Connected to the internet but web browsers open bl

[hawky]

As the title says, I have been having a problem regarding my web browsers for the past 4 days.

 

My computer is connecting to the internet fine, I am able to use all of my applications such as MSN, Steam and the ITunes store perfectley, however whenever I open a web browser (Firefox or IE) the page simply loads blank.

 

The day this happened I tried:

 

Rebooting my modem/router

Disabling all antivirus programmes and firewalls

Ran scans for spyware and viruses

 

None of these things helped my situation in any way, so I decided to use system restore to revert my registry files back to the last good back up (one week ago). This was successful, after the system restore had finished and I logged back into Windows, I was able to browse the web perfectley.

 

However, when I started my computer up the following day, the same issue occoured again and I was forced to do another system restore.

 

So what I would like to know is why is this happening? What is happening (I assume a registry file is being changed)? And what can I do to fix this?

 

Thanks in advance,

 

Hawky

[BeeCeeBee]

It would appear that your computer is infected. Using system restore will not remove infection only allow you to go back to a point prior to any changes that may have been created and allow you to reboot.

 

Please take note of the following disinfection proceedure.

 

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

 

 

We would be grateful if you could please note the following:

• Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
  
• Perform all the steps in the order listed to avoid any conflicts.
  
• If unsure, please stop and voice your doubts.
  
• You might be required to go offline during the disinfection process. Therefore, it is recommended to print them down for ease of reference.
  

If you stick to the above guidelines, all should go smoothly.

 

• STEP 1
  
  • Download ATF-Cleaner by Atribune.
    
  • Save the file to your Desktop.
    
  • Double-click on the file to run the program.
    
  • On the Main tab, check the Select All button.
    
  • Next, click on the Firefox tab (if active) and check the Select All button.
     
    Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
    
  • Now, click on the Opera tab (if active) and check the Select All button.
     
    Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
    
  • Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
    
  • Click on the Exit button to quit the program.
    

  [*]STEP 2

  • Please click here to download Malwarebytes' Anti-Malware.
    
  • Save the file to your Desktop.
    
  • Double-click mbam-setup.exe and follow the prompts to install the program.
    
  • At the end, make sure a check mark is placed next to:
    
    • Update Malwarebytes' Anti-Malware
      
    • Launch Malwarebytes' Anti-Malware
      

    [*]Click Finish.

    [*]The program will download and update itself if it finds the necessity to do so. Please allow this.

    [*]Once the program has loaded, select Perform full scan, then click Scan.

     

    Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

    [*]When the scan is complete, click OK, and then Show Results to view the results.

    [*]Make sure that every entry is selected, and click Remove Selected.

    [*]Restart your computer.

  [*]STEP 3

  • Please click here to download SUPERAntiSpyware (Free Version).
    
  • Save the file to your Desktop.
    
  • Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
    
  • Open SUPERAntiSpyware.
    
  • Under Configuration and Preferences, click the Preferences button.
    
  • Click the Scanning Control tab.
    
  • Under Scanner Options make sure the following fields checked:
    
    • Close browsers before scanning
      
    • Scan for tracking cookies
      
    • Terminate memory threats before quarantining
      

    [*]Click the Close button to leave the control center screen.

    [*]On the main screen, under Scan for Harmful Software click Scan your computer.

    [*]On the left, make sure you check mark C:\Fixed Drive.

    [*]On the right, under Complete Scan, choose Perform Complete Scan.

    [*]Click Next to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

    [*]Make sure every entry has a check mark next to it and click Next.

    [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

    [*]Restart your computer.

  [*]STEP 4

  • Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
     
    Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
    
  • Check mark the YES, I accept the Terms of Use box.
    
  • Click the Start button.
    
  • Click the Install button on the following screen.
    
  • Click Start. This will will initialize and update the scanner engine.
    
  • Check mark the box beside Remove found threats.
    
  • Click the Scan button. This will start the scan. Please be patient while it is in progress.
    
  • Restart your computer.
    

  [*]STEP 5

  • Click on Start > Programs > Accessories > System Tools and select System Restore.
    
  • Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
    
  • Next, click on Start > Run, type Cleanmgr and click on OK.
    
  • Click on the More Options tab.
    
  • Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
    

  This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

   

  Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

 

Happy Safe Computing! http://extremetechsupport.com/forum/../images/additional-smilies/thumb.gif

[Tootech]

Just wondered what firewall you are using?

 

Its possible your System Restore removed a Windows Update, then it reinstalled itself and on next boot you are back to square one! An update could be causing a firewall issue.

 

Once you have confirmed your computer is clean, let us know what security software you use.

[Dalo Harkin]

I take it that you have more than one PC connected to the router??

sounds like an IP conflict to me

[hawky]

Hey, thanks for the help guys.

 

To answer your questions:

 

I am using McAfee firewall however I use AVG 8 free for virus protection.

 

And yes, there is my PC and 2 laptops connected to the router, the laptops are working fine (I am posting this off one of them).

 

Yesterday before posting this thread I downloaded a different spyware checker to the one you have named, when I booted up the problem PC today, I was greeted with the notification:

 

"An important registry entry has been changed.

 

Category: Session manager

Change: Value added

Entry: BootExecute"

 

Now I have the option to Allow or deny the change, however if I click on deny the window simply reopens.

 

So I am assuming beeceebee was correct in saying that I have Malware.

 

I'm about to go through the guide he posted now and I will post the results once I have finished.

 

Thanks, Hawky.

[hawky]

Hey, sorry for the double post but I have gone through the Malware removal processes you have suggested up to the one that requires me to use internet explorer.

 

The malware and spyware scans both found infected files which were deleted, however I am still unable to browse the internet using IE of Firefox.

 

Strangely whilst in a game on steam last night I tried the in game browser and it worked, which I thought was very strange.

 

Any ideas what I could attempt next?

 

Thanks, Hawky.

[Guest Wolfeymole]

Keep to this thread in future replies Hawky please.

[hawky]

Alright, will do.

 

I think that I have got rid of the malicious software that was changing the registry file however I dont think the registry was changed back when I removed it so the problem still exists.

 

According to a spyware programme I have the file it was trying to change was:

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\BootExecute=

 

So I opened up regedit and the registry reads:

 

Name: BootExecute

Type: REG_MULTI_SZ

Data: (Blank)

 

Are these the correct settings for this?

 

Thanks, Hawky.

[Tootech]

Lets go through the issues and information.

 

sounds like an IP conflict to me

 

Dalo - its not an IP conflict, why would it be, there's no information supplied to back up that diagnosis. DHCP takes care of IP addressing unless static addresses are used.

 

whilst in a game on steam last night I tried the in game browser and it worked

 

Shows that you do infact have an internet connection to this system - no other checks required to prove that.

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Se ssion Manager\BootExecute=

 

Is a reg key that isn't often used. CurrentControlSet, ControlSet001 and ControlSet002 are the standard reg keys.

 

I very much doubt it will affect your PC, and once you have completed the malware scans it should go away.

 

What spyware program do you use?

 

As you do have Internet access from your system, it is most probably a blocked port or firewall issue preventing IE and Firefox accessing the the net.

 

Uninstall your firewall temporarily - disabling it is not enough as it may be corrupt in some way. Then restart your PC.

 

Download the McAfee removal tool MCPR.exe using another PC and transfer using a flash drive if you have to. The tool cleans up what the McAfee uninstaller leaves behind. Run it, restart and check your Internet access with Internet Explorer.

 

How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

 

Go down to step 2 to locate MCPR.exe - that is the removal tool for McAfee products.

 

Do you have Internet access now?

[hawky]

Thank you very much :)

 

I followed the steps on the McAfee site and everything is working perfectly, am I ok to reinstall the firewall now?

[BeeCeeBee]

Personally I would not reinstall the McAfee firewall particularly if you are not using the rest of the McAfee suite of programs. In addition, if you have not rid yourself of AVG, I would do so now and if you still want a free antivirus go with either Avast or Avira.

 

It would be a good idea to read through the following:

 

http://extremetechsupport.com/forum/malware-removal-av-firewalls-etc/3597-free-pc-help-recommended-security-products.html

[Tootech]

Thats great news :)

 

BTW - has the issue with this gone away?

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Se ssion Manager\BootExecute=

[hawky]

I've taken your advice and gone for Avira.

 

And yes the registry problem is gone. Thank you for all your help guys, I really appreciate it. :)