Cannot access any website with IP starting with 217.

Status
Not open for further replies.

Adze

Posts: 11   +0
Well as the title says, I can't get onto any website which IP begins with 217.

Websites I can think of off the top of my head include:
www.dsa.gov.uk
www.informationcommissioner.gov.uk
www.next.co.uk
www.marksandspencer.co.uk

But it gets a little stranger than that. I'm on a wireless network connected to ADSL with four other computers connected to it. Every single one of these computers can get on above named websites with no problem at all. So, that leads me to believe the problem isn't with the ISP or network, but with my computer.

I get the same problem with both IE and Firefox, being either "Connection timed out to (website)" or "Page cannot be displayed".

I've run a virus scan with AVG Free Edition and spyware scan with AdAware, both of which come up clean.

I'd greatly appreciate any help on this matter, it is rather frustrating. It's really confused me good 'n' proper and I have run fresh out of ideas as to what could be causing the problem. As I say it's limited only to sites which start with that specific IP. All my other browsing works absolutely fine.

If there's any essential info I've missed out then I'm sorry; I'll post it up if needed.

Cheers in advance.
 
Check your firewall settings. What happens if you type ping www.webname.xxx or ping 217.xx.xx.xx in a command session, timeout as well?
Substitute with real name/IP

Also check in IE under Tools/Internet Options/Security tab, Restricted Sites
 
Thanks for the prompt reply realblackstuff.

I don't have a software firewall and neither does my router. Pinging either the www.com or the IP yields the same results: Request Timed Out. Restricted sites in IE options is completely empty too.

This one's definitely a head-scratcher.
 
If you mean the one under system32\drivers\etc, then yes. All that's in is

127.0.0.1 localhost

along with all the blah with # in front, which I believe is correct.
 
This is what I get for all the IPs I try trace which begin with 217. Obviously the "Tracing route to...." part changes.


Tracing route to hostingservices.eechost.net [217.69.46.101]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
 
It is only addresses starting 217, as far as you're aware all others are OK?

Are you using DCHP from the router or static addresses?

It might be worth running HJT, although this does not seem likely to bear fruit.
 
As far as I'm aware it's just 217 IPs. I noticed a while back that I couldn't get on one website, then another, then another, all of which could be accessed by other computers on the network. It was only when I started poking around that I realised tha they were all 217 IPs.

I'm using DHCP, but my IP hasn't changed for a very long time, and probably won't.

I'm gonna guess that HJT is Hijack this? ....Anyway I don't have it and have never used it but I'll give it a try. Anything's worth a go I suppose.

Much appreciated.
 
Well I have the log file, and I can't really see anything that seems suspicious or that I don't know what it is. If it would help, I'll attach it here.
 
Attached: HJT Log file.

Hope it makes more sense to you than it does to me, but it all seems in order from what i've managed to understand.
 
First
Move HijackThis.exe to C:\HJT

Then turn off system restore (if applicable) & restart in safe mode.

This can be checked for removal
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: XBTB09580 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" <<< this could go unless you use it. Use control panel | add/remove programs
O4 - HKCU\..\Run: [internat.exe] internat.exe <<< unless this pointing to C:\winnt\system\internat,exe DELETE
____________________________________________________________________________________________

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
______________________________________________________________________________________________________

08 & 09 can be deleted they're extra buttons for IE (Firefox is better)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab


That should tiry things a little, but I don't think it will solve you 217 problem. I'll continue to give it some thought. Possibly someone else will chip in with some ideas.
 
Cleaned up as advised - Thanks!

All except:
O4 - HKCU\..\Run: [internat.exe] internat.exe <<< unlessthis pointing to C:\winnt\system\internat,exe DELETE.
I'm not quite sure how I would determine where this file 'points' to.

All the IE bits were just left over from when I used to use IE. I use Firefox almost all the time now and just switch to IE for certain things that Firefox doens't support like Fileplanet's download system and ordering Glastonbury tickets.

Anyway, not that I was expecting miracles, the 217 sites still don't work. Regardless, all the help is appreciated.
 
You said to delete unless it was pointing to C:\winnt\system\internat,exe. I'm not quite sure what you meant by that and since I didn't know how to find out and didn't want to risk getting rid of something if it is needed, I kept it. Thanks for the other links too.
 
The legitimate version is used for the language applet in task bar. So if you don't have more then one language it should go. The dodgy versions belong to worms, these should have been picked up by your AV.
This still leaves the original problem!
 
Boot in Safe Mode.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

GameDrvr.exe
internat.exe

Next, UNinstall anything to do with:
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\GetRight\xx2gr.dll

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINNT\system32\internat.exe
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: XBTB09580 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL (file missing)
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal.
 
Status
Not open for further replies.
Back