TechSpot

Cannot access any website with IP starting with 217.

By Adze
Jun 25, 2005
  1. Well as the title says, I can't get onto any website which IP begins with 217.

    Websites I can think of off the top of my head include:
    www.dsa.gov.uk
    www.informationcommissioner.gov.uk
    www.next.co.uk
    www.marksandspencer.co.uk

    But it gets a little stranger than that. I'm on a wireless network connected to ADSL with four other computers connected to it. Every single one of these computers can get on above named websites with no problem at all. So, that leads me to believe the problem isn't with the ISP or network, but with my computer.

    I get the same problem with both IE and Firefox, being either "Connection timed out to (website)" or "Page cannot be displayed".

    I've run a virus scan with AVG Free Edition and spyware scan with AdAware, both of which come up clean.

    I'd greatly appreciate any help on this matter, it is rather frustrating. It's really confused me good 'n' proper and I have run fresh out of ideas as to what could be causing the problem. As I say it's limited only to sites which start with that specific IP. All my other browsing works absolutely fine.

    If there's any essential info I've missed out then I'm sorry; I'll post it up if needed.

    Cheers in advance.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Check your firewall settings. What happens if you type ping www.webname.xxx or ping 217.xx.xx.xx in a command session, timeout as well?
    Substitute with real name/IP

    Also check in IE under Tools/Internet Options/Security tab, Restricted Sites
     
  3. Adze

    Adze TS Rookie Topic Starter

    Thanks for the prompt reply realblackstuff.

    I don't have a software firewall and neither does my router. Pinging either the www.com or the IP yields the same results: Request Timed Out. Restricted sites in IE options is completely empty too.

    This one's definitely a head-scratcher.
     
  4. mickylaren

    mickylaren TS Rookie Posts: 16

    Have you checked your HOSTS file?
     
  5. Adze

    Adze TS Rookie Topic Starter

    If you mean the one under system32\drivers\etc, then yes. All that's in is

    127.0.0.1 localhost

    along with all the blah with # in front, which I believe is correct.
     
  6. IronDuke

    IronDuke TS Rookie Posts: 856

    Try tracert 217.xxx.xxx.xxx see if that goes anywhere,
     
  7. Adze

    Adze TS Rookie Topic Starter

    This is what I get for all the IPs I try trace which begin with 217. Obviously the "Tracing route to...." part changes.


    Tracing route to hostingservices.eechost.net [217.69.46.101]
    over a maximum of 30 hops:

    1 * * * Request timed out.
    2 * * * Request timed out.
    3 * * * Request timed out.
    4 * * * Request timed out.
     
  8. IronDuke

    IronDuke TS Rookie Posts: 856

    Try in the Run box cmd /k ipconfig /flushdns. Then try a tracert.
     
  9. Adze

    Adze TS Rookie Topic Starter

    Unfortunately I get exactly the same message.
     
  10. IronDuke

    IronDuke TS Rookie Posts: 856

    It is only addresses starting 217, as far as you're aware all others are OK?

    Are you using DCHP from the router or static addresses?

    It might be worth running HJT, although this does not seem likely to bear fruit.
     
  11. Adze

    Adze TS Rookie Topic Starter

    As far as I'm aware it's just 217 IPs. I noticed a while back that I couldn't get on one website, then another, then another, all of which could be accessed by other computers on the network. It was only when I started poking around that I realised tha they were all 217 IPs.

    I'm using DHCP, but my IP hasn't changed for a very long time, and probably won't.

    I'm gonna guess that HJT is Hijack this? ....Anyway I don't have it and have never used it but I'll give it a try. Anything's worth a go I suppose.

    Much appreciated.
     
  12. IronDuke

    IronDuke TS Rookie Posts: 856

  13. Adze

    Adze TS Rookie Topic Starter

    Well I have the log file, and I can't really see anything that seems suspicious or that I don't know what it is. If it would help, I'll attach it here.
     
  14. IronDuke

    IronDuke TS Rookie Posts: 856

    Why not, its probably clean.
     
  15. Adze

    Adze TS Rookie Topic Starter

    Attached: HJT Log file.

    Hope it makes more sense to you than it does to me, but it all seems in order from what i've managed to understand.
     
  16. IronDuke

    IronDuke TS Rookie Posts: 856

    First
    Move HijackThis.exe to C:\HJT

    Then turn off system restore (if applicable) & restart in safe mode.

    This can be checked for removal
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: XBTB09580 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL (file missing)
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" <<< this could go unless you use it. Use control panel | add/remove programs
    O4 - HKCU\..\Run: [internat.exe] internat.exe <<< unless this pointing to C:\winnt\system\internat,exe DELETE
    ____________________________________________________________________________________________

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    ______________________________________________________________________________________________________

    08 & 09 can be deleted they're extra buttons for IE (Firefox is better)

    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab


    That should tiry things a little, but I don't think it will solve you 217 problem. I'll continue to give it some thought. Possibly someone else will chip in with some ideas.
     
  17. Adze

    Adze TS Rookie Topic Starter

    Cleaned up as advised - Thanks!

    All except:
    O4 - HKCU\..\Run: [internat.exe] internat.exe <<< unlessthis pointing to C:\winnt\system\internat,exe DELETE.
    I'm not quite sure how I would determine where this file 'points' to.

    All the IE bits were just left over from when I used to use IE. I use Firefox almost all the time now and just switch to IE for certain things that Firefox doens't support like Fileplanet's download system and ordering Glastonbury tickets.

    Anyway, not that I was expecting miracles, the 217 sites still don't work. Regardless, all the help is appreciated.
     
  18. IronDuke

    IronDuke TS Rookie Posts: 856

    ADZE another couple of downloads that are quite popular here abouts
    Ewido
    Spybot
     
  19. IronDuke

    IronDuke TS Rookie Posts: 856

    What was the reason for not getting rid of internat.exe?
     
  20. Adze

    Adze TS Rookie Topic Starter

    You said to delete unless it was pointing to C:\winnt\system\internat,exe. I'm not quite sure what you meant by that and since I didn't know how to find out and didn't want to risk getting rid of something if it is needed, I kept it. Thanks for the other links too.
     
  21. IronDuke

    IronDuke TS Rookie Posts: 856

    The legitimate version is used for the language applet in task bar. So if you don't have more then one language it should go. The dodgy versions belong to worms, these should have been picked up by your AV.
    This still leaves the original problem!
     
  22. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    GameDrvr.exe
    internat.exe

    Next, UNinstall anything to do with:
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\Program Files\GetRight\xx2gr.dll

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\WINNT\system32\internat.exe
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: XBTB09580 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL (file missing)
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal.
     
  23. Adze

    Adze TS Rookie Topic Starter

    Do you think these are related to my problems with the 217 IPs?
     
  24. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    The mentioned HJT items all concern ad/spyware.
    You won't know until you got rid of them.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...