PDA

View Full Version : Weird problem in XP with trusted vs restricted sites


webado
02-18-2005, 05:32 PM
Weird problem in XP with trusted vs restricted sites

--------------------------------------------------------------------------------

Hi all!

I'm battling a weird problem with my friend's brand new computer that came with factory installed Windows XP and SP2.

She's not able to access certain sites which are perfectly accessible from another computer in her house, on the same connection.

We've played no end with security and privacy settings, firewall on/off.....

The only programs I installed there is Ad-Aware besides AVG. Spybot was next on the list to do but didn't get around to it.

Looking at Windows Explorer > Tools > Internet Options > Security at first the Trusted sites offered an empty list as did the Restricted sites. I found that strange, since mine are reasonably populated on Windows 2000 as well as on my laptop that runs XP.

I placed some of the problem sites in the Trusted sites. Still no go, couldn't connect, except sporadically. Today, over the phone, I was guiding her through this once again and we explored a bit more. Lo and behold the list of sites appear in both Trusted Sites and Restricted site the moment you start typing a site to add to either list. And very strangely, every site she has in the Trusted sites list also appears in the Restricted sites list! It's mind boggling.

The security setting for Restricted sites is at the highest level and for trusted sites it's at the lowest level.

This to me means it's a toss-out as to which setting will apply to any given site.

Both lists seem to have all the same sites on them (can't tell if one is longer than another but they seem to be equally represented in both).

The hosts file is empty.

I tried to find in Google some information on how to clear either list and start over, and I found some hint that there is only one registry key that holds both. I think that key may be messed up on her computer somehow. But I still don't know how to empty those lists other than one by one. It also seems that the Remove button doesn't work for all of them for some reason.

Whether that means there's a virus or trojan lurking there undetected by her anti-virus program (AVG) I don't know. I will be going over later and try to run some of those other virus detection programs like RAV and a couple more. I could think of better ways to spend a Friday afternoon though :?

But right now I'm trying to understand what's happening and maybe how it came about. The list of restricted sites being identical to trusted sites? That's very weird.

I'd like to avoid a reinstall or restore (from the restore CD as that's all we have to work with) of Windows XP & SP2 if possible.

I can isolate and back up the contents of My Documents (mercifully she's been good and kept all her new stuff in there). DItto for Explorer favourites.

I'm not keen on trying to salvage the email folders and address book, but if it has to be done so be it.

Also not keen on reinstalling the various programs that came factory installed with the computer.

Any ideas?

robinev
02-18-2005, 06:03 PM
Looking at Windows Explorer > Tools > Internet Options > Security at first the Trusted sites offered an empty list as did the Restricted sites. I found that strange, since mine are reasonably populated on Windows 2000 as well as on my laptop that runs XP.

I think that's the default for XP. I don't have anything in either list and I'm pretty sure I haven't changed that part of things.

Doesn't help with your problem... :roll: But it might help isolate where you don't have to look.

activewebs
02-18-2005, 06:23 PM
Hi Chris

Is XP saying there are scripts that it wont run when you access certain sites ?

I run XP sp2 And had probs with the fact that as default it wont let scripts run on the local M/C

Try> tools - internet options-advanced-security- and check box>"allow active content to run files in my computor"

Just a posibility
:shock:

Rich

webado
02-18-2005, 06:24 PM
Hmmm..... I do have things in those lists on my laptop in XP. But come to think of it I don't have SP2 there yet, as it first needs a bios upgrade and I've not had the guts to do that yet.

It may be a security feature SP2 brought on to hide at first glance those lists probaably from malware that may want to get to them.

What really puzzles me is that the 2 lists are the same. Surely that's not right.

jonra01
02-18-2005, 07:17 PM
I'm not sure what causes this problem. It may be a conflict between 2 or more anti-spyware programs. There is a way to clear both lists. This will return it to the default setting with no sites listed in either domain.

Go to this page - http://www.mvps.org/winhelp2002/restricted.htm - scroll down a little ways until you see "To remove all the sites listed in the Restricted Zone". Download the deldomains.inf and follow instructions.

John

webado
02-18-2005, 11:32 PM
Thanks, I saw that site too, but was wondering if there was more to it. I haven't tried this yet as timing wasn't good.

It does say it will clear both restricted and trusted sites though. I'd like to bring over a list of actual restricted sites from another computer, if there's any way to do this.

jonra01
02-19-2005, 02:22 AM
It does clear both restricted and trusted sites. The best way to handle this is to use a host file. You could also run spyware blaster to immunize IE. I've never really thought about it, but that's probably how spywareblaster immunization works, by putting a list of sites in restricted sites list. It also tightens up security settings in IE and Mozilla.

John

motorwatchercounter
02-19-2005, 03:13 AM
I would uninstall adaware and AVG (and spybot) if you have loaded it. Remove all sites from the trusted and restricted. Set trusted to low and restricted to high. Download and run regscrubxp http://www.majorgeeks.com/downloadget.php?id=2048&file=11&evp=50bd078f62c11086d8d7693510554b73e DONT DOWNLOAD SPYWARE DOCTOR. Run regscrubxp letting it look for problems and then allow it to fix them. Run regscrubxp again but this time pick the user define which will bring up a long list of reg keys. Have a good look through these to see if anything looks moody. If in doubt I use a search engine to find out. Download the microsoft antispyware http://www.microsoft.com/athome/security/spyware/software/default.mspx and run this.

Leave spybot and adaware off the PC as the windows version picks up a lot more than both of these two. Load the antivirus back on. Try Avast these is a free version but you do have to register http://www.avast.com/eng/avast_4_home2.html or any other.

If you are using a firewall turn off XP firewall.

Other free firewalls www.kerio.com/dwn/kpf2-en-win.exe
or zonealarm which gives you the option of a free online spyware check if you want to use it. http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za

If this doesn't work get a gallon of petrol and a box of matches. Take the PC outside, away from your home and.... well you can guess the rest. :wink:

webado
02-19-2005, 03:19 AM
It does clear both restricted and trusted sites. The best way to handle this is to use a host file. You could also run spyware blaster to immunize IE. I've never really thought about it, but that's probably how spywareblaster immunization works, by putting a list of sites in restricted sites list. It also tightens up security settings in IE and Mozilla.

John
I was using Spywareblaster on another pc, together with Spybot and Ad-Aware. Had to get rid of Spywareblaster as it was blocking me from many sites despite my normal internet settings. I think the combo with Spybot wasn't working all that well.

There seem to be lots of places that hold lists of sites to be banned, and it's kind of hectic trying to find all the bits and pieces.

For this particualr conputer I'm referring to I feel the list of restricted sites being exactly the same as the one of trusted sites is a mess caused by who knows what snafu. I've not been to see that pc yet, but will have to run all those virus detector programs too, just to rule out any of that stuff. It may have come with a virus from the original factory installation.

Another fried of mine just bought a brand new computer and the very first day, despite having Norton on it, managed to acquire a virus. She had to restore from the restore disk. Chances are it was already in there, because right from the start she wasn't able to surf anywhere.

jonra01
02-19-2005, 03:51 AM
Receiving a computer from the factory with a virus already on it is very unlikely, although not unknown. What's more likely is picking up a virus or worm, because the machine doesn't have an active firewall. I've read articles where they've created a test machine and it was found and infected within 30 minutes of being connected to the internet.

I must respectfully disagree with motorwatcher. While the MS anti-spyware beta does a pretty good job, it is not enough by itself. No program will catch every piece of spyware on your system. A recent test found that while the MS product was the best, it still only cleaned off 63% in a test run. That's why something like spywareblaster is essential. Stop it before it gets on your computer rather than clean it off later.

I use spywareblaster to innoculate my system and to set security in IE and Mozilla.

I use MS beta, ad-aware, and spybot s&d to clean my system on a regular basis.

I use spybot s&d's tool - teatimer - as an active monitor to block problems, as well as, a firewall - sygate personal firewall. Don't rely on XP's built in firewall, it only blocks incoming traffic.

I use hijackkthis, spybot s&d's tools, and registrarLite to clean out persistant infectons (which is very, very rare with this setup)

I use Norton's AV for my anti-virus program.

I also have a hosts file, which blocks lots of problems and speeds up surfing by blocking a lot of ad images on pages. The only problem with a hosts file (the same problem with restricted sites lists) is that it blocks some sites I don't want it to - such as statcounter.com. That is easily solved by searching the hosts file and commenting out the offending line with a #.

I'm putting together some information on this to post on my web site. It should be done in a few days, after I do some more testing and finish the writing.

John

motorwatchercounter
02-19-2005, 04:03 AM
I didn't mean don't use more than one spyware but I had MS, adaware and spybot running at one time and MS was the only one to pick up the remnants of kazza. I tried spyware blaster but didn't get on with it.

I also use a tweeked, top of the range AV which I pay for as the free ones are fine but there is always that doubt. I found that the Avast one I tested a while ago worked really well but it was a free trial of a pay for one not the free (diluted) one. I brought a different make as I got a good deal but I would have been very happy to have bought the Avast.

webado
02-19-2005, 04:07 AM
I guess it's all possible, but I also know the firewall was presumably already enabled right when you first turn on the computer. I got the same exact laptop, same store, and that's how it came. It does prompt to tweak it though, so I don't know what settings she may have changed right away.

The difference from the one that got infected immediately (or was so from the start) and mine is that she's using a dial-up connection and I'm using ADSL through a router which has an additional firewall of sorts. My other computers don't use any firewall anyway. Not since we used to have Zonealarm and it was messing up all sorts of things, so we took it off. Anyway, that one got solved.

It's this other one, a desktop from the same store, that worries me with those restricted/trusted sites and what it's doing.

Oh, well, I guess this one will have to wait until next week anyway, as neither my friend nor I are up to tackling this now. I also have to teach her a few things about safe surfing, so she'll not click indiscriminately on every stupid pop-up window that says Your computer may be infected... click here to find out!.

And yes, I know those pop-ups would not pop-up if she didn't have to specifically allow pop-ups on some stupid sites that use them for serious things like logging in (she's a travel agent and needs to access the wholesalers' sites). Why on earth they also allow garbage ads to be on their sites is beyond me. I guess the travel industry is in bad shape and they need the revenue from those ads, but that's ridiculous. :x

jonra01
02-19-2005, 04:46 AM
You should still have her use a pop-up blocker or talk her into using Mozilla or Firefox with their built-in pop-up blocker. Overriding the pop-up blocker is simply a matter of holding down the ctrl key when you click on a link.

As far as Firefox or Mozilla goes, you would have to download one of them and put it on a cd for her, since she is on dialup.

Those pop-ups you mention probably aren't on the sites she visits. They are probably the result of a piece of spyware she already has on her system. The virus she got was probably from opening an attachment in an email message or using Outlook Express with the preview pane on.

This is turning into a huge problem. Spyware is more prevelant than worms or viruses (have they ever determined if it's computer virii or viruses?). I deal with at least one computer per week that has become seriously infected. That's why I finally decided to put together some information on it.

John

webado
02-19-2005, 06:05 AM
Ok, sorry, but nwo we're getting 2 computers and their problems mixed up. My fault really.

The one that had the virus on day 1 has been solved and is no longer a problem. Case clsoed for now.

The one that may or may not have a virus, but has problems connecting to various sites (restricted sites list = trusted sites list) - this has 2 pop-up killers: windows XP as well as the Google toolbar. Some sites require pop-up windows to be enabled. Some of those sites also have stupid ads that throw pop-ups in your face. Once you enable pop-ups on that page just so that you can get to see the pop-up sign-in window, they all come along for the ride. She sometimes clicks on some of those stupid ones because they look like they might be intersting, or they belong or whatever. No, it's not any pre-existing spyware, I'm getting those as well on those same sites, but I stay away from clicking them.

Getting a browser other than IE for my friend is totally out of the question. She already resents having had switch to Windows XP after barely getting used to Windows 2000 - Windows 98 was what she'd been most comfortable with. Even after I set XP up on the classic look she still didn't like it. I can't blame her. I don't like the claymation-like icons and the hidden or grouped buttons in the task bar and all the pre-set stuff with deeply hidden controls.

At least IE 6 looks the same - on the outside.

And I myself could never make a credible pitch for using Firefox anyway, as I'm constantly fuming over its inability to get all its frigging plugins found and installed without lots of acrobatics on my part. I still have issues with some features that require an elusive plugin in Firefox yet are standard baggage in IE. I better shut up on this as I don't want this to turn into an IE vs Friefox issue. :lol:

jonra01
02-19-2005, 07:30 AM
Ok, I was confused about which was which. :roll:

Some sites require pop-up windows to be enabled.

I'm also a little confused when you say the sites require pop-ups to be enabled. Pop-ups aren't like cookies or javascript in that they are always enabled. A blocker just closes them before they open and get in your face. Simply holding down the ctrl key when you click a link that launches a pop-up will override the blocker. It should be just a matter of knowing which links you need to do this on.

It's still possible the pop-ups that are ads could be connected to some kind of spyware/adware. They might not be too. This is one of the many tricks these #$^%$@# use. Could you post a url to one of these sites so I can test it myself?

John

webado
02-19-2005, 02:34 PM
When I say pop-ups have to be enabled I simply mean pop-ups on that page have to not be blocked on the whole.

And no, I cannot post any url's at this point, as I don't have them handy myself. They are portals to various travel wholesalers' websites, and the pop-ups are created both by ads apparing there and by the log-in function. If I want to get the log-in pop-up, I cannot be blocking pop-ups on such a page. Maybe pop-up by pop-up can be specifically blocked or unblockd, but it is a headache to figure out which of the several pop-ups needs unblocking - so we either just block all from a page or none from a page.

Of course some of the pop-ups, especially if acted upon will introduce spyware or even viruses. They probably introduce spyware just by popping up. Adaware routinely picks up a handful of those daily, the only explanation being they got in from the pop-ups and/or some pop-unders. How serious they are, I don't know.