Cannot Find Server in Normal Mode, Only Safe Mode -> Possible Spyware

[almcneil]

Techies,

I have a toughie here!

A customer cannot find web sites in Normal Mode using any web browser (IE, Mozilla or Netscape.) But in Safe Mode, he can using any of them. Checked in NOrmal Mode and can ping any valid address. Obviously something is running in Normal Mode that is preventing access to DNS. Also, when launching new programs, the mouse becomes very slow.

Initially checked for spyware using Ad-Aware 2007, Spybot Search & DEstroy and AVG Anti-Spyware in NOrmal Mode. Then uninstalled ZoneAlarm, Symantec NOrton INternet SEcurity and disabled Windows Firewall. Still have same problems. Tried disabling devices not used in Safe Mode while in NOrmal MOde, still same problem. Ran Spybot in Safe Mode, nothing.

I have run HijackThis and attached a log. Can someone please review it and advise us on it. TIA!

 

[BlameCanada]

You need to rename Hijack This.exe to "Big-Fat-One.exe"

and put it in it`s own folder,eg C:\\ProgramFiles\Hijack This\Big-Fat-One.exe

Then run it.After that, run Combo fix.All the details HERE

 

[Jase123]

You are running hijackthis.exe in a temp folder. You need to put hijackthis.exe into a folder of it's own. This is because HJT makes backups of any changes you make and if it's in a temp folder - the backups will be deleted.

It also comes to my attention that you are running an outdated version of Hijackthis - please follow my instructions below.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Jason

This thread is for the use of almcneil ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.

 

[almcneil]

HijackThis Experts,

As you requested, attached are the HijackThis, AVG Anti-spyware and ComboFix logs using the latest versions of said programs. I really appreciate your help in all of this! This customer is quite knowledgeable and uses an advanced setup so it's got to be a really tricky piece of spyware to cause him problems! Again, TIA!!

 

[Po`Girl]

I`m not an spyware expert,but I can`t see anything obvious in that lot.

There does seem to be a large amount of security software,though.:haha:

My only 2 cents,is that you try :

- A completely clean boot.

Go to msconfig,uncheck everything then go to the services tab,

"Hide all Microsoft services" and then uncheck the 10 ? remaining ones.

Then reboot.

- Search the computer for vsmon.exe

It`s part of ZA that sometimes sticks around to cause grief.

- I`d normally say run Winsockfix but if everythings ok in Safe Mode, it won`t help much.

- Oh and,the Norton Removal Tool is something you could recommend to your customer.It`s the only effective way to get rid of it

 

[momok]

Hi,

Have HJT fix this entry:
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB

Are the problems still occurring? What exactly happens when you try to open a website? Please explain in detail thanks.

Regards,
momok =)

This thread is for the use of almcneil only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[almcneil]

Eureka!!

I`m not an spyware expert,but I can`t see anything obvious in that lot.

...

- Oh and,the Norton Removal Tool is something you could recommend to your customer.It`s the only effective way to get rid of it

Eureka!! Your suggestion to use the Norton Removal Tool did the trick!! Thank you very much!! We owe you one! Maybe a beer? We're canadian so be aware, our beer is STRONGER!! ;-)

Thanks again!