Windows 7, HTTP & HTTPS not working correctly

Quick specs:

Windows 7 home premium 64 Bit, updates are up to date. IE 11 Chrome (latest) Although uninstalled now. Firefox (latest) 26

Summary: Browse by name or IP address do not work. Cannot hit any website in any browser. No direct error. Just no response.

Details: System was hit with some form of redirect malware, not sure which one it was pretty obvious he had one though because when he would search within google, silly ads would pop up in Chrome. Eventually he called and said all internet had stopped working, not just annoying ads anymore. I went to work and cleaned up all the malware, or at least I think I have it mostly gone. All the latest scanners report nothing, Kapersky, GMER, hijackthis and so on.

From the command prompt system can ping and resolve any domain name you throw at it.

Machine has two NICs one wired, one wireless both operate the same.

Windows firewall has been disabled. Although I suspect it might be the source of the problem.

It appears that something in the OS is not allowing the communications out.

Fiddler doesn't show anything. I see the get request and no response.

Even tried two different ISPs.

Checked protocol default settings and protocols appear to be correct.

Proxies are turned off.

Uninstalled and re-installed all browsers

Uninstalled all virus scanners and known programs that interfere with network stack, like WinPCAP etc. No change.

Windows Update continues to work.

Any ideas where I should look next?

ethermal

Posted 2014-01-06T21:19:48.560

Reputation: 101

I should add, from this computer I can use telnet to connect to a webserver and get a response – ethermal – 2014-01-07T20:09:39.703

Answers

You need to update your connection setting in IE, Go to Control Panel - Internet Options - Go to Connection Tabs. Click on "LAN Settings" in new pop-op select to "Automatically Detect Settings and uncheck other boxes.

If that does not work, go to Advance tab, first hit "Restore Advanced Settings" after that hit "Reset" reboot might be required.

Edit: Including links from comments
- Winsock Reset link
- Firewall Reset link
- Proxy Reset link

Vladimir Oselsky

Posted 2014-01-06T21:19:48.560

Reputation: 695

all set to defaults, definitely covered all the basics. Just to be clear this did not fix the problem. – ethermal – 2014-01-07T18:07:24.737

I hadn't, I just tried it and sadly didn't fix the problem. – ethermal – 2014-01-07T19:20:06.220

Do you know if there is a similar trick to reset the windows firewall to default? – ethermal – 2014-01-07T19:21:10.210

thanks, found that just as you posted. Again no change. Do you know how browsers request info from the OS, when requesting a URL. It is very specifically a browser problem. Using telnet on port 80 works like a champ. – ethermal – 2014-01-07T20:22:13.640

Just wanted to note that all of the resets did not resolve anything at this point. I did some research and I found hosts.ics in the drivers\etc folder when I deleted that file, I could browse sites by IP address. Now it appears to be solely a DNS issue within the browsers. – ethermal – 2014-01-08T01:03:48.630

open up windows task manager go to performance tab and press on resource monitor button then check all the processes with network activity and see if there is any unknown suspicious processes there.

I believe that there is some kinda process redirecting your connection to a malware which now does not exist on your computer and that process is a part of that malware which has not been cleaned up.

morTie

Posted 2014-01-06T21:19:48.560

Reputation: 470

Any Idea on what the malware could it be ? – Anuj Pandey – 2014-11-26T10:26:13.393