Avast WEBforum
Other => Viruses and worms => Topic started by: Vinsorama on May 06, 2012, 12:36:38 AM
-
Yesterday Avast reported finding these viruses and it reports finding them every 15-20 minutes since then.
I have tried a lot of things to rid my computer of this threat, and probably some of these things were not very smart butas they say :you live you learn.
One of them has been enabling my windows firewall again (because it appears something turned it off) and since then Avast is also sometimes saying I have an URL:Mal infection as well :(
I don't know what to do and I'd appreciate any help.
As has been suggested I have attached the logs by OTL and copied the Malwarebytes AntiMalware log as well.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.05.08
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Vins :: VINSOV-KOMP [administrator]
5.5.2012 23:23:30
mbam-log-2012-05-05 (23-23-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282267
Time elapsed: 16 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
you should also attach the aswMBR log
i see some AVG files in there....did you use that before avast?
-
Here's the aswMBR log as well. And apparently another instance of Sirefef :P
Yes, I used AVG before Avast. I had a lot of trouble with it (especially that upgrade to AVG 2012...took me 3 days to get my computer to work) and that's why I switched to Avast. But I can't seem to remove all of the files (apparentlyx several versions worth of them) it left behind
-
run AVG uninstaller and reboot http://singularlabs.com/uninstallers/security-software/
The malware removal experts usually arrive here late UK time (in week days) anyway i guess you want see them until tomorrow
-
Hm...I just tried that and my computer went a bit crazy :( had to use a restore point to get it to work again...so I think I'm going to have to leave those files where they are for the moment...
but thanks for the advice.
hope I get some advice on these malwares soon...the notifications are driving me insane :)
-
Now I've started having other problems as well :( after start up today my Task bar seems to be left hanging and no programs will run (not even restart...I had to reboot it manually). I've managed to get into Safe mode and use a Restore point to get it to work but I don't know what will happen the next time it restarts.
All of this is very frustrating...
-
The malware removers are notified, so they will see this when they arrive ;)
-
The file in question is a dropper in your temporary files and has not been able to run. On completion of this could you let me know if you are still getting the alerts
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
(http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg)
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
:Files
ipconfig /flushdns /c
C:\Program Files\AVG
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
OK...that didn't work to say the least :( the computer froze in the middle of the OTL process...I've waited 15 minutes for something to happen but it didn't so I rebooted. Now it won't work at all in normal mode i.e. the same problem like in the morning....apparently it remains hanging during the start of Task bar...
Now I'm in safe mode. Any suggestions how to proceed?
-
Did you disable MBAM ? As that will cause OTL to hang
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
I couldn't do that since it was not on....I apparently have a free version of MBAM which doesn't even have the protection module enabled.
I've tried the OTL fix again...and it hangs at O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
there is no such file on the computer so perhaps that's the hangup I don't know...
should I try Combofix now?
-
Yes please - I will check that out
-
well I've done something perhaps not very smart i.e. I just removed the command which I thought was the problem in OTL and this time it ran through without any problems. I've then performed a scan and I'll attach the logs now. I've also scanned with MBAM (nothing found) and aswMBR.
But then I've tried to restart the computer just to see what will happen. And the same thing as before happened...no applications want to run...something is happening with Avast is my guess since everything goes haywire once it comes on, or the virus is blocking something.
I'm in Safe mode again and I suppose the Combofix won't work here. What could I do next?
-
Combofix will run in safe mode... What error do you get when you try to run a programme ?
-
No errors...just nothing happens. After a few try's I've managed to open the Task manager and it shows the processes being started but they don't do anything...just hang (and no applications are started as a result at all). Windows Explorer seems to be working fine since I can browse through the files but I can't start anything.
all the programs starting during start up are active though...
-
Should I try to run Combofix in safe mode then?
-
Yes run Combofix in safe mode.
-
I've just did...and nothing happened :( I mean it went through the installation phase and then just dissapeared. I don't know how to start it or has it even been installed at all. I think not since it seems there's no trace of its files...
-
Hmm OK lets run a clean boot and then run combofix from normal mode
Step 1:
Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.
Step 2:
Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.
Step 3: Log on to Windows
If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.
You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.
THEN
Now run combofix please
-
Well the windows started up normally and there's no hangups this time.
But as for the Combofix the same thing as before happens. It starts says copying files...the green bar runs to completion and then...nothing at all.
which to be frank is not something which hasn't happened before...for instance some games I've tried long time ago acted in the same way. But I just removed them and didn't think about it.
-
OK we will skip Combofix for now as I did not expect it to find anything... Lets track down the programme that is hanging
Now we get to the tedious part,:
If windows behaves itself then do the following
Restart MSConfig and select half of the disabled services and reboot
Is the problem still present ?
If Yes then deselect half of the services that you resumed and reboot
If no then select half of the remaining services and reboot
The intention here is to isolate the one service/driver that is causing the problem
-
OK. I've done that. I've enabled them all (except avast for which it claimed I have to be logged in as an administrator and it disappeared off the list after that) and it's working as good as it ever did. I can try to enable that too...from Safe mode I guess (since I can't seem to find how to log in as an admin...and I've given my only profile admin privileges anyway).
But I guess that could be the problem then.
-
No the problem may well be related to system restore, if you use that without disabling Avast self protection it can damage the programme
I would recommend that you do the following
Download a fresh copy of Avast to your desktop http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
Download aswClear to your desktop http://files.avast.com/files/eng/aswclear.exe
Uninstall Avast via add remove programmes
Reboot to safe mode and run aswClear
Reboot to normal mode and install Avast
I would also recommend that you update to SP3
-
I've done all of that as you specified and nothing...the same problem. It's obviously some issue with Avast and interference with something else. To me it looks like everything hangs up after the network connection is starting to load in the Task bar tray.
-
Open the Avast GUI
Go to settings and set Avast to start after other services
And select I only connect using dial up
-
OK. That changed very little.Avast has not loaded...it's still hanging up (task manager says access denied). And the Task bar is non existent, anything that you minimize just disappears and won't show up again (including the task manager) but is obviously still working in the background (Firefox asked to allow a cookie).
-
I've played around with the system a bit (nothing too drastic :) ) and I think I've figured out what's the problem. Avast is apparently interfering with explorer.exe.
Anybody has any ideas how to take care of that? I like avast and I don't want to deinstall it if there's some soultion.
-
What makes you think it is explorer ?
There appear to be a few cases where Avast and XP have problems, it looks like a conflict with other software but as of yet no common denominator has been found
Could you run a clean boot again, but this time just keep Avast enabled... Is the problem still present ?
-
Because explorer runs the task bar. And I've tried ending explorer and then starting it up again from the run box, after that it works better and other applications (like firefox) will run. Although after a while it all breaks down again.
I've tried a clean boot with only avast (which causes the problem same as always) and without only avast (in which case the task bar and everything else works normally).
Plus I've been trying to remember since when is this happening: Since I've upgraded Avast to the newest version the other day trying to find a way to get rid of the rootkit it kept reporting. (And I'm still a little bit worried about that :P )
-
There is no sign of sirferfr on your system so you can rest assured on that
Have you tried a full uninstal/re-install of Avast using aswClear
-
Yes. I've tried that yesterday. It works wonderful until the first reboot. Then it all hangs up again. It's obviously something in the start up process.
And thanks for the reassurance about the virus :D
-
There was a fix for something similar earlier on... But I belive that it has been incorporated into the latest version .. I will have a rummage though
-
OK. But I need to get my computer into at least a semblance of a working order as soon as possible because I need it for some work and so on.(I should also start thinking about getting a new one probably :) ) So for now I think I'm going to have to remove Avast and see what other options I have.
Thank you very much for your help and patience.
-
Not a problem, like all software though sometimes a programme will not work on one system for no apparent reason. It appears you are one of the unlucky ones