Question

  • Creator
    Topic
  • #2207857

    Can’t access HTTP, Can access HTTPS–What’s wrong here?

    Locked

    by planetearth ·

    Hello, all! I sure hope someone can help with this.

    One of my client’s PCs started having a problem last week. Long story short, the user can’t acces HTTP sites using IE 7 or Chrome after the PC has been on for 5 minutes, but she CAN access HTTPS sites as well as use FTP, e-mail and other Internet-related apps. If she reboots, she can access HTTP sites again, but only for a few minutes. Then she gets the “Page cannot be displayed” error.

    I connect to the PC via TeamViewer, LogMeIn and/or GoToMeeting, which work fine. The client has no XP installation CD or backup, so I’m limited as to what I can try. I also can’t run the Windows System File Checker because she has no disc.

    There is no proxy server showing in IE 7 on her Windows XP SP3 PC. I suspect it’s a proxy server issue, but even if I force IE to use a proxy server, she can’t access HTTP sites. Nothing is selected/ticked/checked in IE for proxy server use or “automatically detect settings”, and enabling any of that stuff doesn’t help. I’m assuming there could be a file or Registry corruption, though I can’t confirm it since I can’t run SFC.

    This was probably caused by virus/Trojan infections (Trojan.Tracur, specifically), but I’ve removed all traces of the virus with AVG Internet Security and Malwarebytes.

    I’ve done everything I could try, including:
    -Reset IE 7/Disable add-ons
    -Windows XP Network Diagnostics returned Error 12029
    -Reset TCP/IP stack
    -Reset Winsock
    -Remove/re-install Intel NIC in Device Manager; Update NIC driver
    -Reset Windows Firewall

    I’ve reset everything I can except for the core Windows system files because she doesn’t have her XP disc or a backup. There are no System Restore points before the virus infection date (even though System Restore is enabled), so I can’t revert to that.

    She’s going to try “Safe Mode with Networking” to see if she can access HTTP sites for longer than 5 minutes; I’ll let you know how that goes.

    Does anyone have any idea what else I can do here?

    Thanks in advance!

    Steve

    UPDATE: The PC works just fine in Safe Mode. The user has no problems accessing HTTP sites for as long as she wants to in Safe Mode. I found no entries in the Registry as to what might be running on startup. CHKDSK found some 1408 index-related disk errors and fixed them, but nothing serious. Fixing those errors didn’t help.

All Answers

  • Author
    Replies
    • #2438637

      Clarifications

      by planetearth ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      Clarifications

    • #2438636

      Silly me here I thought being a Tech

      by oh smeg ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      Involved having your own Install media.

      XP has 3 distinct Install Disc’s the OEM Home, Pro and the Volume License Disc’s. Of course there is a 64 Bit Disc as well but it’s not common to require one of those. In fact I have yet to use one.

      I would just grab one of my Disc’s and run SFC with that as many off the shelf computers come with a Recovery partition and no Recovery Media. They just return the system to As New Condition and destroy all installed programs and data that has been added since the system was first started.

      Col

      • #2438634

        Reponse To Answer

        by planetearth ·

        In reply to Silly me here I thought being a Tech

        Col,
        I’m not sure if you were taking a shot or you just misunderstood, but if you’d read my post, I’d said I was connecting to the user via TeamViewer and other remote-access apps. I am 1300 miles from the user, and while I have my own XP discs, that doesn’t help her much. She’s in an isolated area and at the mercy of unscrupulous PC repair people who rebuilt her PC last year and didn’t give her back her XP disc.

      • #2438631

        Reponse To Answer

        by oh smeg ·

        In reply to Silly me here I thought being a Tech

        No I didn’t see that you where so remote from the computer.

        But with the update of it working in Safe Mode with Networking you are going to have to look at what is installed as there is something killing the process. Or as suggested below a ISO that your customer can download and work with that.

        Col

    • #2438633

      Old Fashioned solution

      by mperata ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      Since she is 1,300 miles away and isolated:

      1. You mentioned she has FTP: do you have an ISO image of the XP install disc she could DL and create an XP install disc from.
      2.If that is not possible, why not create a backup copy of your XP disc and FedEx, USPS, UPS it to her. For $25 or so she could have it overnight.

      • #2438630

        Reponse To Answer

        by planetearth ·

        In reply to Old Fashioned solution

        She can get a copy of XP by the end of the week (she’s in the Adirondack mountains, and they’re virtually snowed in in a remote location).

        I’m just not sure there are any missing system files since SFC couldn’t run the first time, and I was wondering if anyone had any other ideas.

        Most of the informtion I’ve found on “Error: 12029” relates to proxy servers and/or removing the check from “automatically detect settings”; I don’t remember seeing SFC as a possible solution for this specific issue. I’m willing to try it, but it will be the end of the week before she gets a disc, so if there’s anything else to try in the meantime, I’d certainly like to hear it!

        Thanks again….

        Steve

    • #2438627

      Look at the installed Software

      by oh smeg ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      There is something running in Normal Mode that is killing the Process.

      As it was infected you could start with the AV program which may have been corrupted and also check the Firewall as another possibility. Though if it’s one of those and it’s the result of the infection you may be stuck with a reinstall which isn’t going to be easy with it being so remote.

      Also check any games on the system it’s possible that one of those has some Idiot Network Playing Setting that has caused this or maybe some Commercial Accounting Program.

      Col

      • #2438596

        Reponse To Answer

        by planetearth ·

        In reply to Look at the installed Software

        Thanks, Col.
        She was using Microsoft Security Essentials when she was infected. (MSE just watched the infection to make sure it all went smoothly, I guess.) She used Malwarebytes to remove the infections before calling me. I put AVG Internet Security on to remove what little was left.

        I’ve reset the Windows Firewall (the only one in use), and there are no other games or unnecessary apps on the machine.

        I’m afraid it’ll turn out to be a re-install, too.

      • #2439866

        Reponse To Answer

        by jamblaster ·

        In reply to Look at the installed Software

        Way back when I first learned to troubleshoot Windows we learned the ‘Half off’ technique where you turn off 1/2 the startup process and programs (including any non-vital OS stuff) and troubleshoot the exact problem down that way using–> Msconfig.exe

        You can launch this from Run or CMD and it has and does still work for me.

    • #2438623

      Follow Manual Removal Procedure for Trojan

      by tdinsd41 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      The Trojan infection is not entirely gone. Symantec has some good technical removal procedures for specific malware. Following this will ensure it’s gone and fix the network redirects that is causing the connectivity problem on http. It’s also useful to use a tool like Autoruns from Sysinternals/Microsoft to verify the malware’s startup points. See the DLL tab.

      Symantec’s writeup on the Trojan.Tracur;
      http://www.symantec.com/security_response/writeup.jsp?docid=2011-071504-5259-99&tabid=2

      Terry

      • #2438595

        Reponse To Answer

        by planetearth ·

        In reply to Follow Manual Removal Procedure for Trojan

        Thanks, Terry, I’ll review this again to see if I missed something. It’s just odd that the redirects don’t happen for the first five minutes after a reboot, though.

    • #2438622
      Avatar photo

      You might try reinstalling Internet Explorer…

      by Wizard57M-TR ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      it may be a corrupted Internet Explorer file…might as well upgrade to IE 8 if
      her system has the resources for it…at least 512 meg RAM, plenty of HD space…
      you can also run the Microsoft Malware Removal tool from the “Run” command,
      Start, Run then type MRT and press Enter. Let it run and clean anything found.

      • #2438612

        Reponse To Answer

        by hartiq ·

        In reply to You might try reinstalling Internet Explorer…

        That is the first thing I thought of. The next thing I thought of was downloading Chrome, Opera and Firefox browsers and seeing if they work.
        The third thing I thought of was finding a WinXPSP3 box with IE7 that does work, telephoning the client from that location and comparing her settings with those of a known working box.
        DOS prompt and ipconfig might tell you something. If it comes up with strange numbers you might still have a virusy thing going.
        I’m actually surprised the OP hasn’t tried using a different browser (not even a new copy of IE7 or even an old copy of IE*6*.) If nothing else, that would eliminate the *browser* as the source of the issue.
        It might be worthwhile running through services.msc and msconfig to see if something in there looks odd. Taskmanager might also help.
        I’d assume a professional has already done most or all of the above, but I’m mentioning them just in case the OP has forgotten something dead simple and is searching for zebras not horses.
        Add/Remove Programs is also a fun place to go. If the client has the patience to play with this she can slowly remove stuff – starting with anything new or odd-looking – while testing IE to see if anything fixes the issue. Personally, as I said above, I’d start with the browser. Removing IE7 and doing a clean-ish install might work.
        Sorry if I sound patronising. That was not my intention. Sometimes we pro’s get so hung up looking for zebras and unicorns that we forget the herds of horses that cause most problems.
        Hope some of this helps,
        H.

      • #2438593

        Reponse To Answer

        by planetearth ·

        In reply to You might try reinstalling Internet Explorer…

        Thanks. I’d considered that, but since this affects IE 7 and Google Chrome, it didn’t seem to be browser-specific, so I didn’t think moving to IE 8 would help. I’ll look again at upgrading while Microsoft’s Malware Removal tool is running, though.

        We had to re-install Google Chrome last night because some core files were deleted or corrupted (according to Chrome). When we re-installed, it still couldn’t access HTTP sites after 5 minutes. Don’t know what screwed up Chrome, but CHKDSK scans have been clean.

        Hartiq, there are no unnecessary apps, only 3 entries running on startup and no questionable services running. No offense taken by your suggestions, and I appreciate the horse/zebra analogy.

        I’ve been removing malware and viruses for years, and while I’m pretty sure I know how to hunt them down and remove them, I certainly appreciate everyone’s input here! I think this one just screwed up Windows.

      • #2439865

        Reponse To Answer

        by jamblaster ·

        In reply to You might try reinstalling Internet Explorer…

        Has the user tried using Firefox? Just my opinion, but I wouldn’t put Internet Explorer on my worst enemies computer (LOL). IE most probably isn’t the problem, but changing browsers might be the solution.

    • #2438615

      Trend Micro

      by harishdixit ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      If the problem is not already installed check her machine for Trend Micro antivirus. I faced this problem once on a machine. Stop the Trend micro firewall and things should be fine.

      Cheers !
      Harish.

      • #2438592

        Reponse To Answer

        by planetearth ·

        In reply to Trend Micro

        I’ve seen Trend Micro do that, too! Had to re-install it for a client after it did more damage to her machine than the malware infection. However, it isn’t and has never been on this machine. Microsoft Security Essentials was “on duty”/asleep when this happened.

    • #2438584

      Can’t access HTTP

      by tpeary ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      Have you checked the hosts file to see if that has some entries in it redirecting the browser?

      • #2439985

        Reponse To Answer

        by planetearth ·

        In reply to Can’t access HTTP

        I checked the HOSTS file, and found nothing. I even had Spybot check the system and review the HOSTS file. No problems there. I should have mentioned that in the beginning, too.

    • #2440014

      Good golly

      by slam5 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I honestly don’t think a run that anti-virus software or rootkit killer will help her. It is far more realistic for you to wipe the drive and start from scratch. It will take 2-3 hours to re-install the system from ground up. How many hours had been used already? Even if you can get her to browse http again, how do you know every trace is gone?

      • #2439984

        Reponse To Answer

        by planetearth ·

        In reply to Good golly

        She has no backup of her data and no XP installation CD, thanks to an unscrupulous PC build/repair shop. She’s getting an XP disc, but even with that, remotely walking a user through wiping and re-installing Windows is not an easy task, and likely to take many more hours. That’s why I was hoping my fellow Tech Republic members would help me think of something that might work in this rather unusual situation. I’ve gotten some good ideas so far, and I’ll be trying them today.

    • #2439973

      Try Combofix?

      by too-tired techie ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I’ve seen this utility from Bleeping Computer clean up a system that nothing else would clean. Be sure to only download it from http://www.bleepingcomputer.com and run it under safe mode. And you have to disable any running AV software…

      The five minute thing sure sounds like a trojan/virus phoning home etc.

      http://www.bleepingcomputer.com/download/anti-virus/combofix

      • #2439888

        Reponse To Answer

        by planetearth ·

        In reply to Try Combofix?

        That was the first thing I used, actually. ComboFix said it fixed everything it found, and it found a few infections.

    • #2439963

      Several things to try

      by tomrobinson ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      1. Does HTTP start working again after logging off and on again, without rebooting?
      2. Does HTTP work when logged on as Guest?
      3. Try “telnet google.com 80” and see if the connection fails.
      4. If connection works, enter “GET /” in uppercase. You should get some kind of response.
      5. Install Fiddler, then try the browsers again. Fiddler acts as a proxy, and if it cannot connect to the server, the browser shouold display a useful error message. Fiddler is a great tool for HTTP debugging.

      • #2439892

        Reponse To Answer

        by planetearth ·

        In reply to Several things to try

        HTTP won’t start working again without a reboot.
        I haven’t tried as Guest, but I will.
        Telnet didn’t work once HTTP stopped working.
        Fiddler give me a LOT of information, but just installing it didn’t help. It’s showing me what’s happening when IE or Chrome can’t access a Website, but not specifically why. I used it to “Clear WinINET” cache and cookies.
        Fiddler also shows me Chrome is trying to connect to some randomly named hosts when it starts. I renamed/recreated the HOSTS file, rebooted, and Chrome still wants to connect to randomly named hosts that Fiddler can’t resolve using DNS searches.
        Unfortunately, since I’ve never used Fiddler before, I don’t know if this is legitimate. It appears not, but I’m not sure.

    • #2439958

      winsock fix xp

      by tpeary ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      Have you tried winsock fix xp? you can download it here http://majorgeeks.com/WinSock_XP_Fix_d4372.html.

      It can fix winsock problems that occur after removeing malware

      • #2439891

        Reponse To Answer

        by planetearth ·

        In reply to winsock fix xp

        Tried that three times. No help unfortunately, but thanks!

    • #2439952

      Try creating a new user profile

      by cpguru21 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I have often seen user profiles that are left corrupted after a virus attack. In a situation without backups/install media, I have used this to success after removing infections.

      HTH

      • #2439870

        Reponse To Answer

        by ggarcia2007 ·

        In reply to Try creating a new user profile

        I second this. It’s worked for me many times in the past.

        I had a similar situation a few years back and this is how i got around it.

        I still recommended reloading the PC but the customer didn’t want to. To this day, he is still running on that same load.

        I hope this helps you.

    • #2439920

      How do you bill for this

      by tomi01 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I’ve gone through this several times with clients and in the end I just cap the amount to charge and put the hours in just for the challenge to figure it out and fix it.
      But check for Rapport software having been installed and removed. It has been the culprit on several occassions. Also I agree with all the excellent suggestions above, it about covers the base of everything I could think of and so much more. A great thread!

      • #2439887

        Reponse To Answer

        by planetearth ·

        In reply to How do you bill for this

        I usually cap the bill, too. Unfortunately, I’ve never had to spend this much time on something like this!
        Thanks for the suggestion on “Rapport”. I’ll look into it.

    • #2439914

      Try looking at the status bar

      by databaseben ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      If you can use a browser like firefox and enable the status bar at the bottom, it will show give you a read out of what is being transferred to and from the browser.

      so for example, you enter a url like http://www.msn.com but see in the status bar other websites that are not http://www.msn.com, then it implies your browser has been hijacked.

      although a freeware called hijackthis is helpful, it is not always proficient in eliminating the rogue hijack. meaning that there are cookies and temp files linked to the hijack that are also interfering with the browser.

      • #2439890

        Reponse To Answer

        by planetearth ·

        In reply to Try looking at the status bar

        When HTTP fails, you can see Chrome trying to access the proxy server. It doesn’t mention which one, and a search through the Registry didn’t find any. But each time Chrome starts, Fiddler shows it trying to connect to randomly named hosts. These may be connected, but I can’t seem to force Windows to use a “clean” proxy server.

      • #2439889

        Reponse To Answer

        by planetearth ·

        In reply to Try looking at the status bar

        Also, HijackThis didn’t find anything out of the ordinary. ComboFix said it fixed everything it found (and it found a few infections).

      • #2439843

        Reponse To Answer

        by databaseben ·

        In reply to Try looking at the status bar

        @planetearth – since you mentioned “hosts”, then you might want to either run spybot “or” rename the “hosts” file (temporarily that is) and see if it helps. also, since you mentioned time in your initial post, try looking at the modem properties and ensure that it is not powering down automatically by the system.

    • #2439897

      sounds like a blocked port to me

      by dano2004 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      sounds more like a service is starting that blocks port 80 if you can use all the other services. I’ve seen this happen with the proxy setting on IE but you said you checked that. I would double check any firewall software she has installed.

      • #2439885

        Reponse To Answer

        by planetearth ·

        In reply to sounds like a blocked port to me

        The only firewall is Windows Firewall. I’ve even reset it (per Microsoft’s instructions). There’s nothing in there that shouldn’t be there.

    • #2439875

      backup and avg rescue media

      by curacao_dejavu ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      re: no backup.
      you can upload the data to ms skydrive, dropbox and other online backup solutions.

      you can try to the boot versions of some programs to scan the system “offline” so to speak: Use avg boot cd/usb (free), malware bytes (paid) , windowss defender (also free) to have the os checked before it really boots into windows.

      other then that, do the backup, and have the media shipped (or better a more update date windows version if the hardware supports it) and (re)install.

      success,

    • #2439862

      No answer, but …

      by jstuart81 ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I find it interesting. Just this past week I was looking at an old PCWorld article telling you to use HTTPS always. I didn’t remember the details, so I looked online to see if there was a setting in IE & Chrome. I don’t think it answers your question, though maybe you should look at it in case I missed something in my brief perusal. While searching for it, I found a lot of places encouraging you to use HTTPS always, and I’ve included 2 sample links to those articles.

      http://www.pcworld.com/article/226791/how_to_use_an_httpsencrypted_connection_when_browsing.html

      How To Force HTTPS Connections


      https://www.eff.org/https-everywhere

    • #2439848

      .EXE execution vector

      by oldbaritone ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      I just cleaned a virus off a client’s mother-in-law’s computer. Once the virus was removed, no EXE files would run. The virus had inserted itself as the handler for .EXE in the registry, and once it was deleted the system would not run .EXE files any more.

      I know that’s not your symptom, but maybe it would be worth an in-depth check of the registry to see if any of the TCP, UDP or IP handlers are being re-directed. Like your problem, my client’s system ran fine in safe mode.

      The fix was easy; just merge a .REG file to patch the registry back the way it should be. It was a readily-available download, free.

    • #2428383

      its really easy to solve this issue within 5 minutes

      by panhwerwaseem ·

      In reply to Can’t access HTTP, Can access HTTPS–What’s wrong here?

      First you will check you internet option -> Connection tab -> Lan Setting make sure proxy check box is unchecked if it is unchecked means you have some big problem and i have write full solution of this problem on this article check this out
      http://thinkbeyondwindow.com/2013/02/cant-access-http-websites-access-https-websites-solve-it/

Viewing 19 reply threads