Avast WEBforum
Other => Viruses and worms => Topic started by: JoniB on February 28, 2013, 08:02:35 AM
-
I've saved the newest version of Avast that I found at filehippo.com to my laptop 32 bit. I then tried to download it on the computer, but I just get a message saying that it's not compatible with Win32. Am I missing something, or is this malware that is blocking help?
-
what AV did you use before installing avast?
have you removed it?
run these and try again http://forum.avast.com/index.php?topic=53253.0
AdwCleaner....click delete.....post log here
Malwarebyts......after quick scan, click remove selected if anything is found....post log
-
Searched, and this is the log.........
# AdwCleaner v2.113 - Logfile created 02/28/2013 at 02:24:30
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - USER-260401AF3B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\searchplugins\delta.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Toolbar4
Folder Found : C:\Documents and Settings\User\Application Data\Babylon
***** [Registry] *****
Key Found : HKCU\Software\5f6dbdae53eed15
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0 (en-US)
File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\prefs.js
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.id", "4053a21d0000000000000016cf4ea251");
Found : user_pref("extensions.delta.instlDay", "15740");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Found : user_pref("extensions.delta.vrsnTs", "1.8.10.09:33:31");
Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
-\\ Google Chrome v17.0.963.79
File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4154 octets] - [28/02/2013 02:24:30]
########## EOF - C:\AdwCleaner[R1].txt - [4214 octets] ##########
-
you must click delete in AdwCleaner to remove all those crap files.....the log you post is just serch
-
I've got Essentials, but wasn't finding whatever was bothering my system, so I thought I'd download Avast. It claims to help with the spyware I think may have my system infected. I didn't remove Essentials prior to saving Avast. I was expecting an objection by the software as a reaffirmation that I SHOULD remove it first. Perhaps that is why the notice, but it seems a strange notice to send as an objection for duplicating AV's. I also didn't want to remove Essentials prior to knowing that I wouldn't be making matters worse.
-
Deleted. Here is the next log:
***** [Registry] *****
Key Deleted : HKCU\Software\5f6dbdae53eed15
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0 (en-US)
File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\prefs.js
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\user.js ... Deleted !
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "4053a21d0000000000000016cf4ea251");
Deleted : user_pref("extensions.delta.instlDay", "15740");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.09:33:31");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
-\\ Google Chrome v17.0.963.79
File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4283 octets] - [28/02/2013 02:24:30]
AdwCleaner[S1].txt - [4419 octets] - [28/02/2013 02:34:52]
########## EOF - C:\AdwCleaner[S1].txt - [4479 octets] ##########
-
ok, continue with Malwarebytes quick scan.....and remove selected if anything is found
-
Nothing found. That's good.
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.28.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-260401AF3B [administrator]
Protection: Enabled
2/28/2013 2:54:34 AM
mbam-log-2013-02-28 (02-54-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200771
Time elapsed: 5 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
seems you are clean...try uninstall MSE and install avast again
if that does not work, see in the same guide i gave you...scroll down to OTL and attach (not copy and paste) the diagnostic log
then one of the experts here will have a look and see if he can spot a problem
they usually arrive here after work hours european time ;)
-
Will I need to add a firewall with Essentials? Not that I know what I'm talking about.... :}
-
*read "without" instead of "with"
-
for most users windows firewall is enough, and there are usually no complicated pop ups
-
Okay. I removed MSE and still get the same note when trying to load Avast. Now I'm naked!!!! :) Never thought about joining a colony before.....
-
strange.....run OTL attach OTL diagnostic log....i have send a PM to the expert so he will check the log later today
you may install MSE again so that you are not naked ;)
-
Specifically it states that ....(AVAST)....."is not a valid Win32 application".
-
Whew! ......believe me, it's not a pretty sight!
Well......thanks for your help. I guess I check back in later?
-
The OTL logs.....attached.
-
Hi delete the current copy of Avast from the desktop
Download from this direct link a new copy http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
Not a great deal showing
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1450960922-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Okay dokey. So.......why am I so special? Is it my good looks and beer belly?
-
Okay dokey. So.......why am I so special? Is it my good looks and beer belly?
Some people just have all the luck ;D
-
Nice!
I notice in your image of the OLT scanner, that you have two of the selections marked differently than mine is......should I match yours?
The selections:
1) Standard Registry: "All" instead of "Use Safe List".
2) Extra Registry: "Use Safe List" instead of "None".
-
No just leave it as it appears, that is just to show you where to paste the fix
-
Will do.
-
O, do I have exciting news for you!
Here is what happened:
!) I copied and pasted as instructed, and hit 'run fix' and then
2) Simultaneously (almost?) a note came from my re-installed MSE saying '....YO.....you got us turned oof....' (I swear I thought I had restarted that thing!) THEN:
3) I thought perhaps this is some malware trick and also worrying it would mess with OLT, I canceled it almost immediately, and also noticed that OLT had locked up! SOO.......
4) I disconnected my linksys, and borrowed another laptop to contact you by direct link to the router.
Viola!!
-
CORRECTION:
I notice that the WHOLE computor had locked up. I didn't turn it off, but left it as is, with the OLT locked up too....
-
OTL will stop all running processes whilst it is running and that includes MSE could you try the fix again and allow MSE to shutdown. It will restart on reboot
-
I'll make sure it's off line, right?
-
Yep that will do it ;D
-
Well.........for 30-60 minutes it has given me a picture of my desktop background without any files/icons showing and nothing else.
-
Well.........for 30-60 minutes it has given me a picture of my desktop background without any files/icons showing and nothing else.
Still the same.....I've got an errand to run. Be back in an hour.
-
OK stop OTL there is obviously something blocking it so time for a bigger hammer
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
I figured maybe I was supposed to do something, so I turned the laptop off and on, quick scanned and here is the result.....I will await your response first before going on to your next instruction.
-
Continue with combofix please, once run then retry an Avast installation