can't go to a website!!!

Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.

So I did further troubleshooting, I went to command prompt, I type ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host" &
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else could be
the problem?

On Tue, 30 Nov 2004 10:36:22 -0500, "Britney" *email_address_deleted* wrote:

Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.

So I did further troubleshooting, I went to command prompt, I type ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host" &
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else could be
the problem?

Britney,

Examine "hosts" carefully, using Notepad. Scroll to the end of the file, by
hitting Ctrl-End, then back up to the top, page by page, before deciding that it
is empty. Look out for blank lines at the beginning and end of the file, after
localhost, placed there by an exploit.

Next, check for a registry hijack. Use Regedit, and look at the contents of
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DataBasePath].
That would normally contain "%SystemRoot%\System32\drivers\etc", but is being
hijacked by various malware to use a hosts file placed elsewhere.

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware http://www.lavasoftusa.com/
HijackThis http://www.majorgeeks.com/download.php?det=3155
LSP-Fix http://www.cexx.org/lspfix.htm
WinsockXPFix http://www.spychecker.com/program/winsockxpfix.html
Spybot S&D http://www.safer-networking.org/index.php?page=download
Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, run AdAware. First update it, configure for full scan
(http://forums.spywareinfo.com/index.php?showtopic=11150), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan ("Check for problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
http://forums.spywareinfo.com/index.php?showtopic=227
http://forums.spywareinfo.com/index.php?showtopic=11150

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: http://forum.aumha.org/index.php
Net-Integration: http://forums.net-integration.net/
Spyware Info: http://forums.spywareinfo.com/
Spyware Warrior: http://spywarewarrior.com/index.php
Tom Coyote: http://forums.tomcoyote.org/

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

And Britney, please don't contribute to the spread and success of email address
mining viruses. Posting your email address openly will get you more unwanted
email, than wanted email. Learn to munge your email address properly, to keep
yourself a bit safer when posting to open forums. Protect yourself and the rest
of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

thanks, I will try it and let you know
"Chuck" wrote in message
...
On Tue, 30 Nov 2004 10:36:22 -0500, "Britney" *email_address_deleted*
wrote:

Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.

So I did further troubleshooting, I went to command prompt, I type
ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host" &
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else could
be
the problem?

Britney,

Examine "hosts" carefully, using Notepad. Scroll to the end of the file,
by
hitting Ctrl-End, then back up to the top, page by page, before deciding
that it
is empty. Look out for blank lines at the beginning and end of the file,
after
localhost, placed there by an exploit.

Next, check for a registry hijack. Use Regedit, and look at the contents
of

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DataB
asePath].
That would normally contain "%SystemRoot%\System32\drivers\etc", but is
being
hijacked by various malware to use a hosts file placed elsewhere.

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware http://www.lavasoftusa.com/
HijackThis http://www.majorgeeks.com/download.php?det=3155
LSP-Fix http://www.cexx.org/lspfix.htm
WinsockXPFix http://www.spychecker.com/program/winsockxpfix.html
Spybot S&D http://www.safer-networking.org/index.php?page=download
Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run
them.
The other downloaded programs can be copied into, and run from, any
convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, run AdAware. First update it, configure for full scan
(http://forums.spywareinfo.com/index.php?showtopic=11150), then scan.
When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan ("Check for
problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in
Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save
the
HJT Log.
http://forums.spywareinfo.com/index.php?showtopic=227
http://forums.spywareinfo.com/index.php?showtopic=11150

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts,
here):
Aumha: http://forum.aumha.org/index.php
Net-Integration: http://forums.net-integration.net/
Spyware Info: http://forums.spywareinfo.com/
Spyware Warrior: http://spywarewarrior.com/index.php
Tom Coyote: http://forums.tomcoyote.org/

If removal of any spyware affects your ability to access the internet
(some
spyware builds itself into the network software, and its removal may
damage your
network), run LSP-Fix and / or WinsockXPFIx.

And Britney, please don't contribute to the spread and success of email
address
mining viruses. Posting your email address openly will get you more
unwanted
email, than wanted email. Learn to munge your email address properly, to
keep
yourself a bit safer when posting to open forums. Protect yourself and
the rest
of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

thanks, I will try it and let you know
"Chuck" wrote in message
...
On Tue, 30 Nov 2004 10:36:22 -0500, "Britney" *email_address_deleted*
wrote:

Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.

So I did further troubleshooting, I went to command prompt, I type
ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host" &
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else could
be
the problem?

Britney,

Examine "hosts" carefully, using Notepad. Scroll to the end of the file,
by
hitting Ctrl-End, then back up to the top, page by page, before deciding
that it
is empty. Look out for blank lines at the beginning and end of the file,
after
localhost, placed there by an exploit.

Next, check for a registry hijack. Use Regedit, and look at the contents
of

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DataB
asePath].
That would normally contain "%SystemRoot%\System32\drivers\etc", but is
being
hijacked by various malware to use a hosts file placed elsewhere.

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware http://www.lavasoftusa.com/
HijackThis http://www.majorgeeks.com/download.php?det=3155
LSP-Fix http://www.cexx.org/lspfix.htm
WinsockXPFix http://www.spychecker.com/program/winsockxpfix.html
Spybot S&D http://www.safer-networking.org/index.php?page=download
Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run
them.
The other downloaded programs can be copied into, and run from, any
convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, run AdAware. First update it, configure for full scan
(http://forums.spywareinfo.com/index.php?showtopic=11150), then scan.
When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan ("Check for
problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in
Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save
the
HJT Log.
http://forums.spywareinfo.com/index.php?showtopic=227
http://forums.spywareinfo.com/index.php?showtopic=11150

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts,
here):
Aumha: http://forum.aumha.org/index.php
Net-Integration: http://forums.net-integration.net/
Spyware Info: http://forums.spywareinfo.com/
Spyware Warrior: http://spywarewarrior.com/index.php
Tom Coyote: http://forums.tomcoyote.org/

If removal of any spyware affects your ability to access the internet
(some
spyware builds itself into the network software, and its removal may
damage your
network), run LSP-Fix and / or WinsockXPFIx.

And Britney, please don't contribute to the spread and success of email
address
mining viruses. Posting your email address openly will get you more
unwanted
email, than wanted email. Learn to munge your email address properly, to
keep
yourself a bit safer when posting to open forums. Protect yourself and
the rest
of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Hi Chuck,
I think it's problem in host file,
for some reason, I can't find anything wrong in the content of host, but
anyway I renamed it to host.bak, then create a brand new file host, then
the problem solved. I'm still confused, I wonder if my host file is
corrupted or I just don't know how to read it, I only see 127.0.0.1
localhost there



"Britney" wrote in message
...
thanks, I will try it and let you know
"Chuck" wrote in message
...
On Tue, 30 Nov 2004 10:36:22 -0500, "Britney" *email_address_deleted*
wrote:

Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.

So I did further troubleshooting, I went to command prompt, I type
ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host"
&
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else
could
be
the problem?

Britney,

Examine "hosts" carefully, using Notepad. Scroll to the end of the file,
by
hitting Ctrl-End, then back up to the top, page by page, before deciding
that it
is empty. Look out for blank lines at the beginning and end of the
file,
after
localhost, placed there by an exploit.

Next, check for a registry hijack. Use Regedit, and look at the
contents
of


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DataB
asePath].
That would normally contain "%SystemRoot%\System32\drivers\etc", but is
being
hijacked by various malware to use a hosts file placed elsewhere.

Now check for, and learn to defend against, additional problems -
adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
AdAware http://www.lavasoftusa.com/
HijackThis http://www.majorgeeks.com/download.php?det=3155
LSP-Fix http://www.cexx.org/lspfix.htm
WinsockXPFix http://www.spychecker.com/program/winsockxpfix.html
Spybot S&D http://www.safer-networking.org/index.php?page=download
Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger

Create a separate folder for HijackThis, such as C:\HijackThis - copy
the
downloaded file there. AdAware and Spybot S&D have install routines -
run
them.
The other downloaded programs can be copied into, and run from, any
convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, run AdAware. First update it, configure for full scan
(http://forums.spywareinfo.com/index.php?showtopic=11150), then scan.
When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan ("Check for
problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed
in
Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately.
Save
the
HJT Log.
http://forums.spywareinfo.com/index.php?showtopic=227
http://forums.spywareinfo.com/index.php?showtopic=11150

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts,
here):
Aumha: http://forum.aumha.org/index.php
Net-Integration: http://forums.net-integration.net/
Spyware Info: http://forums.spywareinfo.com/
Spyware Warrior: http://spywarewarrior.com/index.php
Tom Coyote: http://forums.tomcoyote.org/

If removal of any spyware affects your ability to access the internet
(some
spyware builds itself into the network software, and its removal may
damage your
network), run LSP-Fix and / or WinsockXPFIx.

And Britney, please don't contribute to the spread and success of email
address
mining viruses. Posting your email address openly will get you more
unwanted
email, than wanted email. Learn to munge your email address properly,
to
keep
yourself a bit safer when posting to open forums. Protect yourself and
the rest
of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

On Wed, 1 Dec 2004 10:17:51 -0500, "Britney" *email_address_deleted* wrote:

Hi Chuck,
I think it's problem in host file,
for some reason, I can't find anything wrong in the content of host, but
anyway I renamed it to host.bak, then create a brand new file host, then
the problem solved. I'm still confused, I wonder if my host file is
corrupted or I just don't know how to read it, I only see 127.0.0.1
localhost there

Britney,

For mysterious circumstances like this, IMHO, you should do a virus and spyware
check. Just renaming the hosts file might solve the problem temporarily, but
the software that changed it may change it again. HijackThis, when examined by
experts, should reveal any problem.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.