Avast WEBforum
Other => Viruses and worms => Topic started by: flowerr on November 21, 2012, 12:58:39 AM
-
I have this red Avast sign that keeps popping up. It runs between 10- 20 different objects before it stops. Is this a good thing or can I please make it stop?
Since this started, when I reboot my computer I get a blue screen and the puter shuts down.
I need help.. I have run MBAM- shows nothing. I have run the AWcleaner, also.
Please please help!
-
a screenshot always help....
follow the guide on top in this forum section and attach the logs..
-
I will try again to attach..
Thanks
-
also Malwarebytes and aswMBR logs
and a screenshot of the avast popup...
click the pin in top right corner of the popup to make it stay on screen, that should give you time to take the shot
most removal specialists are in european timezone, so i guess you want see any here untill tomorrow so be paitient
-
Thanks for all your responses and your willingness to help. I am patient and understand the time difference.
I'm not computer dumb but what does aswMBR stand for and how do I get that information?
I am currently running Malwarebytes Anti-Malware and will get you this info you requested when its done, along with screen shot of the Avast blocked window.
-
aswMBR is avast rootkit tool
you find it here http://forum.avast.com/index.php?topic=53253.0
-
Hello again,
I have attached the aswMBR and a screen shot of the avast blocked window. I'm waiting the Maliware again. When i ran it last night it, I woke to my computer frozen w/ a black screen, had to shut it down it rebooted twice with a blue screen.
So, I am sorry its taking so long for me to get your requested info.
I really appreciate your help!
-
We will try this first I feel
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(https://dl.dropbox.com/u/73555776/tdss%20start.JPG)
- Then click on Change parameters.
(https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(https://dl.dropbox.com/u/73555776/tdss%20threat.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(https://dl.dropbox.com/u/73555776/tdss%20report.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
-
okay, I will try that.
Here is the data from MBAM 11/21.Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.15.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Flower :: FLOWER-PC [administrator]
11/21/2012 1:18:51 PM
mbam-log-2012-11-21 (13-18-51).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406862
Time elapsed: 2 hour(s), 55 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
I did go back through the tabs in MBAM and found tons of stuff sitting in the Quarantine for 11/14. I cant figure out how to attach since its not stored in my computer.
-
I ran the last program you asked.. I could not copy/paste the report, it would not allow me to. I did take a screen shot and attached the final wording on the report.
-
why not attach the log here?
-
Re-run TDSSKiller with the same parameters as before
Once this element appears select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
Avast will alert as the files are being moved.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
I ran the TDSSkiller again, I have attached a pic of the final results. It does not give me an option to delete. Since, I cant delete, do I still run the Combofix?
I wasnt able to attach the report of the TDSSkiller cause it doesnt allow me to copy/paste nor does it allow me to save the file/report to my computer. I'm sorry.
-
The log will be at C:\TDSSKiller date time ;D
-
Never mind that last reply! I dont have a brain today. Next onto Combofix... Thanks
-
:) okay, when they are hid its hard to find. Here are the files.
-
Methinks we may have got it all .. How is the computer behaving now ?
-
So far so good! No more Avast "blocked" showing up. It hasn't been shutting down and rebooting either. Can you help me with a few questions, I still have?
Can you tell me what may have caused it?
Was there a site someone went onto that started this pickle?
Should I clean/delete the quarantine in my Avast?
I, Thank you both for all your help! :)
-
Maybe spoke to soon.. Should I be concerned?
file /pic attached.
-
Could you run TDSSKiller once more please
-
I will run TDSSkiller, again..
I ran my Avast yesterday and it showed that TDSSKiller was High risk.
Now today when I try to use my IE browser it doesn't want to pull up any page. I even have google chrome and its slow, also.
I have attached a pic of the virus chest and the properties.
-
TDSSkiller results attached.
-
OK Avast picked up on the quarantined file
Could you run Combofix one more time please and allow it to update if it asks
-
Ok, now that I have run all the programs you have asked and I ran Avast full scan and MBAM full scan, they both show no infections.
But like I stated, now my computer is running very slow. I cant use my Windows IE cause it take 2 minutes to pull up a page.
I have NEVER had my browers work this slow.
Can you please help figure out what may have happened??
I can't work with it this slow.
Thank you for all you've done..
-
Once this OTL has finished then defragment the main drive and let me know how it is behaving
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
IE - HKU\S-1-5-21-4206126674-2380382371-3022288802-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=350s0CrzpaMGPY9IJI9gH5QvIpo?q={searchTerms}
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll File not found
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
OTL ran.. both txt attached.
I will defragment and get back to you on the how computers running.
-
okay, ran defrag twice.
IE browser still doesn't move. I pull it up and type in a site and wait...
when it finally brings the site up, the screen is blank, than I wait some more if it doesn't time out. It takes forever!
It doesn't make sense.??
What more can I do, so that my IE browser works?
-
Do you have the same problem in Chrome and Firefox ?
-
I dont run firefox. I just run windows internet explorer.
My chrome is a little pokey but not bad.
Both of them ran at a good pace until all of this..
-
I tried to pull up any page in my other browser, it took forever and when I try to use my 'tools' it doesn't give me all of my options. I have attached a pic. Its like the computer isn't reading that it exists. 'the browser'
-
Could you go to control panel > internet options > Advanced tab
And press reset
If you are unable to get to internet options then we will uninstall IE9 and then reinstall
-
I reset.. Its brought up the 'welcome to Internet 9- asked if I wasnt to go to Yahoo!, it took 43 seconds to bring up the site.
Still not working..
-
I just tried to log into my yahoo mail. from the time of browser to start search 1 min 12 sec. to sign in with name and pw. 1 min 24 sec. to get to the acct open 2 min 2 sec and I still cant open an email cause it won't move forward..
-
OK we will uninstall IE9, reboot and then reinstall IE9
Go to control panel > programs and features
On the top left click show updates
Scroll down to IE9
Uninstall
A reboot will take you back to IE8
Then re-install IE9
-
I uninstalled IE9 didn't to anything. 1 min 42sec to open a yahoo page.
If Yahoo is the provider for IE9 should that be the search provider? Or can bing? Could that be slowing things down?
I'm just looking for options, I'm not happy with the way its running.
-
Run an OTL quick scan please and I will look at the IE settings
-
OTL quick scan attchd..
-
This problem is just in IE FF and Chrome are OK ?
Download the attached fix.txt to your desktop
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
- Then click the Run Fix button at the top
- OTL will ask for the location of fix.txt select the file you downloaded
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
I have not run this yet, cause I need to reiterate that I am NOT running IE Fire fox. I don't like the setup. My Chrome is running ok, little slow like i stated before but my IE browser is the one that's very slow.
Do you still want me to run OTL with fix.txt , even though I don't run FF?
-
Yes as I am removing a lot of Logitech items that are running from IE and may be causing the slowdown
-
:( that didn't help. It still takes over a minute to load my home page when I open browser. I have even waited and tried another site.
-
Could you now run the Norton removal tool and try again please
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&product=home&pvid=f-home&version=1&lg=en&ct=us
-
where do i have Norton?
When I go to the link.. I have 10 products to choose from.
I don't know which one , I'm suppose to choose?
-
This is the driver : SRV - [2008/01/29 14:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
Select the tooll from this page https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?ct=us&lg=en&product=home&pvid=f-home&version=1&docid=20080710133024EN
-
what you typed to me doesn't help for the options on the Norton page that I'm to choose from. I don't read anything to do with a driver. All options on the Norton page has different things to do, depending on what I want to fix or remove. I don't want to do the wrong one and make it worse.
I have attached a pic of the page, since you might not be sure what I'm talking about.
-
..and if I removed something, how do I get it back when I don't have any product keys to enter?
-
Go direct to step 3 .. The download link
-
Okay, removed and still very slow.
Right now I am using my google chrome browser to respond to you and I'm trying to load Yahoo mail on to the Microsoft IE and when I pull it up to check on it status of page, it mirror what I have on my chrome.
Now it has the site on the search but the page is blank. I still takes over 2 minutes to load or change a page.
-
OK lets now reset the internet data
Download Complete Internet Repair (http://www.datum-forensics.com/down/comintrep.exe) to your desktop
Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom
(https://dl.dropbox.com/u/73555776/Int%20repair.JPG)
-
I downloaded CIR and it gave me this item( pic attached)
I pressed extract and it does nothing.
Am I to browse for a different file in this item? (CIR)
I don't have any zipped files.
-
When you pressed extract it would have unpacked them to a folder in your downloads folder, that is where the programme will be
-
okay ran and attached..
Microsoft IE still slow. Been sitting like this for over a minute and half. (pic attached)
-
Download and run this MS tool and let me know if that corrects it http://go.microsoft.com/fwlink/?LinkId=167357
-
I down loaded and installed.
I'm sorry but I'm not sure how to 'run' it?
I found the file and there's so much in it..
-
Bear with me I am downloading and testing it now
-
OK they have modified the programme slightly as it does it all in the background now.. Did it cure the problem ?
-
I could only wish.
When I open the browser at least my home page comes up, but when I try to changes sites, it still doesn't move.
It takes way over a minute to load. I'm frustrated! :(
-
And this is all browsers ? Could you run a quick speed test please http://www.speedtest.bbmax.co.uk/
-
Google browser works pretty well. download speed 455 kbps ,upload speed 315 kbps
Microsoft browser is the one that doesn't move. Ever since I ran the programs to get rid of the Malware its been very slow.
download 351 kbps, upload 351 kbps.
-
OK lets reset the max connections on IE
First create a restore point
Then
Insert the following text into a notepad, save it as a .reg file (replace .txt extension with .reg) and select All files from the dropdown when you save it, then double-click on it:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
“MaxConnectionsPer1_0Server”=dword:00000012
“MaxConnectionsPerServer”=dword:00000012
-
okay, did that. I registers the name I typed into the browser faster but doesn't pull up the page. The browser sits and thinks and the page stays blank.
Are you ready to give up,yet?
I don't understand what happened?
Could any of the prior programs have removed something? :'(
-
Not yet there must be a reason for it and it is just a matter of determining what, that is the problem with malware trying to repair the damage
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe), save it to your desktop and run it.
(https://dl.dropbox.com/u/73555776/minitoolbox.JPG)
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Devices
- List Users, Partitions and Memory size.
- List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
-
Well, Thank you for hanging in there. ;)
But I'm lookin at the settings you want me to 'check' and I'm seeing FF. (again I dont use Firefox). Do you still want me to check it?
-
Here's the results.
I didn't check FF since I don't use it.
-
okay, found some new things..
Before I was to run all the programs to get rid of the malware, Both of my browsers were individual.
I could set the browser for my google window(browser) as google for default and it wouldn't bother my Microsoft Windows IE.
They were separate.
Now, tonight I set the browser in my Google(window), for google ,cause it says it not the current browser and it changed my browser for my IE to google. THAT'S NEVER HAPPENED!
Its like google wasnt to take over my IE!
What would happen if I unistalled my google?
But I want both! I should be able to have both and they work like they did before.
-
Chrome does share some IE files, I would recommend that you totally uninstall Chrome and then re-install
The TTL's are all looking good as well as the IP data
No packets were lost
Here is a link to fully remove Chrome http://support.google.com/chrome/bin/answer.py?hl=en&answer=111899
-
Well, I uninstalled chrome and that didn't do squat! But I didn't save my bookmarks that were in google.
What now?
-
Re-install chorme now and I will ask some network techs if they have a thought on this
-
I did reinstall chrome. I dont have the patience to use IE to pull up any site.
I'm using chrome to talk with you.
Can you see if theres a way to get back or my bookmarks( favorites)? Please and Thanks
-
Hi sorry for the delay but most of the network experts I know are on the other side of the pond
Currently none have been able to determine a reason why IE is behaving in such a manner when chrome is ok, but we are still discussing it
-
No worries on the contact time. you have been Awesome! I thank you for all your help! I'm here if anyone can find out why my IE is to darn pokey.
-
I think I may have got my IE kinda working. I went to Microsoft site for IE to see if there was anything there to help my pokey IE.. It had a download to fix issues with IE and a file for helping to download the updates. (had a few updates fail). It seemed to have helped a little. At least it doesn't take more than 30 sec to load a page now.
I, Thank you for all your help! Happy Holidays!
-
Could you post the link for that please as I may find it helpful
-
I have quite the same problem with the popping window. I ran Superanty spyware and it deleted all it could find (generally tracing cookies or sth like that), then I ran TDSS Killer but the only options are skip and quit. Now I downloaded ComboFix but I don't know how to turn off Avast.
Actually this has never happened before (the popping window detecting Malicious URL) and now it pops every 5-6 mins mostly when i'm on facebook. What's happening?
-
I have quite the same problem with the popping window. I ran Superanty spyware and it deleted all it could find (generally tracing cookies or sth like that), then I ran TDSS Killer but the only options are skip and quit. Now I downloaded ComboFix but I don't know how to turn off Avast.
Actually this has never happened before (the popping window detecting Malicious URL) and now it pops every 5-6 mins mostly when i'm on facebook. What's happening?
this indicate infection....
start you own topic in the virus and worms section...
follow this guide and attach the logs. http://forum.avast.com/index.php?topic=53253.0
when done a malware specialist will help you
-
You may have a different type of infection, so anything run in this thread may cause harm to your system
-
Essexboy,
Here is one that I used because IE slow. http://support.microsoft.com/?kbid=947821 - for my vista.
I feel it had to do with some of IE updates.(its like it wasn't understanding it's self, like it was missing links).
I know it sounds dumb but it on my end was like a car motor missing, when spark plugs are bad.
This is the other one.
http://support.microsoft.com/fixit/en-us
I hope they are new to you and you find them to help many others.
Thanks again!
-
SURT is one that I use sometimes but normally for uninstall problems with IE .. Good catch I will add to my box of tricks