NIS 2009 scan crashes on SecurityRisk.ProxyDNS check

Norton Security | Norton Internet Security
1

I have recently installed NIS 2009 and every time I run a Full or Quick scan the scan stops when it is at the SecurityRisk.ProxyDNS check. The program appears to have crashed as the Stop Scan button will not abort the scan, and Windows Task Manager will also not close the program. The only way I can abort is to do a hard reset of the PC.

 

Previously I had Norton 360 installed and that worked OK.

 

I used the Norton Remove Tool to uninstall NIS 2009, and then reinstalled NIS 2009. Same problem.

 

When I run the PC in Windows Safe mode the scan completes OK, although it pauses for several minutes on the SecurityRisk.ProxyDNS check, but the Full system scan took nearly two hours (it only found some tracking cookies - nothing nasty). I have NIS 2009 set not to scan within compressed files. It is patched up to date.

 

I do not really want to go back to Norton 360 as there are features that I do not need or want.

 

Any ideas what is causing NIS 2009 to crash consistently at this same point in the scan.

2

Hi, towos2000,

 

Welcome to the Norton Community.

 

Please can you confirm if you have followed the Removal Instructions for SecurityRisk.ProxyDNS (http://www.symantec.com/security_response/writeup.jsp?docid=2008-011723-0842-99&tabid=3)?  If you have, what was the result?

 

Message Edited by Floating_Red on 07-22-2009 11:22 PM
3

Hi Towos2000:

 

Could you also download and run Hijackthis for us.  You will be able to post the log by using the "add attachments" link just below the post button.  One of our analysts will look at it for you to see what is on your system that might be sticking.

 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

4

Floating_red

 

Yes I followed the instructions for removal of ProxyDNS - nothing malicious found. Problem not fixed.

 

Regards

Towos2000

5

Delphinium

 

HijackThis log file attached. Thanks for your offer to inspect it.

 

Regards

 Towos2000

6

Hi,

 

Thanks for getting back to me.

 

Have you tried a Full System Scan in Safe Mode?  And does it still stick at SecurityRisk.ProxyDNS?

 

7

Floating_red

 

Full system scan in safe mode completes OK, although it did pause at the same point for probably a minute, before moving on. Only tracking cookies found during the scan, nothing serious.

 

Regards

Towos2000

8
towos2000 wrote:

Floating_red

 

Full system scan in safe mode completes OK, although it did pause at the same point for probably a minute, before moving on. Only tracking cookies found during the scan, nothing serious.

 

Regards

Towos2000

 

That's fine.

 

This can tell us that it is either both or one or the other of:

 

- Your Driver has been damaged.  You can Run a Disc Check to see if Windows Detects any problems and can automatically Fix them. 

 

- There is a Threat on your computer that is not letting the Scan pass that point.  You could Download and Install and Update Malwarebytes' Anti-Malware and do a Full System Scan in Normal and in Safe Mode of All Available Drivers.

 

9

Hi towos2000:

 

It looks like you have some anomalies in your HJT,  I will have to find an analyst to look at it, so there my be a delay until one of them comes online.

10
delphinium wrote:

...so there my be a delay until one of them comes online.

Hi, twows2000,

 

Why not use this time to do a Full Scan with Malwarebytes' Anti-Malware in Normal and in Safe Mode?  If you do do this, please do let us know the Results.  Please do not Buy Malwarebytes' Anti-Malware as this will add Real-Time Protection, which is what your Norton Product has.  Make sure you always do Anti-Virus Scans dis-connected from the Internet, and that you Update the Product before dis-connecting.

 

Thanks for your co-operation so far!

 

 

Malwarebytes' Anti-Malware for Windows: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentBody;mostPopTwoColWrap.

 

Starting the computer in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam.

 

Message Edited by Floating_Red on 07-23-2009 11:50 PM
11

Hi towos2000,

 

You may need to fix the following entries from your Hijackthis log.

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - Global Startup: Empowering Technology Launcher.lnk = ?

 

Run Hijackthis scan, select only the above entries and click Fix.

 

Yogesh

12

Yogesh, Delphinium

 

I deleted

 

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O4 - Global Startup: Empowering Technology Launcher.lnk = ?

 

but HijackThis could not delete

 

O4 - HKCU\..\Run: [?????????] ??????????????e

 

Problem with NIS2009 not solved.

 

Regards

TOWOS2000

13

Floating_Red

 

Disc Check found no problems.

 

Malwarebytes' Anti-Malware check in Safe Mode took 47 minutes and found no problems.

 

Malwarebytes' Anti-Malware check in Normal mode, I left running overnight, and this morning, Malwarebytes' Anti-Malware had crashed, with the normal Windows error message.

 

Regards

Towos2000

14

towos2000:

 

See if you can delete it in safe mode.  Let us know if that works.

 

Also try this one in case.Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Choose report or log, check all the boxes and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Message Edited by delphinium on 07-26-2009 05:18 AM
15

Delphinium

 

I was still unable to carry out the delete using HijackThis, with Windows in Safe mode.

 

SysProt log attached.

 

Regards

Towos2000

16

towos2000

 

With your logs coming back clean, lets move to a Windows side for a moment.  Are you running XP or Vista?  What SP level and is the system 32 bit or 64 bit?

 

You can try to flush your DNS and resetting the winsock.

1. Click Start > Run, type ipconfig /flushdns and click OK.


2. Click Start > Run, type cmd and click OK. 

 

(Note : If you are running Vista you will need an elevated Command prompt here;  Click START and in the start search box type cmd.  Right click on the cmd.exe entry on the top of the list and select Runs as Administartor.  Click continue in the User Account Control pop up.) 

 


3. in the command prompt, type the following and press Enter after each line:

netsh int ip reset resetlog.txt [Enter]

netsh winsock reset [Enter]

exit [Enter]

17

Hi

 

"With your logs coming back clean, lets move to a Windows side for a moment.  Are you running XP or Vista?  What SP level "

 

Ummmmm

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:31:43, on 23/07/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

 LOL

 

Hahahaha

 

Quads 

18

dbrisendine

 

I am running Windows Vista SP2 32 bit

 

I ran your suggested DNS and WinSock routines. No change.

 

Regards

Towos2000

19

All

 

I think you are all telling me, that as far as you can see, my PC is clean.

 

So I tried a bit of lateral thinking.......

 

I added the SecurityRisk.ProxyDNS test to the NIS2009 signature exclusion list, in an effort to see what would happen if I did not run that specific test.

 

Answer......

 

NIS2009 still runs the SecurityRisk.ProxyDNS test and crashes.

 

Is there something else I have to do to get NIS2009 to recognise something I have added to the signature exclusion list ?

 

Regards

Towos2000

 

 

20

Hi, towos2000,

 

When did you install Norton 2009 Product?