• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1628
  • Last Modified:

Internet Explorer cannot display the webpage

Previous post:
My client is using IE8 and when he goes to a website everything displays except for the Google Ads that are place on the page.  Get the message - Internet Explorer cannot display the webpage.  Have cleared out Tempory Files and cookies and reset settings on IE.

Installed Adobe Flash...I thought it was solved but it is not:  This is what will not open - http://googleads.g.doubleclick.net/page  Attached are screenshots.  Here is one of the links www.patient.co.uk/pils.asp
Googlead-issue.bmp
esl-Printables.bmp
0
Mags
Asked:
Mags
  • 23
  • 8
  • 6
  • +5
6 Solutions
 
joelsplaceCommented:
Have you tried a different browser to test?  The page works fine for me in IE8 and Chrome.  If it works for them in a different browser then you know it's IE8.  If so I would start with an uninstall/reinstall of IE8.
0
 
sjklein42Commented:
Sounds like a popup blocker is blocking the googleads.g.doubleclick.net domain on his machine.

From a command window, try pinging googleads.g.doubleclick.net.  It should go to 74.125.159.157.
0
 
MagsOwnerAuthor Commented:
sjklein42...I got 206.53.61.77 - Requests timed out
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
MagsOwnerAuthor Commented:
From my computer it goes to 74.125.224.153 and works
0
 
joelsplaceCommented:
Google has tons of servers.  Most of them have pings turned off.
That said, mine goes to 74.125.227.25 and does ping.
Try an ipconfig /flushdns
The PC may have cached a bad address.
0
 
sjklein42Commented:
First, in IE, check if there is a proxy enabled, and disable it if there is one:

http://windows7themes.net/how-to-disable-enable-proxy-in-internet-explorer-9.html

If there was no proxy, then check which DNS servers they are using (IPCONFIG /ALL), and try setting the primary and secondary DNS servers to 8.8.8.8 and 8.8.4.4 (google public DNS service).

Instructions if you need them:

http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html 
0
 
Dave BaldwinFixer of ProblemsCommented:
There are several programs and plugins that will block ads in your browser.  That is typically what you see when that happens.
0
 
joelsplaceCommented:
sjklien42 good things to try
DaveBaldwin - ad blockers won't stop pings
0
 
Dave BaldwinFixer of ProblemsCommented:
Ping is a different protocol and won't deliver an ad to your browser.  All 3 ads are put by javascript.  Any chance javascript is turned off?
0
 
MagsOwnerAuthor Commented:
Sorry for the delay...back on Monday
0
 
MagsOwnerAuthor Commented:
Hello Boys!!  I tried all your tricks above and no luck.
www.patient.co.uk/pils.asp and WordMonkey Translator (igoogle) will not fully load in either IE or Chrome.
Next?
0
 
MagsOwnerAuthor Commented:
There many other websites that won't fully load not just these.  Seems to do with http://googleads.g.doubleclick.net/page and I'm not sure what is not loading beneath Word Monkey.
Can anyone help?  Thank you!!  It is greatly appreciated.
0
 
MagsOwnerAuthor Commented:
Hello?  Is everyone as stumped as I am??  Any response would be welcome.  Thank you!
0
 
sjklein42Commented:
Have you considered that the router may be infected with the "google redirect virus"?

See this other question:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Q_26879284.html?sfQueryTermInfo=1+10+30+googl+redirect+sjklein42+viru
0
 
MagsOwnerAuthor Commented:
There doesn't seem to be any redirect...I'll double check with my client.

Simply put...http://googleads.g.doubleclick.net/page  never populate on web pages.  That seems to be the only issue.  I am going to remove all temp files by going to the %temp% in the command prompt in the am.  Any reason why I shouldn't try that.
0
 
Davis McCarnOwnerCommented:
The ip you posted, 206.53.61.77, belongs to a company in Canada named VELCOM and is not Google!
You either have an entry in Windows\System32\Drivers\etc\HOSTS redirecting those links or a TDSS/Aleureon Trojan.  Run TDSSKiller to check: http://support.kaspersky.com/faq/?qid=208280684
0
 
younghvCommented:
That symptom is what is displayed when your "HOSTS" file is redirecting a website to 127.0.0.1 (this is just the universal IP address of the local computer - or "Local Host").

Not sure if that is what is happening, but you can check your HOSTS file (open with Notepad) and look.

HOSTS file locations:
Windows 7/Vista/XP    = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

More details here:
http://winhelp2002.mvps.org/hosts.htm
0
 
MagsOwnerAuthor Commented:
Good Morning Guys!  Thanks for your suggestions.

I will try them as soon as I can access my clients computer.  Hitman Pro did detect a Trojan.Win32.FakeAV! IK virus and Webroot found a W32.Malware.gen.  I will run TDSSKiller and post you on my findings and check his HOSTS file.
0
 
MagsOwnerAuthor Commented:
DavisMcCarn do you recommend running TDSSKiller in safe or normal mode?
0
 
younghvCommented:
"...recommend running TDSSKiller in safe or normal mode?"

In almost all instances you do your scans in Normal Mode - if the system will boot to it - since the malware processes probably won't be running in Safe Mode.

There are other (OS related) reasons for doing so also. Have a read of this EE Article:
Malware Fighting – Best Practices
0
 
jcimarronCommented:
MagsMcKinley14--I have not reread all the posts, but two posters (younghv and DaveBaldwin) have told you that the ads are being blocked by some other program.  In other words, this program is blocking access to the third party site (doubleclick) which is trying to send the ad to you.  
younghv mentions the HOSTS file.  Did you check that?  
Another program that could cause this is SpywareBlaster.  Your settings in Internet Options|Privacy tab and Security tab|Restricted tab could do the blocking.  Other possibilities are IE's Smart Filtering or Tracking Protection.
Any of these could produce the "Cannot display the webpage" message.  
Do you really want to see these advertisements?  
0
 
MagsOwnerAuthor Commented:
I won't have access to my clients computer until 6 pm mst.  I will get back to you as soon as I process all of your suggestions.  Thank you.
0
 
Ray PaseurCommented:
In addition to the other suggestions, you might want to have a look at this:
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.patient.co.uk%2Fpils.asp&charset=%28detect+automatically%29&doctype=Inline&group=0

If the page validates correctly, it will go a long way toward working correctly!
0
 
MagsOwnerAuthor Commented:
Hi Ray...interesting but it is foreign information to me.  I'm not sure how it would apply to my client since he is simply access this website and no one but him seems to have any issues.

jcimarron: In answer to one of your questions...I don't think he really wants to see the ads he simply wants the website to load completely.
0
 
younghvCommented:
"I don't think he really wants to see the ads he simply wants the website to load completely."

I've always considered imbedded ads and links to third-party sites as security vulnerabilities.

When I'm going to abc.com, I have no interest in being exposed to information and/or cookies from xyz.com

Tell him that his target website is loading completely - just not the commercials.

(Hi Ray - nice thought on the validation!
Vic)
0
 
jcimarronCommented:
MagsMcKinley14--It hard to say it better than younghv did.  
Your customer really does not want these ads to load. In any event the ads have nothing to do with the desired page loading completely.  They are third party pages (like http://googleads.g.doubleclick.net shown in your screenshot).  It takes more time to load third party sites and who knows the security risk from clicking on links on those ads.
0
 
Davis McCarnOwnerCommented:
TDSSKiller can be run in either Safe Mode or normal and won't do anything unless it detects the Trojan.

The fact that Googleads is being redirected to a Canadian domain is scary as other domains will also be redirectyed and identity theft is a distinct possibility.
0
 
younghvCommented:
Almost all tools/scanners CAN be run in Safe Mode.

The concern is that since Windows File Protection service (WFP) is not running, any changes made to System Files could inadvertently cause an unbootable system.

"Better safe than sorry" means not running scanners in Safe Mode.
0
 
MagsOwnerAuthor Commented:
OK...ran TDSSKiller - first time with only Service/Drivers and Boot Sectors checked no threats.  When I checked Verify driver digital signatures and Detect TDLFS file system it found suspecious threats so I quarantined them.  See file.

I opened all folders in Windows 7/Vista/XP    = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
They are also attached...this host thing is new to me so I appreciate your set of eyes.

The issue that he is getting googlead redirects is more concerning than seeing the ads.

Reset all security settings in IE to default...I believe they were already set that way.

No change.
0
 
younghvCommented:
"They are also attached..." -

Not visible - are you sure?
0
 
MagsOwnerAuthor Commented:
Here are files...sorry - Hosts and LMHosts will not save as .txt files...
hosts.o1d said - 127.0.0.1       localhost
LMhosts said - It was a sample lmhost page, no other info
NETWORKS.txt
PROTOCOL.txt
SERVICES.txt
object.ini
0
 
Davis McCarnOwnerCommented:
It doesn't look loike you posted the contents of HOSTS.  Often, it also gets hidden when it has been modified.
Here is a virgin one:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
0
 
jcimarronCommented:
MagsMcKinley14--Do you have HOSTS file, not HOST.old.?
The fact that you do have a HOSTS.old file suggests you do have a HOSTS file and that it is populated to block entry to certain sites.  See http://www.mvps.org/winhelp2002/hosts.htm
It should open in Notepad.  And once in Notepad click on Edit|Find and search for googleads.g.doubleclick.net
I'll bet you have googleads.g.doubleclick.net in the HOSTS file.  And that is the source of the blocking you see. I have googleads.g.doubleclick.net in my HOSTS file and I use the hosts.zip file from http://www.mvps.org/winhelp2002/hosts.htm
0
 
MagsOwnerAuthor Commented:
All he has in the designation folder is host.o1d (it is not old it is with the number 1 - no "host". the only the other is LMHOSTS

host.o1d is -
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

and LMHOST is

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      #BEGIN_ALTERNATE
#      #END_ALTERNATE
#      \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
# 102.54.94.102    "appname  \0x14"                    #special app server
# 102.54.94.123    popular            #PRE             #source server
# 102.54.94.117    localsrv           #PRE             #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.

Attached is a screenshot of what I found in the ETC folder



List-in-ETC-Host-Folder.jpg
0
 
jcimarronCommented:
MagsMcKinley14--I have no idea how you got the HOSTS.o1d file but make a copy and put it somewhere else.    Then change the name of the HOSTS.o1d file to HOSTS file (no extension).
Can you open it now?  Do you see googleads.g.doubleclick.net ?
0
 
jcimarronCommented:
MagsMcKinley14--Hosts.o1d may be designated read-only.  (Right click|Properties|General tab|look at the Attibutes section.  Uncheck all attributes.)  Do that before trying to change its name.
0
 
MagsOwnerAuthor Commented:
No I can't.  My clients computer is not available.  I will do as requested when available...probably not until Sunday or Monday.  Thanks for sticking with me!!
0
 
jcimarronCommented:
MagsMcKinley14==
Just as an exercise try to reach google.tucows.com  

HOSTS is a hidden file.  Go to Explorer Folder IOptions|View tab| Check "Show Hidden Files and Folders..." and UNcheck "Hide Protected operating syswtem files and folders...".

You have reported two different contents for the HOSTS.o1d file.  Have you scrolled all the way to the bottom?
0
 
MagsOwnerAuthor Commented:
Will do...I will have access Monday morning.

The 2 host posts are the same, the first one I simply left off everything between the #'s, I scrolled all the way to the bottom...just double checked.
0
 
Davis McCarnOwnerCommented:
Your HOSTS file has been altered, set to hidden, and had it's permissions changed.  This utility from BleepingComputer will fix the permissions and make it visible again: http://download.bleepingcomputer.com/bats/hosts-perm.bat
Afterwards, rename HOSTS to INFECTED.TXT so you can inspect it and here is a virgin HOSTS file: http://download.bleepingcomputer.com/misc/host-files/windows-7/hosts
0
 
younghvCommented:
We seem to be going in circles here, with resultant conflicting advice.

A legitimate "HOSTS" file has no extension, but it can be opened with Notepad and "Saved As" a *.txt file. That text file can be attached here for us to review.

As has been stated repeatedly, a very common use of the HOSTS file is to re-direct the advertising/junk links in a web-page back to the "Local Host" (127.0.0.1) which causes that display you are showing.

The pure fact is that using a HOSTS file in this manner has always been one of the top five (or so) recommendations for protecting systems from unwanted Internet connections.

My recommendation is that you use a modified HOSTS file on that computer to help protect your client - but explain to him what is going on.

If instead you want to expose your client to any third-party website linked to his target website, then feel free to follow the insecure advice to load a "virgin" HOSTS file.
0
 
MagsOwnerAuthor Commented:
DavisMcCarn:  I followed your instructions -
Your HOSTS file has been altered, set to hidden, and had it's permissions changed.  This utility from BleepingComputer will fix the permissions and make it visible again: http://download.bleepingcomputer.com/bats/hosts-perm.bat
and look what I found!!!
 HOSTS.txt
All kinds of "Google" junk

What do I do now?
The "virgin" host file that Bleepingcomputer suggests is the same as I have on my computer.  I am using IE 9 he is using IE 7 or 8.  Would that make a difference?  Do I simply copy over the contents of the HOSTS.txt file?
Do I delete the hosts.o1d (renamed infected.txt) file?
0
 
Davis McCarnOwnerCommented:
If Hosts.o1d is virgin. just rename it to hosts.
0
 
MagsOwnerAuthor Commented:
In response to jcimarron:
I have no idea how you got the HOSTS.o1d file but make a copy and put it somewhere else. Then change the name of the HOSTS.o1d file to HOSTS file (no extension).
I could not change “HOSTS.o1d” without and extension.
I could not open it any differently and did not see “ googleads.g.doubleclick.net”

Hosts.o1d may be designated read-only.  (Right click|Properties|General tab|look at the Attibutes section.  Uncheck all attributes.)  Do that before trying to change its name.
hosts.o1d was not designated read-only.

Just as an exercise try to reach google.tucows.com  
I could reach google.tucows.com with no issues.
0
 
MagsOwnerAuthor Commented:
Hello DavisMcCarn:
 
If Hosts.o1d is virgin. just rename it to hosts.

I can rename it but it keeps its extension of "o1d"
0
 
jcimarronCommented:
MagsMcKinley14--That "HOSTS.txt" file is pretty weird, but you do have a HOSTS file somewhere on the PC and it does contain googleads.g.doubleclick.net .
And that is what is blocking the ads from googleads.g.doubleclick.net
as shown in your first screenshot ( googlead-issue.bmp).  
It will also block ads from all the other google-affiliated ad sites shown in Hosts.txt.  (google.tucows.com is not in the list.)
You should now read the article http://www.bleepingcomputer.com/virus-removal/remove-security-tool
The PC was/is infected with malware called Security Tool.  And you should now get rid of it per the described procedure.
Once done you should be able to find the actual HOSTS file.  This should finally be visible per articles 22 and 23  of http://www.bleepingcomputer.com/virus-removal/remove-security-tool
Delete the existing HOSTS  as is instructed.  You now will be able to read the ads on all those google sites including googleads.g.doubleclick.net

0
 
Davis McCarnOwnerCommented:
On the view tab of File and Folder Options, you need to uncheck the box for Hide Extensions for known file types long enough to rename the file.  Remember to set it back or the user will have to type the extent for any file he saves.
0
 
MagsOwnerAuthor Commented:
Will do my best to log on with my client tomorrow to do the above requested.  Thanks again for your assistance!
0
 
MagsOwnerAuthor Commented:
Did it!!!!!!  I'm exhausted...Thanks guys!
0
 
MagsOwnerAuthor Commented:
Never found any "googleads.g.doubleclick.net" in HOSTS.  No more viruses found.  

After http://download.bleepingcomputer.com/bats/hosts-perm.bat
made the "HOSTS" file visible jcimarron above recommendation from Bleepingcomputer to delete it and DavisMcCarn's suggestion to rename the hosts.o1d to a text file HOSTS seemed to do it!

Thanks again!
0
 
MagsOwnerAuthor Commented:
Printed out HOSTS.TXT after http://download.bleepingcomputer.com/bats/hosts-perm.bat was run for my clients records.
If it had been fully looked at or printed we would have seen googleads.g.doubleclick.net - it was in there!
0
 
jcimarronCommented:
MagsMcKinley14--Yep!  And google.tucows.com was not.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 23
  • 8
  • 6
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now