My IE can't browse sites

By mashimaro
Jan 16, 2009
Topic Status:
Not open for further replies.
  1. Hi,

    recently my pc just got infected with RS32net.exe, at that same time my keyboard can't do alt+tab function properly, but the button works fine separately. Don't know what to do, so I decided to do formatting, reinstalling Windows XP SP3 and necessary drivers, antivirus and antispyware. That keyboard still got the same problem with alt+tab function, don't know what's the problem.

    The main problem is that my IE can't browse 1 site (so far) which is site for online game.
    Strange, because I still can logon and play that game.
    The XP network diagnostics says that Windows did not detect any problems with your Internet connection. If your browser cannot display the page try following: blah blah...
    Another strange thing is If I click link to that site from other site, I can enter..

    My Spec is:
    X2 4200, 2GB DDR 800, HD3200 onboard, XP SP3, and AVG 8 free for antivirus.

    I hope someone can help, and I'm sorry for my bad English.

    Thanks
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    RS32net.exe is identified as a Trojan/Backdoor, variant of the Trojan.Win32.Agent.aecm malware. You do not tell us how you know you have this infection or what you have done to remove it.

    You can try doing this first:
    Kill the process rs32net.exe : Right click on the Taskbar> Task Manager> find rs32net.exe> highlight> Click on End Task.

    Then remove from Windows startup:
    Start> Run> msconfig> enter> Selective Startup> Startup tab> find rs32net.exe and UNCHECK it> Apply> OK> Reboot.

    Ignore the nag message that comes up and close after clicking on 'don't show this message again.' Stay in Selective Startup.

    Now do the following:
    Please follow the steps here: http://www.techspot.com/vb/topic58138.html

    When you have completed running the programs, please attach the three logs here for review.
  3. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    I know my pc got infected by this RS32net.exe by press ctrl+alt and it shows strange program and I google it and foung that it is some kind of malware.

    I remove it by formatting, and reinstall. Do 8 steps and no virus/malware found, and here's my hijackthis log.

    Now what's left is browsing problem as I mentioned before.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I would like to see the logs from MalwareBytes and SuperAntispyware.
    Did you do what I suggested about killing the RS32net?
    Did you scan with AVG?

    I can't eliminate a malware-related cause until I know these things. Getting rid of a Trojan Backdoor is just not that easy. The only suspicious entry in the HijackThis logs is:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    If you have set up a homepage to come up with a blank page, then it's not a problem. If you have not, then you have the about blank malware.
  5. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    I already did all that you have suggested before.

    About the homepage, yes I have set homepage to come up with a blank page.
    If I set homepage to site that I can't enter before, I can browse that site. After enter that site, I have to use "open in new window" to open that site menu.

    Here's the 3 logs.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, here's the culprit in the HijackThis log:

    Remove bad HijackThis entries
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into Safe Mode:

    Open Internet Explorer> Tools> Manage Add-ons> find the following entries> click to highlight> click on Disable:
    When through, reboot into Normal Mode.
    Run SDFix:
    Download SDFix here: http://www.bleepingcomputer.com/files/sdfix.php
    Boot into Safe Mode
    Run SDFix
    * Attach Report.txt back here. Rescan with HijackThis and attach new log.

    Reset your homepage to where you want. Go to the site> then click on Tools> Internet Options> General tab> Homepage section> check 'use current.'
  7. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    I open manage add-ons on IE, and I can't find those two.

    Here's the logs.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The log is clean and the entries are gone.

    Did you try this?
    Result?
  9. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    The result for that site is:
    res://C:\WINDOWS\system32\xpsp3res.dll/dnserror.htm
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

  11. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    Thanks Bobbye.

    My IE still can't open that site, but Firefox can.
    Using Firefox from now on, and surprisingly my old keyboard works fine again (strange but true).
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Then it's an IE problem, not system. I won't discourage you from using Firefox. I've been using it for over 4 years and absolutely hate it if I have to open IE. Incidentally I also have IE6.

    Do you remember if you did any Windows Updates before this problem started? There was one that combined with a specific version of ZoneAlarm prevented the connection. I'll see if I can find the update number for you. I don't see ZA one your system though.
  13. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    Actually, after reinstalling Windows, I never did any Windows Updates before this problem started.

    Just installed IE7 and updates for that, maybe it can solve the problem, but still no luck.

    Sadly because I like IE and the reason is I already get used to its menu, but I think I'm gonna like this Firefox, since it can open the some sites that IE can't. And surprisingly it opens faster than IE.

    Yes, I don't have ZoneAlarm installed.

    Thank you Bobbye
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please give me the URL for the page that is giving you this error:
    I'm going to use both Firefox and IE6 and see if I can find any content that might cause the error.
  15. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    What an interesting turn of events!

    Back in Post #6 , I had you remove these 2 entries:
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - https://www.ragnarok.co.id/nprotect/nprotect/npx.cab
    {CFCB7308-782F-11D4-BE27-000102598CE4} NProtect http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453075446 X

    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://www.ragnarok.co.id/nprotect/...rypt/
    Adware: Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.

    Registry items:

    HKEY_CLASSES_ROOT\clsid\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}
    HKEY_CLASSES_ROOT\typelib\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}

    And then disable these Active X Objects.:
    NPX Control
    nPKeyCrypt

    I did this because Computer Associates classifies nprotect as Adware.

    Give this URL a try: http://iro.ragnarokonline.com/

    This is the ID page. Is this where you want to be? If so, the URL you were using was not good.

    Here is information-according to the vendor on nProtect:
    Let me know.
  17. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    Thanks for the information.

    iro.ragnarokonline.com works fine, but not www.ragnarok.co.id
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    So use what I left. This one is no good> www.ragnarok.co.id

    It's possible that work was done on the site and a slight change was made, making the original URL you used no good. You might want to delete your temporary internet files and the Cookies for the site as that could cause a problem.
     
  19. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    I can enter that site from the link that you gave me, but after that, the link on that page doesn't working.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let's do "steps"
    1. You use the link I gave to access the log on page.
    2. You fill in your log on information.
    3. You press Enter>>>>> what happens?
    Do you get any kind of message

    Steps again:
    1. You are now logged on.
    2. You are finished and close the site using the X at top right of screen.
    3. You decide to go back to the logon page>>> what happens?
    IF you sign in and if you have the 'remember me' checked and if you keep the Cookie that has your log on information, then you should be able to start typing your logon name and the system will regognize your IP and complete the information. You should then be logged on.

    At this point, look in the Address Bar and see what the URL is. Copy it. Now close he page> go back to the page and paste in the URL you copied. Does that work?

    Did you delete the temporary internet files? Delete any shortcuts and Favorites or Bookmarks you have for this site. Type the address I gave you and set a NEW shortcut.

    Here is the Contact page for that site. If the problem persist, please use one of the contact methods to email the webmaster, tell of the problem you're having and ask for help.
  21. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

  22. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    The page cannot be displayed
    .......Diagnose Connection Problems....

    Diagnose, the result is :
    Windows did not detect any problems with your Internet connection. If your browser cannot display the page try the following: refresh page, check spelling, access from a link.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I cannot load the page either. I'm sorry but I can't spend any more time on this one site. Please use the contact information I left. Maybe their webmaster can help you. I am confident that the problem is with the site itself and not your (or mine) system.
  24. mashimaro

    mashimaro Newcomer, in training Topic Starter Posts: 18

    Thanks Bobbye for all your help and information.
    God bless you.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome. I'll be interested to hear what the webmaster says.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.