Xp system cannot get to any port 80

Four days ago I was using a Vista Ultimate laptop to remote desktop to my work machine. Remote work machine is an XP Service Pack 3 Laptop.

After a reboot of the XP laptop, I was unable to Remote Desktop to it. I checked it out and that appeared to be all that was wrong with the machine. I was able to connect to the multiple Instant Messanger servers (Yahoo, MSN and AIM) connect to my company Exchange server over HTTPS; connect to my time-card system (also HTTPS).

The next day I logged on and each of these still worked, however any attempt with any browser (IE6 Firefox, Chrome, telnet www.google.com 80) to go to an HTTP (80) server failed. It's not a DNS issue, as I can tracert to www.google.com easily; as well as ping; as well as SSH. Of course an application that goes to an HTTP server also fails (e.g. weather channel desktop).

I believe that I have performed all the steps (as well as a few others) in the malware removal. I even just tried reinstalling service pack 3 (hopefully I have not derrailed someone's efforts to help me with that one!) The "Repair of winsoc" in SuperAntiSpyware completed, but after the reboot, the condition is still the same.

Any assistance I can get would be appreciated. I don't relish the idea of reformatting and reloading about 2 dozen applications.

Cordially,

Mark

 

First of all, Thank you for responding, chaslang.

I'm not sure if it's good news or bad that the logs don't show a malware attack. Fighting a known enemy is often better than feeling around in the dark.

I suspected norton 360 in the first place, and went so far in the beginning of troubleshooting to un-install it. As there was no improvement, I reinstalled it. (of course it is now complaining that it needs to be activated, since it can't get to the symantic website)

I can indeed use http normally in safe mode, so at least we know that the basic drivers of the network system are working correctly.

As to the policy you note, it may have been part of the CISCO VPN software install. Otherwise, I would simply be guessing as to its source.

Since this is not necessarily a malware attack, should I move this post to a different support channel?

Cordially,

Mark.

 

I finally found the right search string to find the following blog entry. This solved my problem. I'm wondering if perhaps we should make this problem a sticky post with the stream title: CiscoVPN User has blocked port 80 under normal use.

http://beer234.blogspot.com/2008/10/port-80-blocked-windows-xp.html

Port 80 Blocked Windows XP

Symptom: Port 80 Is Blocked On A Windows XP PC. Various browsers all produce failures appearing because http is blocked IE port 80. Alternate ports like HTTPS over 443 may work just fine. Other traffic besides port 80 may also be blocked like ICMP (ping) or SSH on port 22.

This blocking behavior is usually due to a firewall being installed and activated. First check the Windows XP firewall and disable that. Look in the control panel, Windows Firewall icon. If this firewall is disabled check for other software based firewalls installed like Zone Alarm or products from Mcafee and Symantec like Norton or other personal firewall products.

In other cases we've seen port 80 blocked on Windows XP where no firewall seems to exist. In the case i'm thinking of it was a Cisco VPN client that was the problem. The Cisco VPN client has a Zone Alarm firewall. Sometimes even after the Cisco VPN client is uninstalled port 80 is still blocked and a user cannot use a browser to http but can use https. In this case try the following solution.

Restart the Windows XP PC in Safe Mode.
Run Regedit.exe to open the registry editor.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vsdatant
Click start in the right pane and modify the value to 3.
Restart the PC and port 80 should no longer be blocked and you can use http with any browser.

 

In my defense, I did check all firewalls. I had earlier uninstalled CISCO VPN, so it's firewall should not have been on the system.

The problem was that the cisco uninstall left the registry in an inconsistent state. changing one byte in the registry fixed the problem.

This will be my final post on this stream. Thank you for the help, although the problem had nothing to do with malicious software (just somewhat less-than-competent vendor software)