Link to home
Start Free TrialLog in
Avatar of dedri
dedriFlag for United States of America

asked on

not able to open any other site than google, youtube and wikipedia, safemode is working well

Starting from today, I am not able to open any other pages than google, youtube and wikipedia, Pages like microsoft , vmware and anyone else is not possible to be opened. And it doesn't matter what browser i use.
I booted in safemode and in safemode everything is working. All pages can be opened without problems.
Could you please tell me what is the issue. Machine is windows server 2016.
Avatar of David Favor
David Favor
Flag of United States of America image

Sounds like a DNS problem.

First run dig... er nslookup for Windows... Check to make sure an IP is being returned for DNS resolution + it's the correct IP... so for MS.com the return should be...

imac> dig +short microsoft.com a
191.239.213.197
23.96.52.53
23.100.122.175
104.43.195.251
104.40.211.35

Open in new window


Any other return means your local DNS caching system requires a bit of work.
Avatar of dedri

ASKER

Hi David, thanks for help. DNS resolving works. If I start the system in safemode, everything is wokring and all pages are opened. Network settings are the same with safemode and normal mode.
When I start normal mode, I am not able to open any pages than google, youttube
check add ons,

Sounds like you have either a restriction, internet options, content .....
or ..

use hijackthis to see what is going on.
Does it sow up on all profiles on the server, or just one?
If I start the system in safemode, everything is wokring and all pages are opened. Network settings are the same with safemode and normal mode.
If a DNS issue has been eliminated, the fact that it works in Safe Mode indicates Malware on the system or a browser add-in gone rouge to me.

1. Disable all Add-Ons / Extensions in your browsers and test - if that resolves, re-enable one at a time until you find the rouge one.

2. Do a full system scan of the system with Malwarebytes Free - allow it to remove everything it finds and see if that resolves it.

Have seen this many times over the years and the two steps above generally resolve the problem.

I hope that's helpful.

Regards, Andrew
Avatar of dedri

ASKER

no add-ons in the browsers(IE, Chrome).
all users are affected.
In safemode it's working. Could you tell me how to check what is started in normal mode more than safemode and ho to exclude the things one by one.
Could you tell me how to check what is started in normal mode more than safemode and ho to exclude the things one by one.
You can use Task Manager for this in W10. Just go to the Startup and Services Tabs. That said, I would urge you to try a Malwarebytes scan first. Quick and easy to do.
Sorry, forgot to answer how to exclude things one by one. Basically, disable everything in the Startup Tab using Task Manager first, reboot and see if problem is repaired. If yes, re-enable things one at a time and keep restarting until the problem recurs. Services are a little more tricky. You need to go through the same process as the startup tab, compare what's running in Normal and Safe Mode and then disable anything running in normal mode that Windows will allow you to disable, and then re-enable one at a time. A tedious procedure to go through though and will not work with Services if a service is affecting the machine yet will not allow itself to be ended while Windows is running in normal mode. Hope all that makes sense? :)
Avatar of SquigglyMonkey
SquigglyMonkey

There are many places that can hide malware/viruses such Task scheduler and run(s)(in the registry).
I would Use System Restore to put it back to yesterday, or earlier and then run a full system check with a good anti-malware application, as [previously mentioned. Check the file "hosts"(C:\Windows\System32\drivers\etc) to see if there are some crazy things in there.
Are you at an office, and behind a firewall?  I have seen odd behavior like this when companies implement SSL decryption to analyze traffic.
run sfc /scannow in an elevated command to make sure the networking part is not being meddled with.
Check internet options to make sure it is not being redirected their as a proxy....

start iexplre -extoff and see if you have a different behavior.

what do you have on the system, end point, mcaffee, etc. content filter?

presumably safe mode with network is how you boot...check services as referenced ...
Avatar of dedri

ASKER

I run a recommended malware removal software and nothing has been found.
I run sfc /scannow and no problems are detected.
Run in safe mode, web pages is opened there. Check the running services. Start windows in normal mode, Disable the services which are not running in safe mode - no change, web pages are not able to be loaded except the google and youtube.
All browsers have problems.
Check host files, nothing suspicious there.
I still can't open the web pages. Any other suggestions, that I can try
run browser without extensions

what about when fully run (windows key + R)  iexplore -extoff?
same behavior?
check the network adapter properties see which services, components are attached there beyond the IPv4,ipv6,client for microsoft networks, file and printer sharing for microsoft networks, and QoS packet scheduler...

To you have other teeter I think is a Symantec option.....


When in regular mode you are trying to access, what is the status at the bottom of the browser commonly, says? connecting to , make sure it is not saying it is connecting so an IP/host that might reflect it is trying to proxy the request where the three you can access might be exempt from going through a proxy.
Imho,,,, The logic of what you say is happening dictates that the issue is something loading at boot, or logon.
Since the browsers are working in safe mode, they are not the problem.
I would look through Task scheduler for things that run at boot, and at login. Many people don't realize there are 'logon' tasks.
run msconfig on the services tag, put a check in "Hide all Microsoft services" and look carefully through all of them, or disable them all.
On the startup tab, look through them all, disabling anything you are not 100% sure of, or disable them all.
Also check your antivirus to see if it has a firewall in it.
Avatar of dedri

ASKER

I use autorun from sysinternals. Only services that runs except the microsoft are vmware tools services  installed. I disabled them and the problem is the same.
Also I disabled all scheduled task. Again the same problem.
ASKER CERTIFIED SOLUTION
Avatar of dedri
dedri
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial