, making removal tricky).
>> >>
>> >>You can get Anti-Malware from http://www.malwarebytes.org/ - just
>> >>download
>> >>the free version.
>> >>
>> >>
>> >>Also check your hosts files (c:/windows\system32\drivers\hosts) to see
>> >>if
>> >>you have any entries in there with MS site hostnames, if so delete
>> >>those
>> >>lines as they are local DNS mappings that will override the real DNS
>> >>results
>> >>and are occassionally inserted by malware as another way to try and
>> >>block
>> >>access to Windows Update.
>> >>
>> >>Dan
>> >>
>> >>
>> >>"kraut" <kraut3852@yahoo.comg> wrote in message
>> >>news:2mces558arvre7qhhbac088o97d5pbr32t@4ax.com...
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> The last couple days when I try to connect to the Windows XP Update
>> >>> site at http://windowsupdate.microsoft.com/ I get an "Internet
>> >>> Explorer cannot display the webpage" error message. It worked fine
>> >>> before. I have no problem connecting to other sites whether
>> >>> Microsoft
>> >>> sites or non MS sites. I hit the "diagnose connection" box that came
>> >>> up along with the error message and it said there was no problem with
>> >>> my internet (DSL) connection.
>> >>>
>> >>> I was running MSIE version 8 for a couple weeks BEFORE I started
>> >>> having this problem and had no problems with installing updates.
>> >>>
>> >>> I am running:
>> >>>
>> >>> Microsoft Windows XP Home Edition
>> >>> Version 5.1.2600 Service Pack 3 Build 2600
>> >>> System Type X86-based PC
>> >>> Internet Explorer
>> >>> Version 8.0.6001.18702
>> >>> Build 86001
>> >>>
>> >>> My wife's system which has Vista with MSIE 7 I believe with a dialup
>> >>> connection at a different site and different phone line has no
>> >>> problem
>> >>> connecting to the Vista update site and installing updates for what
>> >>> it
>> >>> is worth.
>> >>>
>> >>> Any suggestions or help on what may be causing this and how to remedy
>> >>> would be greatly appreciated. Keep in mine that I am a non expert or
>> >>> whatever when it comes to what makes this system or the programs run.
>> >>>
>> >>> Thanks much.
>> >>>
>> >>>
 
You must log in or register to reply here.
Top