Cannot Find Server in Normal Mode, Only Safe Mode -> Possible Spyware

By almcneil ยท 6 replies
Dec 3, 2007
  1. Techies,

    I have a toughie here!

    A customer cannot find web sites in Normal Mode using any web browser (IE, Mozilla or Netscape.) But in Safe Mode, he can using any of them. Checked in NOrmal Mode and can ping any valid address. Obviously something is running in Normal Mode that is preventing access to DNS. Also, when launching new programs, the mouse becomes very slow.

    Initially checked for spyware using Ad-Aware 2007, Spybot Search & DEstroy and AVG Anti-Spyware in NOrmal Mode. Then uninstalled ZoneAlarm, Symantec NOrton INternet SEcurity and disabled Windows Firewall. Still have same problems. Tried disabling devices not used in Safe Mode while in NOrmal MOde, still same problem. Ran Spybot in Safe Mode, nothing.

    I have run HijackThis and attached a log. Can someone please review it and advise us on it. TIA!
  2. BlameCanada

    BlameCanada TS Rookie Posts: 320

    You need to rename Hijack This.exe to "Big-Fat-One.exe"

    and put it in it`s own folder,eg C:\\ProgramFiles\Hijack This\Big-Fat-One.exe

    Then run it.After that, run Combo fix.All the details HERE
  3. Jase123

    Jase123 Banned Posts: 1,012

    You are running hijackthis.exe in a temp folder. You need to put hijackthis.exe into a folder of it's own. This is because HJT makes backups of any changes you make and if it's in a temp folder - the backups will be deleted.

    It also comes to my attention that you are running an outdated version of Hijackthis - please follow my instructions below.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Jason :)

    This thread is for the use of almcneil ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
  4. almcneil

    almcneil TS Guru Topic Starter Posts: 1,277

    HijackThis Experts,

    As you requested, attached are the HijackThis, AVG Anti-spyware and ComboFix logs using the latest versions of said programs. I really appreciate your help in all of this! This customer is quite knowledgeable and uses an advanced setup so it's got to be a really tricky piece of spyware to cause him problems! Again, TIA!!
  5. Po`Girl

    Po`Girl TS Rookie Posts: 595

    I`m not an spyware expert,but I can`t see anything obvious in that lot.

    There does seem to be a large amount of security software,though.:haha:

    My only 2 cents,is that you try :

    - A completely clean boot.

    Go to msconfig,uncheck everything then go to the services tab,

    "Hide all Microsoft services" and then uncheck the 10 ? remaining ones.

    Then reboot.

    - Search the computer for vsmon.exe

    It`s part of ZA that sometimes sticks around to cause grief.

    - I`d normally say run Winsockfix but if everythings ok in Safe Mode, it won`t help much.:(

    - Oh and,the Norton Removal Tool is something you could recommend to your customer.It`s the only effective way to get rid of it :)
  6. momok

    momok TS Rookie Posts: 2,265


    Have HJT fix this entry:
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) -

    Are the problems still occurring? What exactly happens when you try to open a website? Please explain in detail thanks.

    momok =)

    This thread is for the use of almcneil only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  7. almcneil

    almcneil TS Guru Topic Starter Posts: 1,277


    Eureka!! Your suggestion to use the Norton Removal Tool did the trick!! Thank you very much!! We owe you one! Maybe a beer? We're canadian so be aware, our beer is STRONGER!! ;-)

    Thanks again!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...