Problems accessing mail server and web pages

For the last few days, I have been having big problems accessing mail (with Thunderbird) and a lot of web sites (with Firefox and Chrome). Thunderbird usually tells me that it “failed to connect”, and both browsers often tell me that they “failed to find” website this or that - for example, Google, Gmail, and Facebook. If Facebook does load, it often comes up dispayed as basic text-only HTML with little or no graphics. On the other hand, some sites load reliably.

No pressing reason to suspect malware at the moment - full scans with Avast and MBAM came up with nothing, also scans with GMER, DDS, HijackThis produced nothing obviously untoward. The only question mark I have about possible malware is that when Thunderbird started acting up, I had a look at the SSL-related Mail Shield settings, and I found that as well as the two entries I expected to find, there were two others with only IP addresses for names. I wondered at first if these were related to a new gmail account that I set up recently, but I only access it via browser so (as I understand it) Avast should not be involved with those mails. I kept a close eye on these Mail Shield settings for a day or two, and two more similar entries got added (all IP addresses ending in .78). I have now deleted them all.

The only other thing that might be relevant is that three or four weeks ago, the PC started randomly shutting down (which I believe was due to overheating, because it stopped when I replaced a noisy fan and declagged the mobo fan). Then after a couple of days it refused to boot, which I fixed by plugging the hard disk into a different slot on the mobo (I noticed in the BIOS that the name of the slot it was plugged into had become corrupted).

Today I had a look in event viewer and found a lot of disk controller-related errors up to 30 Jan, and none since. So I’m presuming that overheating was causing the disk errors, and that problm is now fixed. But I’m wondering if maybe some settings got corrupted in Avast?

To be on the safe side, I have disabled the wireless network connection until I figure out what the problem is and fix it (I’m posting this from a different machine). Trouble is, I don’t really know where to start. Does anyone have any suggestions, please?

I’ve noticed you have “Security software (regular): Avast! Internet Security 5.0, MBAM (paid)”. Have you tried to turn off MBAM resident scanner and to see if it gives any difference?

Hi! Quick reply, thank you. No, I haven’t tried that, I’ll give it a go. Incidentally, because MBAM is my other security software, I duplicated my post in the Malwarebytes forum:

http://forums.malwarebytes.org/index.php?showtopic=75582

Have you tried accessing the same pages that you can’t access with a different computer?

If you don’t think it’s malware, it could be your hardware or just your internet connection.

I’d try pinging (ping -t “problem site here”) and watching for delays or dropped packets.

Your computer overheating, corrupting ports (SATA, I presume) and other things don’t bode well for the health of your PC though. Might be a NIC or motherboard failure.

@YLAP, I disabled the MBAM protection module and it made no difference.

@scythe944, yes I agree that overheating is to be avoided where possible :). I don’t think I have permanent hardware damage: nothing else on the PC appears to be misbehaving, just browsers and email client. I also don’t think I have an internet connection problem. Avast and MBAM are happily updating themselves regularly, and I can use Skype just fine.

Earlier this evening I experimented with 8 or 9 different URLs, chosen more or less at random from my favourites, using Chrome Firefox and IE8. Failure rate was about 90% in all three browsers. I could post the results I recorded?

I have carried out a disk check and it found no problems. I have also uninstalled and reinstalled Avast, which does seem to have made some difference. More pages are now loading without problems (albeit sometimes they do not display properly). The pattern for the others seems to be: first attempt, browser will report that it can’t find the web page and suggest reloading it. On second attempt, more often than not, browser displays “redirecting you to…” and the web page loads.

I tried stopping the web shield in Avast and that made no difference either.

I’m a bit stuck as to what to try next. I was rather hoping a reinstall of Avast was going to do the trick.

Unfortunately, I don’t think posting the failures would help diagnose the problem.

If uninstalling and re-installing helped, we might try the old Avast Uninstall utility trick as well to make sure that it’s completely gone, then try a re-install again.

The behavior shield has been the culprit for most problems with Avast lately, especially in the Beta builds, so you could try disabling that or installing avast without that portion completely. I don’t see how it could affect web pages from loading, but you never know I guess.

Have you had a previous A/V program installed before Avast and if so, did you use their removal tool to get rid of it? If not, just concentrate on removing avast completely with the uninstall utility.

I’d still be interested if pinging the affected sites worked, since it uses a different port than standard http requests though. If pings are going through happily, then we know that something in the TCP/IP protocol stack is malfunctioning or avast is malfunctioning.

Does completely removing avast make any difference? That would help narrow our troubleshooting down a bit.

Hi Scythe944,

Thank you for your valuable time and invaluable assistance.

I’ve done two things now:

  • I’ve changed the Avast installation via Control Panel so the behaviour shield is currently uninstalled
  • I’ve carried out some ping testing
    and the plot appears to clarify in one way and thicken in another ???

So far tonight, I have a 100% success rate with loading web pages. 6 out of 6, and every one loaded fast and completely: no missing graphics, no munged display, all perfect. Before I took out the behaviour shield, the same 6 web pages gave me 3 successful loads, 2 "could not find host"s, and 1 “webpage is not available”. I also managed to connect to the mail server with Thunderbird on the first time of asking. All of which strongly suggests that the behaviour shield is the villain of the piece (admittedly with only one boot and limited time online so far).

What is exercizing me now is that when I pinged the same 6 web sites that I connected to with no problem, the results were:

  • 3 x “Ping request could not find host”
  • 1 x Packets: Sent = 10, Received = 0, Lost = 10 (100% loss)
  • 2 x Packets: Sent = N, Received = N, Lost = 0 (0% loss), round trip times in the range 25-59 ms

Two of the hosts that could not be found were not exactly obscure either:

I shall keep on browsing and using Thunderbird and see if I maintain a 100% success rate, with behaviour shield flakiness as a null hypothesis. But something is clearly still not right because of the ping results. How is the situation to be interpreted now?

You’re welcome!

It is to be interpreted as: strange!

I have no idea. It’s loading pages now that the Behavior shield is disabled, but still not pinging correctly. I’d say the internet connection was flaky. Does your router (if you have one) have some diagnostic abilities? Maybe try pinging the same problem domains from it as well?

You don’t say (or I forgot) if you have a firewall involved, so I’ll assume that you don’t.

I guess an easier way to figure out if it’s Avast really causing the problem is to go ahead and fully remove it and continue to test the PC. If it works, then we know that Avast is causing the problem. If not, maybe we have some hardware issues or just a flaky internet connection.

Hopefully we’ll find something that points to the real problem soon.

;D Here’s a good example. I don’t know much about pinging - I’m geeky, but not that geeky 8) - so I did a bit of homework this morning and I have been working from the following web page this evening:

http://www.practicallynetworked.com/sharing/troubleshoot/

It loads just fine in Chrome, Firefox and IE8 (albeit in IE8 it took a while to start loading). So I tried pinging www.practicallynetworked.com: 100% timed out. And since the ping tutorial distinguishes between failure to ping website name and website IP address (in terms of what the indicated problem is, if it is not website down), and since pinging a website name provides the website address as part of the output, I tried pinging the IP address too. With the same 100% failure due to time out.

I suppose with hindsight that was flawed logic - if ping can’t find the website name, it might be because it is translating it (via the DNS server) into an incorrect IP address … am I getting this right? In which case, pinging the incorrect web site address provided by pinging the web site name is bound to give the same result.

Yes, a router is involved here, but I didn’t set it up and I have no idea how to go about pinging from it. I didn’t set it up,I just use it in the house where I rent a room. I wouldn’t even know how to log in to it here (where I used to live, I did occasionally log into the router but even there I never pinged from it). More homework required.

I am using the built-in Windows XP firewall.

Andy

Thanks for doing some additional homework. One thing that I have to tell you about the ping utility is that server’s don’t always respond. That’s because some sites block pings to “hide” themselves on the internet. So, you have to use sites that allow it and base your tests on them. We’re looking for sites that can be pinged, and looking for dropped packets and unusually long response times.

As for the router, I understand. Basically though, if you wanted to log into it, you can usually find the IP address of it easily by opening a command prompt window and typing: ipconfig

That should give you your IP address, the subnet mask, and the default gateway. Since in most cases in home networks, the default gateway IS the router, so there you go. Type that IP in your address bar, and you’re accessing your router. Again, I know you probably won’t know what the password is to get into it, but maybe you can use that info for future reference or something.

f ping can't find the website name, it might be because it is translating it (via the DNS server) into an incorrect IP address ... am I getting this right?
Technically, yes. But again, that's only if the server ISN'T blocking pings, which practicallynetworked.com seems to. You can tell if DNS is working properly if you type the domain name and it goes to the correct page though, and yours seems to be working just fine.

Alright, you did some extra homework, but we still can’t use the results to continue working on this problem. Since we can’t use the router’s diagnostics to make sure that your internet is working properly, then I’d try to remove avast and see if it fixes it. I should hope not, but we can’t tell unless we try.

Remember to use the uninstall utility and instructions on this page: http://www.avast.com/uninstall-utility

Aye, there’s the rub - how to find sites that can be pinged. I did a bit more homework, and came up with a list of 60-odd websites that were supposedly pingable, from here:

http://www.dailyblogtips.com/ping-list/

Then I pinged 10 of them at random and got 9 “could not find hosts” and 1 reply. From the little bit of reading around I did, it seems that it is is increasingly difficult to find sites that will respond to ping, for fairly clear good reasons: advertising one’s presence in the big bad virtual world is an invitation to be hacked, isn’t it.

So how to find a contemporary list of sites that respond to ping? I have no idea. But without that, how do I know whether inability to ping sites indicates a problem with my PC or indicates merely that those sites do not want to play ping pong? Again, I have no idea. I don’t see how uninstalling Avast is going to help with that dilemma. I suppose I could ping a load of sites and then uninstall and ping them all again and see if I get a significantly higher success rate after than before. But at the moment, the problem that I had has been resolved by uninstalling the behaviour shield. If I hadn’t tried pinging I wouldn’t have suspected any other problem, so I think I will leave well alone at the moment, unless I find a more ostensible reason to suspect a residual problem.

Thanks again for your help - it is very much appreciated.

Andy

That’s right, having a pingable host isn’t all that it’s cracked up to be sometimes. I guess you could just use the ones that you were having problems with originally, and add sites like google and yahoo (they’re usually the ones that I use).

Again, finding out if it’s your computer or something else usually requires using another computer or the diag tools built-in to the router (if equipped).

I don’t suppose you have another network card lying around somewhere that you could install in your computer and try pinging from that? I doubt it would make a difference though.

I can tell you from experience that a bad cable modem can cause this problem though. I had one that would reach sites sometimes, and sometimes not. If anyone else is having problems accessing sites, the gateway (or router/modem) could be to blame.

I’m glad that disabling the behavior shield helps, although I wish that wasn’t the problem at all of course.

Well, I spoke too soon … woke up this morning and it was the same old problems again. So I disabled the wireless connection, and uninstalled Avast, from safe mode with the aswclear5 utility. Then I rebooted and used Registrar to remove the 70+ registry entries referring to Alwil or Avast that the utility had not removed. Then I re-enabled MBAM real-time protection so I had at least some protection when I started browsing again, re-enabled the wireless conncetion, and …

… I’m still having the same problems. Some websites load, some don’t. Some that don’t, do so on the second time of asking. Some that do, don’t load properly. However, it seems clear that Avast is not implicated now, since I have completely removed it as a factor, so I have to look elsewhere for an explanation, starting with the router and the wireless adapter.

Thanks again, Scythe944, you’re a gentleman.

Sounds good Sparge, I’m glad we narrowed it down a bit for you.

It’s looking more and more like the cable modem or whatever internet connection you have. Hopefully you get it fixed soon!

Also, I’d guess it would be a good idea to get avast installed again since we know it’s not the cause of the problem. We don’t need you getting a virus while you’re trying to fix the connectivity issues!

Hi Scythe944,

Events have moved on a bit here, and have caused me to post on the MBAM forum seeking assistance with malware removal:

http://forums.malwarebytes.org/index.php?showtopic=75939

Below is the bit from the post that is pertinent to the discussion we have been having.

Andy

[i]The reason I am now posting here is because I noticed something today that made me a little bit more convinced that the explanation is malware rather than hardware. I noticed that there were 10 new top-level subfolders of my C drive, copies of the folders in my bookmarks toolbar. They had all been created between 00:18 and 00:19 on 19 February. I had a look in event manager and at 00:19:15 I found the following TCPIP warning recorded:

“TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.”

Which all sounds more than a bit fishy to me (given that accessing websites from my favourites toolbar is the main difficulty I’m having). And I struggle to see how a hardware problem could explain it.
[/i]

Ahh… nice to see that something obvious reared it’s ugly head.

I’m not much of a malware-removal pro, but there are others that can do so.

Wait and see if you get any good responses from your thread and if not, let us know. We can call on Essexboy for help.

It’s weird that all of you initial scans didn’t pick anything up though. I’d give TDSSkiller a shot or at least an avast boot-time scan.

http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.schmahl.net/avastbootscan.php