Questions

Can't access HTTP, Can access HTTPS--What's wrong here?

+
0 Votes
Locked

Can't access HTTP, Can access HTTPS--What's wrong here?

planetearth
Hello, all! I sure hope someone can help with this.

One of my client's PCs started having a problem last week. Long story short, the user can't acces HTTP sites using IE 7 or Chrome after the PC has been on for 5 minutes, but she CAN access HTTPS sites as well as use FTP, e-mail and other Internet-related apps. If she reboots, she can access HTTP sites again, but only for a few minutes. Then she gets the "Page cannot be displayed" error.

I connect to the PC via TeamViewer, LogMeIn and/or GoToMeeting, which work fine. The client has no XP installation CD or backup, so I'm limited as to what I can try. I also can't run the Windows System File Checker because she has no disc.

There is no proxy server showing in IE 7 on her Windows XP SP3 PC. I suspect it's a proxy server issue, but even if I force IE to use a proxy server, she can't access HTTP sites. Nothing is selected/ticked/checked in IE for proxy server use or "automatically detect settings", and enabling any of that stuff doesn't help. I'm assuming there could be a file or Registry corruption, though I can't confirm it since I can't run SFC.

This was probably caused by virus/Trojan infections (Trojan.Tracur, specifically), but I've removed all traces of the virus with AVG Internet Security and Malwarebytes.

I've done everything I could try, including:
-Reset IE 7/Disable add-ons
-Windows XP Network Diagnostics returned Error 12029
-Reset TCP/IP stack
-Reset Winsock
-Remove/re-install Intel NIC in Device Manager; Update NIC driver
-Reset Windows Firewall

I've reset everything I can except for the core Windows system files because she doesn't have her XP disc or a backup. There are no System Restore points before the virus infection date (even though System Restore is enabled), so I can't revert to that.

She's going to try "Safe Mode with Networking" to see if she can access HTTP sites for longer than 5 minutes; I'll let you know how that goes.

Does anyone have any idea what else I can do here?

Thanks in advance!

Steve

UPDATE: The PC works just fine in Safe Mode. The user has no problems accessing HTTP sites for as long as she wants to in Safe Mode. I found no entries in the Registry as to what might be running on startup. CHKDSK found some 1408 index-related disk errors and fixed them, but nothing serious. Fixing those errors didn't help.
+
0 Votes
OH Smeg
Collapse -

Involved having your own Install media.

XP has 3 distinct Install Disc's the OEM Home, Pro and the Volume License Disc's. Of course there is a 64 Bit Disc as well but it's not common to require one of those. In fact I have yet to use one.

I would just grab one of my Disc's and run SFC with that as many off the shelf computers come with a Recovery partition and no Recovery Media. They just return the system to As New Condition and destroy all installed programs and data that has been added since the system was first started.

Col

+
0 Votes
planetearth
Collapse -

Col,
I'm not sure if you were taking a shot or you just misunderstood, but if you'd read my post, I'd said I was connecting to the user via TeamViewer and other remote-access apps. I am 1300 miles from the user, and while I have my own XP discs, that doesn't help her much. She's in an isolated area and at the mercy of unscrupulous PC repair people who rebuilt her PC last year and didn't give her back her XP disc.

+
0 Votes
OH Smeg
Collapse -

No I didn't see that you where so remote from the computer.

But with the update of it working in Safe Mode with Networking you are going to have to look at what is installed as there is something killing the process. Or as suggested below a ISO that your customer can download and work with that.

Col

+
0 Votes
mperata
Collapse -

Since she is 1,300 miles away and isolated:

1. You mentioned she has FTP: do you have an ISO image of the XP install disc she could DL and create an XP install disc from.
2.If that is not possible, why not create a backup copy of your XP disc and FedEx, USPS, UPS it to her. For $25 or so she could have it overnight.

+
0 Votes
planetearth
Collapse -

She can get a copy of XP by the end of the week (she's in the Adirondack mountains, and they're virtually snowed in in a remote location).

I'm just not sure there are any missing system files since SFC couldn't run the first time, and I was wondering if anyone had any other ideas.

Most of the informtion I've found on "Error: 12029" relates to proxy servers and/or removing the check from "automatically detect settings"; I don't remember seeing SFC as a possible solution for this specific issue. I'm willing to try it, but it will be the end of the week before she gets a disc, so if there's anything else to try in the meantime, I'd certainly like to hear it!

Thanks again....

Steve

+
0 Votes
OH Smeg
Collapse -

There is something running in Normal Mode that is killing the Process.

As it was infected you could start with the AV program which may have been corrupted and also check the Firewall as another possibility. Though if it's one of those and it's the result of the infection you may be stuck with a reinstall which isn't going to be easy with it being so remote.

Also check any games on the system it's possible that one of those has some Idiot Network Playing Setting that has caused this or maybe some Commercial Accounting Program.

Col

+
0 Votes
planetearth
Collapse -

Thanks, Col.
She was using Microsoft Security Essentials when she was infected. (MSE just watched the infection to make sure it all went smoothly, I guess.) She used Malwarebytes to remove the infections before calling me. I put AVG Internet Security on to remove what little was left.

I've reset the Windows Firewall (the only one in use), and there are no other games or unnecessary apps on the machine.

I'm afraid it'll turn out to be a re-install, too.

+
0 Votes
jamblaster
Collapse -

Way back when I first learned to troubleshoot Windows we learned the 'Half off' technique where you turn off 1/2 the startup process and programs (including any non-vital OS stuff) and troubleshoot the exact problem down that way using--> Msconfig.exe

You can launch this from Run or CMD and it has and does still work for me.

+
0 Votes
TDinSD41
Collapse -

The Trojan infection is not entirely gone. Symantec has some good technical removal procedures for specific malware. Following this will ensure it's gone and fix the network redirects that is causing the connectivity problem on http. It's also useful to use a tool like Autoruns from Sysinternals/Microsoft to verify the malware's startup points. See the DLL tab.

Symantec's writeup on the Trojan.Tracur;
http://www.symantec.com/security_response/writeup.jsp?docid=2011-071504-5259-99&tabid=2

Terry

+
0 Votes
planetearth
Collapse -

Thanks, Terry, I'll review this again to see if I missed something. It's just odd that the redirects don't happen for the first five minutes after a reboot, though.