Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: rickjames8 on October 25, 2011, 05:46:03 PM

Title: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 05:46:03 PM
Hello,

I've been a happy Avast user for years without issue.   The other night my avast was turned off by something, and it will not allow me to restart.   In the summary tab, it just says "Unsecured" with a red X.  When I click "FIX NOW", it says "The following components could not be started:  Mail Shield, IM Shield, P2P Shield, File System Shield, Web Shield, Script Shield, Behavior Shield, Network Shield".   If I click the link that says "Start program", it has no response at all. 

I uninstalled Avast in safe mode using the Avast uninstaller as mentioned by another post on this forum.  I then downloaded the latest Avast and re-installed.  Avast worked properly for 5 minutes and then stopped and shows the same symptoms listed above. 

I uninstalled-reinstalled and tried to run a full system check, but after 35 hours, it still says 0% checked, and once again Avast has been turned off.

I am running Windows 7 and using Firefox.

I also seem to have an issue with Firefox where all my google search results direct me to a page called "CC Search".   Not sure if that is a related symptom, or if its a virus I got because my Avast was down.

It feels like I have some sort of virus which is designed to attack Avast and make it turn off.   Is that possible?

-Rick
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 05:52:40 PM
Also, I am running the Windows firewall, but no other security software.  The set up I have currently is how my Avast was running for quite some time. 
Title: Re: Avast keepts getting turned off by something
Post by: Pondus on October 25, 2011, 05:54:52 PM
have you run a quick scan with a updated Malwarebytes for a second opinion ?
Title: Re: Avast keepts getting turned off by something
Post by: iyogisolutions1 on October 25, 2011, 06:04:06 PM
Hi,

 Can you try to visit some of the common websites like yahoo.com, espn.com ot nasa.gov and please update us with the results. This is just to make sure that whether your browzser is being hijacked or not.

Have a wonderful day.. Good Karma!
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 06:31:56 PM
Browzer works fine.   Any site I try to visit directly will work.   However, if I google 'antivirus', and google gives me a page of 10 results, if I click on any of those 10 results (lets say one is www.avast.com), it will take me to a page called "CC Search" where it lists THEIR results for my original search of 'antivirus' in hopes that I'll click the links and they'll get the pay-per-click ad revenue.  However, the address in the nav bar would still read 'www.avast.com', so by highlighting and clicking it will take me to the site I originally intended to go to.   So I can still use FF, but with a work-around.

I am not familiar with malwarebytes.  I will try that and post results.
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 06:41:43 PM
Downloaded and ran Malwarebytes and it seems to have a similar response to Avast.  It installed fine and began to run a check and then shut down after 0:00:04.  When I try to re-start it from the start menu, it says: "Windows cannot access the specified device, path or file.".    However, I still see it in my systems tray with checkboxes checked for "Enable protection, Website Blocking and Start with Windows", but I can not bring up any sort of control panel by clicking on the icon.   When I try to select "Start Scanner", it does nothing.   No reaction. 
Title: Re: Avast keepts getting turned off by something
Post by: Pondus on October 25, 2011, 06:45:52 PM
follow the guide here and attach the logs  http://forum.avast.com/index.php?topic=53253.0

essexboy will then have a look when he arrive in a few hours....i will notifie him
Title: Re: Avast keepts getting turned off by something
Post by: iyogisolutions1 on October 25, 2011, 07:00:26 PM
Hi,

  This seems to be a rootkit infection in the computer.

   We need a few more info regarding the infection. So can you open the Task Manager by pressing Ctrl+Alt+Delete buttons and go for Process tab. Please check for an entry with
"random set of numbers":"random set of numbers" for example "456896:45689512xxxxx". And please update us back.

Have a wonderful day. Good Karma! 
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 07:23:01 PM
No numbers-named process running.  All processes can be identified.
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 07:24:43 PM
Attached is the OTL text file in ANSI format as requested.
Title: Re: Avast keepts getting turned off by something
Post by: Pondus on October 25, 2011, 07:26:59 PM
and aswMBR log if you can  ;)
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 07:43:11 PM
OK, I downloaded aswMBR and clicked scan.   It showed some activity for 5-10 seconds and then shut down.   When I tried to restart, it said "Windows cannot access the specified device, path or file".    Then it asked me which program I'd like to use to open aswMBR.

So I downloaded a second copy "aswMBR(1)" and had the same effect.

Do you need the extras.txt log from the OLT scan?

Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 25, 2011, 07:45:04 PM
Thank you all so much for your help. 

I will be away from my computer for the next 6 hours or so.  I'll check back in tonight.
Title: Re: Avast keepts getting turned off by something
Post by: Pondus on October 25, 2011, 07:47:55 PM
Quote
Do you need the extras.txt log from the OLT scan?
if you have it, then attach it

essexboy is on UK time and usually logs out around midnight..
Title: Re: Avast keepts getting turned off by something
Post by: essexboy on October 25, 2011, 08:45:09 PM
Hi it is the zero access rootkit

Please follow these steps carefully

When you download Combofix save the file as svchost on your c drive root i.e. C:\svchost

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1  (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
 
VERY IMPORTANT !!! Save ComboFix.exe to your C Drive as Svchost
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here  (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)

(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Title: Re: Avast keepts getting turned off by something
Post by: cruDE on October 25, 2011, 09:51:48 PM
Hi essexboy,

I am not sure, but do you think ZAccess.g varient can be fixed by running ComboFix.

Cheers.
Title: Re: Avast keepts getting turned off by something
Post by: essexboy on October 25, 2011, 09:53:44 PM
Some variants can and some can't.  I had two yesterday that were resistant but we found a little workaround  ;D
Title: Re: Avast keepts getting turned off by something
Post by: cruDE on October 25, 2011, 10:01:25 PM
thanks for the reply essexboy, i would be greatful if you can share the workaround coz i m having trouble removing the same from my friends computer. not allowing me to run any tools/scanners.

cheers.
Title: Re: Avast keepts getting turned off by something
Post by: ady4um on October 25, 2011, 10:16:16 PM
@cruDE, please open your own topic instead of hijacking this one.
Title: Re: Avast keepts getting turned off by something
Post by: cruDE on October 25, 2011, 10:36:04 PM
@ ady4um, I dont have any intension to hijack this thread. the problem that i have mentioned is very similar to rickjames8 post.

Cheers.
Title: Re: Avast keepts getting turned off by something
Post by: rickjames8 on October 29, 2011, 05:27:31 PM
Hey all,

Thanks for your suggestions and offers.  I came back later that night and found that the computer had developed a host of other problems and could not even access the internet at all.  I decided to just reload W7 - something I considered doing anyway, but didn't want to take on the task of re-installing all my software.

Again, thanks for all the offers.

Title: Re: Avast keepts getting turned off by something
Post by: iyogisolutions1 on October 29, 2011, 05:44:08 PM
Hi,


  As essexboy mentioned here, this one is a zero access rootkit. Any way you can try this work around.
 
  zero access rootkit modifies the ACL and scanning tools/ antivirus fails to get permissions to remove the infections. so here is the work around that you can try

  for Xp systems

  Run subinACL. This will modify the registry permissions and Acces Control List.

  The same can be downloaded from the following link runsub.notlong.com

  After running this tool , please do a restart.
 

  Then download and run the Webroot Antizero access tool from the following link
 
  http://anywhere.webrootcloudav.com/antizeroaccess.exe


  Follow the prompts and reboot the PC.

  After that please run  Tdss killer (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and reply with the scan log.


Thanks ,
Good k@rma
Title: Re: Avast keepts getting turned off by something
Post by: iyogisolutions1 on October 29, 2011, 05:51:21 PM
I came back later that night and found that the computer had developed a host of other problems and could not even access the internet at all.


Hi,

   Sorry we didnt noticed this in first hand. The reason might be due to the corruption of the IP stack driver files. Just check to go online from safemode or by using hh browzer. Most probably those wont work. So what we suggest is, a complete reinstallation of the Operating System and all the softwares in it. Make sure that you take the backup of all the important data in your computer.

Have a wonderful day. Good Karma!
Title: Re: Avast keepts getting turned off by something
Post by: BuckMulligan on November 16, 2011, 05:42:01 AM
I noticed Avast is not on (and will not turn on or update) in safe mode with networking. Is this normal? It works fine in normal boot. XP SP3

My problem is this, and I think it may be related to this topic:

I had a nasty virus that took over my computer. It infected Java (Java agents ZW, ZX, ZY, ZZ, DJ, and variants of Jade) as well as other (Win32-Renosa-J, FakeAlert-BLQ, Konar, Lukicsel-E). I followed steps to remove it, and everything seems fine except...

I am unable to log into Administrator - except in safe mode. The other profile "MAIN" has admin privileges, but in a normal boot I am never offered another profile to log into. I try "switch users," and only MAIN is offered. When I log into Administrator in safe mode with networking, Avast is turned off and won't turn on. Is it normal for Avast to turn off in safe mode? If not, then I assume the Administrator profile has been hijacked. Anyway, I wasn't able to load updates, but I ran a full scan anyway. Nothing came up, but not all files could be scanned.

Avast and Malwarebytes are currently running clean on the MAIN profile in normal boot.

Any help would be appreciated.
Title: Re: Avast keepts getting turned off by something
Post by: CraigB on November 16, 2011, 06:32:11 AM
I noticed Avast is not on (and will not turn on or update) in safe mode with networking. Is this normal? It works fine in normal boot. XP SP3

My problem is this, and I think it may be related to this topic:

I had a nasty virus that took over my computer. It infected Java (Java agents ZW, ZX, ZY, ZZ, DJ, and variants of Jade) as well as other (Win32-Renosa-J, FakeAlert-BLQ, Konar, Lukicsel-E). I followed steps to remove it, and everything seems fine except...

I am unable to log into Administrator - except in safe mode. The other profile "MAIN" has admin privileges, but in a normal boot I am never offered another profile to log into. I try "switch users," and only MAIN is offered. When I log into Administrator in safe mode with networking, Avast is turned off and won't turn on. Is it normal for Avast to turn off in safe mode? If not, then I assume the Administrator profile has been hijacked. Anyway, I wasn't able to load updates, but I ran a full scan anyway. Nothing came up, but not all files could be scanned.

Avast and Malwarebytes are currently running clean on the MAIN profile in normal boot.

Any help would be appreciated.
No avast doesn't work when your in safe mode which is the whole point of safe mode so that most system services are disabled.
Title: Re: Avast keepts getting turned off by something
Post by: BuckMulligan on November 16, 2011, 06:58:38 AM
Thanks, that's a relief.

Off topic: Any idea why I can't log into/switch to Administrator in normal boot, but I can in Safe Mode?
Title: Re: Avast keepts getting turned off by something
Post by: CraigB on November 16, 2011, 07:02:09 AM
Thanks, that's a relief.

Off topic: Any idea why I can't log into/switch to Administrator in normal boot, but I can in Safe Mode?
No idea, one of the other members should pop in before too long with some ideas for you hopefully