Windows 7 can't access login.live.com on any browser (except Tor)

SHODAN2114

New Member
Joined
Jul 26, 2016
Messages
8
I'm seeing a blank page when I try to visit Sign in to your Microsoft account

It's not working in Chrome, Firefox or IE, but it does work in Tor browser. I'm using a Windows 7 PC which is connected via Ethernet.

I can view Sign in to your Microsoft account on my Windows 8 laptop which is connected via WiFi. this works using any browser on my laptop.

on my PC, I can't sign-in to any Microsoft website or application.

I open OneNote and it shows me the sign-in screen: http://i.imgur.com/57IdVso.png

I enter my Microsoft email address and click 'Next', then the log-in box goes completely blank: http://i.imgur.com/S1BQ5nK.png

I tried flushing my DNS settings. my IPv4/6 properties are set to obtain an IP address automatically. I'm seeing nothing unusual in Fiddler/network inspector... 200, OK.

no other websites are blocked, just Microsoft's log-in pages. the most annoying thing is that the Microsoft help forums require you to sign-in to your Microsoft account. can't get technical support over the phone because that is a paid service. any ideas?
 


Have you tried simply clearing the browser cache?

Otherwise, if you can install wireshark and send me a pcap file with the connection attempt I can take a look.
 


Have you tried simply clearing the browser cache?

Otherwise, if you can install wireshark and send me a pcap file with the connection attempt I can take a look.

yeah, tried clearing the cache on all my browsers. will PM you the pcap file
 


The ethernet FCS message can be ignored, this just means theres residual data on the line and doesn't really affect anything. As far as the package capture goes your system is talking to and receiving data correctly from the site.

What happens when you right click on the page and do view source? Can you post the code if any.
 


The ethernet FCS message can be ignored, this just means theres residual data on the line and doesn't really affect anything. As far as the package capture goes your system is talking to and receiving data correctly from the site.

What happens when you right click on the page and do view source? Can you post the code if any.

this is the script when I try to access login.live.com on latest version of IE11

<!DOCTYPE html><!-- ServerInfo: BL2IDSLGN1J014 2016.07.08.20.36.44 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDF089, - Version: 16,0,26416,0 -->
<!-- RequestLCID: 2057, Market:EN-GB, PrefCountry: UK, LangLCID: 2057, LangISO: EN-GB -->
<html dir="ltr" lang="EN-GB"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=Edge"/><base href="Sign in to your Microsoft account"/><script type="text/javascript">var PROOF = {};PROOF.Type = {SQSA: 6, CSS: 5, DeviceId: 4, Email: 1, AltEmail: 2, SMS: 3, HIP: 8, Birthday: 9, TOTPAuthenticator: 10, RecoveryCode: 11, StrongTicket: 13, TOTPAuthenticatorV2: 14, Voice: -3};</script><noscript><meta http-equiv="Refresh" content="0; URL=Microsoft account"/>Microsoft account requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Sign in to your Microsoft account</title><meta name="PageID" content="i5030"/><meta name="SiteID" content="1184"/><meta name="ReqLC" content="2057"/><meta name="LocLC" content="2057"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no"/><link rel="shortcut icon" href="Link Removed" />
<link rel="stylesheet" title="Default" type="text/css" href="Link Removed"/><style type="text/css">body.cb input.hip
{
border-width: 2px !important;
}
</style><style type="text/css">body{display:none;}</style><script type="text/javascript">if (top != self){try{top.location.replace(self.location.href);}catch (e){}}else{document.write(unescape('%3C%73') + 'tyle type="text/css">body{display:block !important;}</style>');}</script><noscript><style type="text/css">body{display:block !important;}</style></noscript><script type="text/javascript">var g_iSRSFailed=0,g_sSRSSuccess="";function SRSRetry(a,f,b){var e=1,d=unescape('%3Cscript type="text/javascript" src="'),c=unescape('"%3E%3C/script%3E');if(g_sSRSSuccess.indexOf(a)!=-1)return;if(typeof window[a]=="undefined"){g_iSRSFailed=1;b<=e&&document.write(d+f+c)}else g_sSRSSuccess+=a+"|"+b+","}
var g_dtFirstByte=new Date();var g_objPageMode = null;</script><link rel="image_src" href="Link Removed" / >
<script type="text/javascript">var ServerData = {Be:false,urlSwitch:'Microsoft account:"#~#partnerdomain#~# doesn\'t use this service. Please sign in with a Microsoft account or create a new account. <a href=\"#~#WLPaneHelpInviteBlockedURL_LS#~#\" id=\"idPaneHelpInviteBlockedLink9\">Learn More</a>",Bf:true,fHasBackgroundColor:false,l:'wa=wsignin1.0&rpsnv=12&ct=1469577956&rver=6.7.6643.0&wp=LBI&wreply=https:%2f%2fwww.msn.com%2fen-gb%2fhomepage%2fSecure%2fPassport%3fru%3dhttp%253a%252f%252fwww.msn.com%252fen-gb%252f%253focid%253diehp%2526pfr%253d1&lc=1033&id=1184&mkt=en-gb&pcexp=True&bk=1469577960',sCBUpTxt1:'',aX:"Use the primary phone number you\'ve associated with your Microsoft account. <a href=\"Link Removed" id=\"idPaneHelpOTCInfoLink9\" target=\"_blank\">Learn more</a>",AU:{},sCBUpTxt2:'',n:'Microsoft account:"Sign in",q:false,Bn:'https://auth.gfx.ms/16.000.26416.00...6416.00/Microsoft_Logotype_White.png',U:'',aA:"&copy;2016 Microsoft",Ar:false,av:'microsoft.com,Link Removed IDCRL Federation Partner',aB:'',aw:"Sign in to .",ax:"A single-use code lets you sign in without entering your password. This helps protect your account when you\'re using someone else\'s PC. <a href=\"Link Removed" id=\"idPaneHelpOTCInfoLink9\" target=\"_blank\">Learn more</a>",At:0,Au:{},Y:{},aD:'Microsoft account:"Your session has timed out. To request a single use code, please <a href=\"javascript:NewOTCRequest()\">refresh the page</a>.",Z:{'Logo':'','LogoAltText':'','LogoText':'','ShowWLHeader':true},aE:2,Aw:'',AB:'',Ax:'Microsoft – Official Home Page type="hidden" name="PPFT" id="i0327" value="DWXMFs665MIHBZmbxs7ZfnJ!ZCYPBB9rkt!e3rt*2iODDetVtgTF8f77ELbaWxeOejFoGGVkLthP156vYmejyXFbP4P*zdHzx8iMfAb!Vj0mrrZbFtAHBvW8sfYrWoXtqYZCO*UetBlvYVWXtF6DTab4s*VcByK5BBPFpIcb20cEj5B*e7dOp46g*UzNT0GWI3dD9S6x5mHJFIonxWy3ada3ADRJTjA6*N4ba9fFtSV*tGsvcw5gDYAq*qjJfj0o1mDFoyEW3I1YuX5pG!*O86Y$"/>',sPOST_NewUser:'',b:'',urlImagePath:'Link Removed type="text/javascript" src="Link Removed"></script>
<script type="text/javascript" src="Link Removed"></script>
<script type="text/javascript">SRSRetry("__DefaultLogin_Strings", "Link Removed", 1);SRSRetry("__DefaultLogin_Core", "Link Removed", 1);</script><script type="text/javascript">SRSRetry("__DefaultLogin_Strings", "Link Removed", 2);SRSRetry("__DefaultLogin_Core", "Link Removed", 2);</script></head>
<body class="cb" data-bind="defineGlobals: ServerData, bodyCssClass">
</body></html>
 


also, in the firefox console it says the following style sheet could not be loaded:

Link Removed
 


It looks like something is hijacking and injecting code. Boot into safe mode with networking and see if you can browse there. If so start scanning that system
 


Never mind i see those links too. I would still try booting into safe mode and test though.
 


booted in safe made (with networking) and still can't access microsoft login. I'm running a full scan with malwarebytes and security essentials; no rats on the ship so far. I verified java in both IE and firefox and made sure my version is up to date. I also checked that my date & time was in sync. I talked to my ISP about it. their last resort was to mail me a new router. however, I don't think this will resolve the problem. I can connect to login.live.com via WiFi on my laptop. I can't connect to login.live.com via Ethernet or WiFi on my PC.
 


should have mentioned in original post... when I type login.live.com into the address bar in IE, then hit enter, I get redirected to this site (without the space following https):

Sign in to your Microsoft account

https ://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1469583181&rver=6.7.6643.0&wp=LBI&wreply=https:%2f%2fwww.msn.com%2fen-gb%2fhomepage%2fSecure%2fPassport%3fru%3dhttp%253a%252f%252fwww.msn.com%252fen-gb%252f%253focid%253diehp%2526pfr%253d1&lc=1033&id=1184&mkt=en-gb&pcexp=True
 


Last edited:
Good to hear. The hosts file is rarely used anymore, but does take precedence over DNS.
 


Back
Top