id="info"

Question

Locked

Suddenly cannot open ANY Microsoft related website

By ACGPHX ·
A client recently had a power outage (not sure if its related) and after a reboot everything was tested and working as it should until someone tried to open www.msn.com. Assuming it was isolated I went to town on that system without any success. Only after I spent 30 minutes trying to fix that workstation did I start getting calls from others in the domain that they too couldnt open microsoft websites.

Google, Yahoo, and other sites open just fine. But when I attempt to go to the MSN, microsoft.com, or windows update the browser hangs until I'm given a DNS error.This happens on all systems including the file servers.

Initailly I thought it could be the Qwest modem or the Netopia router. I've rebooted both without resolving the issue.I've restarted and flushed the server's DNS without any change. I also restarted the server.

I'm kind of stumped on this one. Any help would be appreciated.

This conversation is currently closed to new comments.

20 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

They're all infected.......

by ThumbsUp2 In reply to Suddenly cannot open ANY ...

Best download, install and run MalwareBytes and Spybot Search and Destroy while in safe mode on each of these systems. They're all infected.

You may need to do the downloading from another computer off the domain somewhere, then transport to the infected computers. You may even need to rename the downloaded files before attempting to install because some of these critters are smart enough to block installation of certain file names.

Most of all, disconnect the network cable from each of the computers and get them ALL disinfected before reconnecting any of the cables. The critter you have is network aware and will reinfect any cleaned computer before you get rid of it from a dirty computer.

Collapse -

Will try

by ACGPHX In reply to They're all infected..... ...

I'll plug my laptop into the network on monday and see if I can get to MS sites. If not I'll isolate one of the systems monday and try out this solution.

I'm leaning more toward the DNS in the Qwest modem being damaged from the power outage. If my laptop doesn't get to MS (already running malwarebytes in it)then I know its the modem. If it does I have 26 systems to visit. I'll keep you posted on how it works out. Thanks!

Collapse -

That'll be laptop suicide for sure !!...

by OldER Mycroft In reply to Will try

Because less than a second after you plug your laptop into the network, your laptop will become infected (dormantly).

By the time you notice that your laptop cannot connect to any M$ sites, you'll then have to think of which OTHER computer you can use to download the disinfection needed, AND then add your laptop to the list of machines needing full Safe Mode scans.

You MUST be downloading the MBAM from an uninfected machine.

Then you can transfer the renamed MBAM to a similarly uninfected USB thumb drive, then from there to each unconnected (still infected) machine.

If your laptop does get to a M$ site, and you assume the 26 network machines must have a DNS problem after all, how confident will you be that you have cured the entire problem for the next minutes or hours or days? After all, not all the network stopped connecting to M$ sites all at the same time.

I advise you download the installer WITHOUT risking infecting the laptop by blindly connecting it to a potentially infected network, just to prove a point. Otherwise you'll have 27 machines to uninfect, not 26.

Collapse -

Appreciate the Caution

by ACGPHX In reply to That'll be laptop suicide ...

Thanks for the concern. I'd hardly be worth my pay if I were so reckless.

My laptop isn't part of that domain. It is uninfected and it has had MalwareBytes installed in it for quite some time (and is up to date).

Actually ALL the systems did start showing the problem right after the power outage. If it were not that way I wouldn't strongly suspect DNS (be it in the server or the ISPs modem).

Collapse -

Think about it though....

by ThumbsUp2 In reply to Appreciate the Caution

... if the power outage had anything at all to do with it, the problem web sites would be random. Electrical charges don't just target MS web sites.

Where you've already found that it's primarily MS web sites such as Windows Update, etc..., that are affected and you can get to other web sites, THAT is not random. It's on purpose. And, since this is one of the symptoms of several if the nasty critters which abound, you best just assume they're all infected and take precautions to get them off the network while you work on them.

Collapse -

Don't really suspect the power outage..

by ACGPHX In reply to Think about it though....

But it could very well be corrupt DNS in the Qwest modem. It wouldn't be the first time.

Although I can't be on premisis over the weekend I can run RDP to all of the workstations. I ran Malwarebytes on 3 workstations and on the fileserver. I know its pointless if theres a wandering malware on my network, but I figured it would give me some indication until it was reinfected.

The workstations, all of which had malwarebytes lodaed previously, had no malware on them at all. The fileserver on the other hand had serauth1.dll and serauth2.dll installed (which Malwarebytes quaranteeded and deleted). I'm rebooting the server now. I'm curious to see if these files return.

In any event I should now how to plan my Monday morning.

Collapse -

You are running dns services from the router

by Dumphrey In reply to Will try

or is it just forwarding dns from your isp? Flushing the dns resolver cache will rid you of any corrupt dns data. You need to do this on all workstations and your primary dns server. But I agree with Tu2 that there is a high probability of a virus of some sort.

Collapse -

I'll certainly keep a closer eye

by ACGPHX In reply to You are running dns servi ...

..on the network than I already do for a while. The Qwest modem is setup as a bridge.Its only respnsability is to sync up with Qwest's network. The internal DNS for the network runs off of my server. Naturally there is hardware between the Qwest modem and the fileserver.

The first thing I did was to flush the server DNS. I didn't have acccess to the client site to reset the Qwest modem until this morning. I was very happy ot hear that a node 200 miles away using a Cable provider was not having any issues at all.

Its a never ending battle. But at least for now the client is up and running with only 30 minutes of downtime. As stated previously I'll keep an even closer eye on things for the next week or two.

Collapse -

SOLVED!!!

by ACGPHX In reply to They're all infected..... ...

Thank you both for your help. I'm sure the information you offered will come in handy at some point and will help many others searching the web.

As I suspected the trouble was the Qwest modems DNS. I went to the site called the remote nodes to the WAN and found they still had access to MSN, Windows Update, and other MS sites. Depending on the site the ISP they use for the 24/7 VPN connection varies.

Once I knew they could still surf freely I was even more convinced that this was a DNS issue. I hit reset on the Qwest modem. I connected the modem to my laptop and put in the settings. Less than 15 minutes later everyone was up and accessing the web completely.

Relieved it wasn't a 20+ hour project (the server alone took 11 hours to scan completely with malwarebytes). Especially at the beginning of a clients work week.

Collapse -

Check the MTU settings

by Jacky Howe In reply to Suddenly cannot open ANY ...

as there have been a lot of references to it as beming a possible cause.

How to change the PPPoE MTU size in Windows XP

http://support.microsoft.com/kb/283165

Back to Networks Forum
20 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums