Weird security/parental issue

[G-Stress]

I was assisting a person with a modem installation today (cable modem) the customer currently had Verizon DSL with the premium MSN suite, but what's weird is before and after registering the modem internet access was restricted... unless he signed in through MSN explorer first, then he could access anything. His account was admin with no password set. We disabled all firewall's and the content advisor. He did have a password set for that, but we disabled it. I'm not too familiar with content advisor i've never used it. I didn't however change any settings in MSN explorer as I ran outta time and had to leave.

Anyone have any clue as to what could possibly be the cause of this. I use to work technical support for Verizon DSL and never had experienced this before.

He was using Zone Alarm as his firewall and internet security

XP Media Center Edition

I could also ping by IP successfully but even when trying to access the pingable sites through IE http://75.128.?.? I still could not access it. It queried connection problems or no connection to the internet.

[Sparda]

Did you give it some malware scannage?

[G-Stress]

Nope, I sure didn't. I didn't even think about that. I did fail to mention that when trying to access any site through IE MSN explorer would automatically pop up and mention something about parental controls and ask to sign in first. He didn't have FF or any alternative browser:( I didn't see any questionable processes running either :-?

[Sparda]

Well then, it's time for Ubuntu! :D

If there appears to be no parental control software installed, and the people who use it say they have never installed any, then I see no alternative then to reinstall the OS. It's quite possible that it's a form of malware forcing the use of the browser for it's own purposes (keylogging, browser history logging etc.).

[G-Stress]

Hmmm... I don't know, it's just weird, there doesn't seem to be any 3rd. party parental control software installed, but yea they did set parental controls via content advisor and I believe in MSN Explorer also. I'm gonna do some messing around and see if I can figure something out, it didn't appear to be a mal-ware issue I'm usually decent at spotting those;)

You keep mentioning Ubuntu in alot of your posts... you being "Sparda" I have to ask why you prefer Ubuntu, cause I am sooo tempted to try it out. What advantages does that have over any other live distro? Or should I say why do you prefer it over other distro's?

[Sparda]

You keep mentioning Ubuntu in alot of your posts... you being "Sparda" I have to ask why you prefer Ubuntu, cause I am sooo tempted to try it out. What advantages does that have over any other live distro? Or should I say why do you prefer it over other distro's?

I usually shout "Ubuntu!" when there is a mysterious windows problem, parodying mac fan boys who do the same ("I was writing a paper, on the PC..."). On a more serious note, you should give Ubuntu a try and spend the time to setup Gaim, Thunderbird or what ever programs you would use in windows (or there equivalents) just to see if you can stay with it. One of the problems when it comes to 'trying Linux' is that as soon as the live CD finishes loading people go 'Well... what now?" restart and boot windows again.

[digip]

Hmmm... I don't know, it's just weird, there doesn't seem to be any 3rd. party parental control software installed, but yea they did set parental controls via content advisor and I believe in MSN Explorer also. I'm gonna do some messing around and see if I can figure something out, it didn't appear to be a mal-ware issue I'm usually decent at spotting those;)

You keep mentioning Ubuntu in alot of your posts... you being "Sparda" I have to ask why you prefer Ubuntu, cause I am sooo tempted to try it out. What advantages does that have over any other live distro? Or should I say why do you prefer it over other distro's?

Did you shut down Zone Alarm? It has parental controls built in and they might be turned on.  Also, anythign installing with zone alarm on will give you problems. I had been using it for years and always shut it down before I install somehting as it tends to block things in the registry and can be a headache, but if Zone Alarm is off, then I would need to know more about what is running in the background.

Sparda made a good point. Try a malware scan and see if there is anything like a rootkit that got into the system. They often screw with things and can even block spyware/antivirus  scans Nstay little buggers that usually only seem to go away when starting in safe mode and then deleteing them so they can't run on startup next reboot.

[G-Stress]

@ Sparda

yea good point about the live CD's. I personally am tri-booting Vista, XP and my linux distro of choice Back|Track. I will give Ubuntu a try I've heard alot about it from alot of people lately.

@ digip

Yea I did shutdown ZoneAlarm along with all the other firewall's and software security related. Unless MSN Explorer runs something in the background security wise I don't know about. Nothing seem to really stick out in the task manager.

What would be your scanner of choice when scanning for malware?

[Sparda]

What would be your scanner of choice when scanning for malware?

If nothing 'sticks out' then it could (perhaps) be a devilish rootkit, try rootkit revealer (now a MS product) to see if any os anomalies are found (which is all rootkit revealer can tell you about), you your self have to investigate the anomalies further to determine if they are negligible or some thing that shouldn't be there.

[digip]

Have you tried an alternative browser? Like opera, FF? Sounds like it might be something in MSN Explorer and its ettings. I have never sued it but it may be the culprit.  Maybe they require you to login to the browser before you can access the net.

http://en.wikipedia.org/wiki/MSN_Explorer

[G-Stress]

@ Sparda

Sweet, I've never really scanned for rootkits and only done little reading about them so I will give that a shot at least for expierence.

@ digip

Yes! Exactly what I think is the case, but I didn't have time to mess with MSN Explorer settings I had to leave I told him I will give him a call later or come back and check it out more. That was the situation that he DID have to sign in to MSN Explorer before he was routable to anything on the internet.

He didn't have FF or Opera installed and I didn't have time to download it and try it out. I did have a dumb moment where I could not remember for the life of me how to set IE as the default browser :-? I'm gonna install MSN Explorer though and mess around and see if I notice anything related to his situation.

[Bigbro69]

For spyware/adware/malware, my toolkit is usually...

Adaware

Spybot Search & Destroy

Spysweeper

HijackThis

Microsoft Antispyware

RootkitRevealer

And for the viruses, AOL's Active Virus Shield picks up most nasties from that side of the fence.

:)

[digip]

For spyware/adware/malware, my toolkit is usually...

Adaware

Spybot Search & Destroy

Spysweeper

HijackThis

Microsoft Antispyware

RootkitRevealer

And for the viruses, AOL's Active Virus Shield picks up most nasties from that side of the fence.

:)

AOL is evil. I am surprised none of your software picked it up as spyware....