Can not display certain Internet sites after cleaning?

Hello again

After a major attack on my PC was succesfully cleaned by the Avast team I noticed that several retail sites that I normaly had no probem with would load to a blank page. So far I found these all very legitamate sites:
www.gamestop.com…appears to load then blank
www.walmart.com…blank
www.zulily.com…blank
I also noticed several times IE would prompt “IE incountered a problem and closed the page”
Same results with Chrome. Out of country gamestop and walmart load ok.
Has my default DNS server changed from the cleaning process?

Attach Farbar diagnostic logs so essexboy can have a look

Attached are the results fromFRST64. FIY I disabled windows security essentials several days ago after the cleaning. Should I delete it?

Essexboy should be online soon … :wink:

OK lets try a tool that will repair IE and reset the firewall

Download Complete internet repair to your desktop

Once on the desktop unzip the folder :
Double click the file
Select extract all to desktop
Open that folder
Run CIntRepx64 and the following will appear

https://dl.dropboxusercontent.com/u/73555776/Inetrepair.JPG

Select the following elements and press Go

Repair Internet Explorer 11
Reset windows firewall configuration

On completion reboot and try the various browsers again

It made no difference.
FYI the original attack destroyed my recovery partion samsung had set up to reinstall everything if needed.

Lets reset the network settings.

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

How was the recovery partition destroyed ? As cryptomalware never (to the best of my knowledge) touches inactive partitions

Made no diference. Attached log. Also script for the gamestop blank page was:

I tryed a system restore from the samsung partition during infection. Nothing happened.

It is just those three sites that you are having problems with ?

Could you go to control panel > Internet options > Security tab
Click reset zones to default and then try again

Did your request, no change.
So far only these three site, but IE, more than usual, will say long scripting has to close site, or just a problem incountered has to close site. The close site were very rare before, the long scripting IMHO only after infection…cleaned.

BTW the the site have no comonality that I know off.

Well I have reset the dns and winsock to system defaults, reset IE to defaults. So at the moment I am running out of ideas, they seem weird sites to be blocked though

The following script is the problem from research on the internet with people that have same issues about blank page loading (they had it at amazon.com).

Very dificult to remove, it is a browser redirect. I followed this sites: http://malwaretips.com/blogs/remove-browser-redirect-virus/ directions but it is still present.

FYI I still get video ads pop up.

On the plus side the browser is very fast now (when video ads don’t pop up and “internet exporer incountered problem and has to close” pop ups)

When do the video ads popup ? Could you screenshot one

ok I will try and catch one but it is kind of random

Lets empty the JS temps

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Sorry for not posting. Had a YLOD on my PS3. Did your suggestion no change and I still get several “IE has to close…” but the IE page is still there and functional
Perplexed and annoyed (you guys are great)

I actually now have a couple on G2G forum that are having the same problem for no apparent reason

We did run a trace and got this, basically one of the steps to the site failed to respond

All of a sudden I can't load www.walmart.com with either Firefox or IE 7. My wife can load it on her Windows XP computer hooked to the router. I can't find anything in browser settings, router settings, hosts file, etc. that would be preventing it from loading. Walmart.com is the only site I seem to be having problem a problem with. I'm running Vista Ultimate. Can you figure anything out that would prevent it from loading? This is driving me crazy. I used to be able to load the page fine, but this has been going on for some time. Thanks for your help!

Tracing route to www.walmart.com [161.170.244.20]
over a maximum of 30 hops:

1 1 ms <1 ms 1 ms 192.168.1.1
2 62 ms 16 ms 28 ms 10.64.32.1
3 46 ms 30 ms 36 ms 172.19.32.137
4 54 ms 21 ms 23 ms 172.19.32.102
5 63 ms 30 ms 24 ms 172.19.32.174
6 63 ms 16 ms 59 ms 172.18.97.13
7 57 ms 14 ms 60 ms 172.18.137.45
8 52 ms 61 ms 62 ms 12.86.31.121
9 265 ms 75 ms 60 ms tbr1.cgcil.ip.att.net [12.122.99.14]
10 65 ms 32 ms 40 ms ggr2.cgcil.ip.att.net [12.123.6.29]
11 65 ms 66 ms 56 ms att-gw.paix.ip-plus.net [192.205.32.62]
12 84 ms 37 ms 27 ms 0.so-0-0-0.XL2.CHI13.ALTER.NET [152.63.73.30]
13 107 ms 86 ms 81 ms 0.so-7-0-0.XL2.KCY4.ALTER.NET [152.63.89.173]
14 97 ms 107 ms 92 ms POS7-0.GW5.KCY4.ALTER.NET [152.63.88.21]
15 * * * Request timed out.
16 * ^C

Solved using this site http://www.isitdownrightnow.com/

The problem is the DNS resolver site address normaly set by your internet provider. If a site like walmart changes their address and your provider’s DNS resolver is late in geting the update it will not know where to go thus a blank page. OR!!! the virus malware may have changed the DNS resolver address to site it likes.

My problem DNS address was:
75.126.206.18
184.173.169.186
This should be comcast, my internet provider, but it does not look right; usually the two addresses are very similar

I changed the DNS resolver to openDNS which is:
208.67.222.222
208.67.220.220
Now the sites work. 8)

I checked my internet provider and confirmed that the virus/malware changed my DNS resolver address. Not even close.

The solution also stoped the “IE has to close…” issues.