SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Software Support » Computer Security » Help! I can no longer access "any" .gc.ca sites

Computer Security

Discuss Computer Security- Viruses, Adware, Spyware, etc...

Closed Thread
 
LinkBack Thread Tools
  #31 (permalink)  
Old 04-13-2007, 11:50 PM
frustrated file-er V frustrated file-er V is offline
Junior Member
 
About:
Join Date: Apr 2007
Posts: 2
frustrated file-er V is on a distinguished road

Default


Quote:
Originally Posted by Sami View Post
Found five problems, run the HijackThis again and select these five items from your list and Click on Fix Checked

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O8 - Extra context menu item: &Search -
O17 - HKLM\System\CCS\Services\Tcpip\..\{25A1717F-55C5-4A55-8BC3-6A025CEE66CC}: NameServer = 85.255.116.77,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212

I Think the number 17 is causing you the problem it has put in nameservers from Ukraine
Hi Sami,
I have had the same problem for a number of months.
I Can't access gc.ca (Gov't of Canada) sites. And it's tax time!
I opened and downloaded HijackThis just now. It's results has almost the same Line 17 items (6 line items) listed above.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.77 85.255.112.212
Except last 5 digits of the Name Server numbers are different.
Is it safe to just "fix" those 6 lines?




Last edited by Sami; 04-18-2007 at 02:05 AM..
  #32 (permalink)  
Old 04-14-2007, 12:26 AM
Sami's Avatar
Sami Sami is offline
Administrator
 
About:
Join Date: Jan 2006
Location: New Jersey
Posts: 804
Sami has a spectacular aura aboutSami has a spectacular aura aboutSami has a spectacular aura about

Default


Yes its safe to delete those lines. But if you want you can post your log file here so that we can analyze it, and can guide you what to remove.



  #33 (permalink)  
Old 04-14-2007, 11:45 AM
frustrated file-er V frustrated file-er V is offline
Junior Member
 
About:
Join Date: Apr 2007
Posts: 2
frustrated file-er V is on a distinguished road

Default gc.ca problem solved


Wow you are GOOD!
I used the hijackthis download and the Fix and Repair icon after ticking the 6 lines of Line 017 info.
I could then successfully access the Government of Canada websites!
And sent them all my tax money! Gee thanks!
Seriously, you are to be commended.
I thank you.
I thank Google for helping me find SysChat and the previous poster Boardwalker and the hijackthis developer.
But you Sami found the problem and pointed the way out. Hats off.

V



  #34 (permalink)  
Old 04-14-2007, 11:17 PM
Boardwalker Boardwalker is offline
Junior Member
 
About:
Join Date: Apr 2007
Posts: 28
Boardwalker is on a distinguished road

Default


I'm glad every thing is working well for you.
This site is a Jewel and so are the people who keep it going.
I can only guess at the amount of time it takes to create and maintain the site.
I for one sure do appreciate it.
I came in here with a problem, very frustrated because of my inability to understand what was wrong.
Although I was on the verge of becoming a huge pain in the butt, I was dealt with fairly and with respect!
I am hoping that through study of this site I may be able to help someone in the future. Thanks again,
Emery




Last edited by Boardwalker; 04-14-2007 at 11:18 PM.. Reason: spelling
  #35 (permalink)  
Old 04-15-2007, 09:46 AM
Pizza53 Pizza53 is offline
Junior Member
 
About:
Join Date: Apr 2007
Location: Southern Ontario Canada
Posts: 8
Pizza53 is on a distinguished road

Default Redirected gc.ca sites


Quote:
Originally Posted by Boardwalker View Post
Sami;
Thank you! Thank you! Thank you!
What a smart, Kind person you are!

I take this opportunity to thank all those who responded to my dilemma and hope that the information that has transpired may help others in the future.

Having said that, I am sure that none could be as silly as I
I don't know what went wrong to cause the problems, but I have my suspicions LOL

At the risk of being a PITA, I have one more question.
Should I re-install IE7? which is what I was running before
Cheers, and good on all Ya's
I just thankfully found this thread.

I have the same problem on my fathers computer - he is turning 80. All the gc.ca sites are being redirected on his system to somes sites that he would definitely not visit if you know what I mean. I hope to try this solution and will see what it can do. Thanks for bringing your problem on line so others can see what assistance they gave you here. Wish me luck with my attempts.

Will be posting a log of my problem soon.

Pizza in Canada - Tax season and a hijacked gc.ca site is not at all good for some if not all systems.




  #36 (permalink)  
Old 04-15-2007, 12:45 PM
Boardwalker Boardwalker is offline
Junior Member
 
About:
Join Date: Apr 2007
Posts: 28
Boardwalker is on a distinguished road

Default re-directing


Hi Pizza53;
I know exactly what you mean.

Before the good people here fixed my problem, I would type in a .gc.ca site by other means and I would be re-directed to some astonishing sites with my Grandchildren looking over my shoulder, (not good!)

I have no idea how this happened, I suspect that one of my security systems messed up.
I tried contacting them both of them, and including the kahuna of the INTERNET, I won't mention any names.

What did I get= (thank you for buying our products)
Glad your problem is fixed and I hope you enjoy this site.
Cheers



  #37 (permalink)  
Old 04-15-2007, 06:18 PM
Pizza53 Pizza53 is offline
Junior Member
 
About:
Join Date: Apr 2007
Location: Southern Ontario Canada
Posts: 8
Pizza53 is on a distinguished road

Default GC.CA problem - Zip file of Hackthis.log


Hello,

Here is a zip file of hackthisJE.log.

This is the log of my fathers computer where we have the gc.ca problem and I ran Adaware and Spybot. When I ran spybot I found 4 errors relating to Micorosoft.Windows.Security.InternetExplorer:Setti ngs...
where the registry for
HKEY_LOCAL_MACHINE\Software\Internet Exploreer\Main\FeatureControl\FEATURE_LOCALMACHINE _LOCKDOWN\explorer.exe!=W=1

Mircosoft.WindowsSecurityCenter.AntivirusDisableNo tify:Settings...
where the registry for
HKEY_LOCAL_MACHINE\Software\Security Center\AntiVirusDisableNotify!=dword:0

Mircorsoft.WindowsSecurity Center.FirewallDisableNotify:Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft WindowsSecurityCenter_disabled: Settings....
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Start!=W=2

I removed these using Spybot.

Today I looked at his system and the Window Security Center told me that he did not have any antivirus, but at that moment the Nortons on his machine was doing an update and I had it scan, but the Security Center did not recognise that the program Nortons was on and running.... sheesh...

I ran Hijack This and got the following log.

Thanks for any help that you can give me.

Pizza53




Last edited by Sami; 04-18-2007 at 02:06 AM.. Reason: removed log file
  #38 (permalink)  
Old 04-15-2007, 06:27 PM
Pizza53 Pizza53 is offline
Junior Member
 
About:
Join Date: Apr 2007
Location: Southern Ontario Canada
Posts: 8
Pizza53 is on a distinguished road

Default


Quote:
Originally Posted by Pizza53 View Post
Hello,

Here is a zip file of hackthisJE.log.

This is the log of my fathers computer where we have the gc.ca problem and I ran Adaware and Spybot. When I ran spybot I found 4 errors relating to Micorosoft.Windows.Security.InternetExplorer:Setti ngs...
where the registry for
HKEY_LOCAL_MACHINE\Software\Internet Exploreer\Main\FeatureControl\FEATURE_LOCALMACHINE _LOCKDOWN\explorer.exe!=W=1

Mircosoft.WindowsSecurityCenter.AntivirusDisableNo tify:Settings...
where the registry for
HKEY_LOCAL_MACHINE\Software\Security Center\AntiVirusDisableNotify!=dword:0

Mircorsoft.WindowsSecurity Center.FirewallDisableNotify:Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft WindowsSecurityCenter_disabled: Settings....
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Start!=W=2

I removed these using Spybot.

Today I looked at his system and the Window Security Center told me that he did not have any antivirus, but at that moment the Nortons on his machine was doing an update and I had it scan, but the Security Center did not recognise that the program Nortons was on and running.... sheesh...

I ran Hijack This and got the following log.

Thanks for any help that you can give me.

Pizza53

Just noticed the following in the log...

O17 - HKLM\System\CCS\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{3482D08E-2DA5-4264-B691-5C40CE4F7A77}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165

Same as what was seen in the log of Boardwalker...

Is there anything else that could cause the other probem, or should I reset the registry back from what spybot had removed....



  #39 (permalink)  
Old 04-15-2007, 07:38 PM
Sami's Avatar
Sami Sami is offline
Administrator
 
About:
Join Date: Jan 2006
Location: New Jersey
Posts: 804
Sami has a spectacular aura aboutSami has a spectacular aura aboutSami has a spectacular aura about

Default


Hi Pizza53,

Yes remove these 5 entries, rest of them are ok.

O17 - HKLM\System\CCS\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{3482D08E-2DA5-4264-B691-5C40CE4F7A77}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{18483498-4575-4C26-A6A1-BBA73B54A840}: NameServer = 85.255.114.43,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.43 85.255.112.165



  #40 (permalink)  
Old 04-20-2007, 06:31 PM
mercer.stephen mercer.stephen is offline
Junior Member
 
About:
Join Date: Apr 2007
Posts: 1
mercer.stephen is on a distinguished road

Default Help!!


I am seeing the exact same problem ... used Hijack This - deleted the same entries BUT still can not gain access to the gc.ca domains.

Thanks in Advance,
Steve



Attached Files
File Type: log HijackThis.log (7.5 KB, 555 views)

Last edited by Sami; 04-20-2007 at 07:42 PM.. Reason: log file attached
Closed Thread





Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on



» Ads



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54