• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

https works, http does not

A friend of mine got infected with antispiware 2009 (I believe that is the name) .. I walked her through downloading some anti-spyware tools, the one that eventually did remove it was malwarebytes ..

After a reboot, the malicious software was gone, but now she has a very unusual problem ..if she tries to use any site that is non-secure, the browser displays a message saying that the page could not be displayed .. if using https, the page loads just fine.. she's running IE7 and I've walked her through resetting it back to defaults, which disables any third party addons .. I also had her check her hosts file and we did find some rogue entries from her infection that I walked her through removing ..

When she pings google the IP address is valid ..

I'm now at a loss, and unfortunately it's remote so I'm helping via text message :) which isn't easy to do .. I have the ie8 installation file setup on a secured link for her, but I wanted to run this by the group first to see if anyone has any knowledge on this ..

Another strange thing, sometimes when she enters an address, the address bar displays nothing but "http:///" .. three slashes, and the site name is gone..
0
riven1128
Asked:
riven1128
  • 3
  • 2
1 Solution
 
tillgeffkenCommented:
Sounds like the malware tempered with her winsock. See if http://www.addictivetips.com/windows-tips/fix-winsock-lsp-issues-and-reset-tcpip-stack-to-repair-internet-connectivity/ gets you anywhere.

What OS is she running and is this problem only occuring in internet explorer or are other browsers or applications that open http connections affected too?
0
 
riven1128Author Commented:
She's running windows xp with the latest updates, and only has IE7 .. no other browsers installed, and nothing else seems affected.

I can have her try the winsock thing, but that seems unlikely, it's only https that is the issue apparently, and the http:/// three slash part is just odd ..  I would only resort to the winsock fix as a last resort.
0
 
jcimarronCommented:
riven1128--Is AVG antivirus installed?  The AVG version available last autumn caused this exact problem.  Installing a current version might fix things.  But in any event uninstall the current AVG.
Concerning http:/// , three slashes  usually indicates the address of a FILE on the hard drive, but then it should show as FILE:///
http://www.techsupportteam.org/forum/general-security/2453-http-3-slashes-mean-anything.html.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
riven1128Author Commented:
Interesting... she doesn't have AVG installed at home, but has installed some anti-spyware tools, I told her to try removing those..
0
 
jcimarronCommented:
riven1128--The reason I mention AVG is in this earlier thread (see last post which links to a now non-existent AVG site).
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23876302.html
But that thread has lots of other ideas you may want to consider.
0
 
riven1128Author Commented:
The problem ended up being very silly indeed..

I did have her reset IE back to factory defaults, but it didn't reset everything.. on a haunch I thought to have her check her proxy settings ... https bypasses the proxy ..

That was it .. her proxy was set to 127.0.0.1 .. no doubt by the malware ... the proxy setting was disabled and now it works, the silliest things are always checked last ..

Thanks for the effort!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now