Cannot Find Server in Normal Mode, Only Safe Mode -> Possible Spyware

By almcneil
Dec 3, 2007
Topic Status:
Not open for further replies.
  1. Techies,

    I have a toughie here!

    A customer cannot find web sites in Normal Mode using any web browser (IE, Mozilla or Netscape.) But in Safe Mode, he can using any of them. Checked in NOrmal Mode and can ping any valid address. Obviously something is running in Normal Mode that is preventing access to DNS. Also, when launching new programs, the mouse becomes very slow.

    Initially checked for spyware using Ad-Aware 2007, Spybot Search & DEstroy and AVG Anti-Spyware in NOrmal Mode. Then uninstalled ZoneAlarm, Symantec NOrton INternet SEcurity and disabled Windows Firewall. Still have same problems. Tried disabling devices not used in Safe Mode while in NOrmal MOde, still same problem. Ran Spybot in Safe Mode, nothing.

    I have run HijackThis and attached a log. Can someone please review it and advise us on it. TIA!
  2. BlameCanada

    BlameCanada Newcomer, in training Posts: 356

    You need to rename Hijack This.exe to "Big-Fat-One.exe"

    and put it in it`s own folder,eg C:\\ProgramFiles\Hijack This\Big-Fat-One.exe

    Then run it.After that, run Combo fix.All the details HERE
  3. Jase123

    Jase123 Banned Posts: 1,122

    You are running hijackthis.exe in a temp folder. You need to put hijackthis.exe into a folder of it's own. This is because HJT makes backups of any changes you make and if it's in a temp folder - the backups will be deleted.

    It also comes to my attention that you are running an outdated version of Hijackthis - please follow my instructions below.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.


    Regards Jason :)

    This thread is for the use of almcneil ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
  4. almcneil

    almcneil TechSpot Guru Topic Starter Posts: 1,554

    HijackThis Experts,

    As you requested, attached are the HijackThis, AVG Anti-spyware and ComboFix logs using the latest versions of said programs. I really appreciate your help in all of this! This customer is quite knowledgeable and uses an advanced setup so it's got to be a really tricky piece of spyware to cause him problems! Again, TIA!!
  5. Po`Girl

    Po`Girl Newcomer, in training Posts: 668

    I`m not an spyware expert,but I can`t see anything obvious in that lot.

    There does seem to be a large amount of security software,though.:haha:

    My only 2 cents,is that you try :

    - A completely clean boot.

    Go to msconfig,uncheck everything then go to the services tab,

    "Hide all Microsoft services" and then uncheck the 10 ? remaining ones.

    Then reboot.

    - Search the computer for vsmon.exe

    It`s part of ZA that sometimes sticks around to cause grief.

    - I`d normally say run Winsockfix but if everythings ok in Safe Mode, it won`t help much.:(

    - Oh and,the Norton Removal Tool is something you could recommend to your customer.It`s the only effective way to get rid of it :)
  6. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Have HJT fix this entry:
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB

    Are the problems still occurring? What exactly happens when you try to open a website? Please explain in detail thanks.

    Regards,
    momok =)

    This thread is for the use of almcneil only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  7. almcneil

    almcneil TechSpot Guru Topic Starter Posts: 1,554

    Eureka!!

    Eureka!! Your suggestion to use the Norton Removal Tool did the trick!! Thank you very much!! We owe you one! Maybe a beer? We're canadian so be aware, our beer is STRONGER!! ;-)

    Thanks again!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.