Avast WEBforum
Other => Viruses and worms => Topic started by: SgtSimpson on July 02, 2011, 06:16:56 PM
-
Recently My Laptop (Vista, Service Pack 2) has been Getting a Screen Which Just has a Small Proportion of the screen Repeated to fill the entire Screen. At First i Thought it was Just Overheated But Avast! and Panda Cloud Stopped Working (Could not Start Modules etc.)I Downloaded Malwarebytes to find 24 Infections but then to Get the Screen Which I mentioned Above.
Windows Defender (Very Outdated Version, Would not let me update) Had a Fake ECard Trojan in the Vault so I Deleted that to no avail.
I Cannot Get the Screen or the Logs of Malwarebytes as it had not Finished.
I Have also Run TDSS Killer and GMER (Didn't Finish, it came up the screen)
Any Help Would Be Appreciated.
many Thanks,
SgtSimpson
P.S I Know its Not Overheating as it only happens when Running Security programs.
PP.S The Screen Only happens when running Firefox, Chrome or Security Programs (However it does not effect Windows Defender.)
PPP.S None of the Safe Modes work
-
Anyone?
This Is VeryUrgent!
-
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI
Essexboy will look at the logs when posted
-
Thanks for the Reply!
I'll Put the OTS Log As Soon As It's Finished.
I Just Want to Update my Post Saying that SuperAntiSpyware Found Mywebsearch and a few other Pieces of adware before crashing. It Also Found a Unknown Piece of Something with an Unknown Origin. I Would give you the log except the laptop Crashed.
OTS Log Uploaded and Attached.
-
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] ->
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
Download ComboFix from one of these locations:
Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-
Here is the OTS Fix Log
Ill Upload the Combofix log as soon as I Can!
Many Thanks For Helping me!
EDIT: ComboFix wont finish. Ive Left it for an Hour but it's stuck at like 99%. Ive tried this on administrator as well.
Any Ideas?
I Don't Mind Upgrading to Windows 7 as I Dont have any important files.
-
On the following programme I am more interested in the analysis scan - so if the AV scan fails then just run the analysis part. As the log is a zip file and the forum does not allow that type of attachment then upload to Mediafire (http://www.mediafire.com/) and post the sharing link.
Download AVPTool from Here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront-1.jpg)
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg)
-
I had Already Beat you to the Scan!
It Showed i had a Generic malware 32: Hack tool in my recovery Call Wiz.exe
Here is the System Info From The Program:
http://www.mediafire.com/?fo8nkea4idia2j3
-
On completion of this run can you check safe mode, if it is available then retry Combofix please
- Re-run AVPTool
- Select the Manual Disinfection tab
- Where it states Step 3 paste in the following disinfection script and press execute
begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
RegKeyDel('HKLM','SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}');
DeleteFile('F:\autorun.inf');
BC_DeleteFile('F:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(10);
BC_Activate;
RebootWindows(true);
end.- Your system will reboot on completion, if it does not please do so yourself
- On completion please run another analysis scan and attach the zip file
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg)
-
http://www.mediafire.com/?gcm3rb3w7rvcm8v
Here is the Zip Again. After the Fix was Done.
Ill Get the combofix now if it works
Sorry about the long time to reply!
Question: Comboxfix is saying that panda and Avast are still active despite being stopped from Task manager. Do I Continue?
-
Yes continue but do not let them quarantine any files... Right click the Avast orange blob select shield control and disable for one hour
-
Avast or panda Are not Even On. No Exe's for them. Nothing. Like i Said I Stopped the Service in Task manager. So I'm Green to Go Then?
-
Yep run away ;D
-
Ok Then!
Thank you For Helping me This Far!
It's On Stage 3 At the Moment.
-
Here it is:
Note: I have had this laptop for 2 Years now just Watching movies. So Whats Here isnt mine.
-
OK could you now test out your laptop (including safe mode) and let me know of any residual problems
-
Still Seems Slow (Could be Vista), Explorer Keeps Freezing (Yet Again, Could be Vista), Can't Turn Avast! Web Shield on (Need to Update First, So I Don't Know About This), Malwarebytes Stll Comes up with Runtime Error 0 and 440. However Apart from That Everything seems Fine. Panda Cloud Reports as clean and Working.
Running a SuperantiSpyware Scan as I type.
Many Thanks!
I Don't Know What the People of Avast! Would be without you Helping us!
Yet Again, Many Thanks!
-
OK lets tackle these one at a time ;D
Explorer (known vista problem)
From the Start menu, select all programmes, accessories
then right click the command prompt and run as administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
For Avast it sounds like a repair is needed
Go to control panel - programs and features
Select Avast
Several options will appear select repair
Malwarebytes uninstall via programs and features
Run this tool http://www.malwarebytes.org/mbam-clean.exe
Then download and install a fresh copy (http://img233.imageshack.us/img233/7729/mbamicontw5.gif) from Here (http://www.malwarebytes.org/mbam-download.php).
-
Sorry for the Long Reply but...
I Did the System File checker and it found no bugs or errors.
Avast! is still not working. Still has the "please make sure avastsvc (Or Something along the lines of that) is not blocked by your personal firewall." Which its Not. Avast! is a trusted program with all it's .exe files, Trusted.
What Do I Do Now then?
-
What firewall are you running - or were running ?
-
Comodo Firewall, Latest Update.
Works fine on my Main Computer.
Work Like a dream together.
-
OK somewhere it was posted here that there is a problem with comodo and avast if they are installed in a different order... I believe Avast should be installed first and then comodo - I will ask David as he knows about this
-
OK, my 2p worth:
As far as order goes, whilst I have never used Comodo firewall I would still advise having avast installed first.
I have applied that for my Outpost Firewall Pro (or suite) as it detects avast as being installed and offers compatibility mode to disable its web control and anti-spyware modules, etc.
If avast is installed first, there would be less chance of any possible interference from comodo/defence+ during the avast installation. So I would suggest that order of installation and see if it makes any difference.
####
I would suggest that a clean install of avast (as you used to have avast5 on here previously, but I can't see anywhere where you say what version of avast you have) to ensure there is a clean start point:
- Download the latest version of avast, 6.0.1203 and save it to your HDD, somewhere you can find it again (if you didn't save your last download) before starting your uninstall/clean install of avast and comodo. Use that when you reinstall.
- Download the avast! Uninstall Utility, aswClear.exe find it here (http://www.avast.com/uninstall-utility) and save it to your HDD (it has uninstall tools for both 5.x and 6.0.x). - 1. Now uninstall avast! (using add remove programs, if you can't do that start from the next step), reboot.
- 2. run the avast! Uninstall Utility from safe mode, first for 5.x if previously installed and then for 6.0, once complete reboot into normal mode.
- 3. install the latest version, reboot.
-
I was using Avast! 6.0, and I Did What you Said And It's Now Working!
Thanks for Your Cooperation and Time!!
Many Thanks,
SgtSimpson
P.S- I Really Don't Know What the Avast! forums would do without you!
-
No problem, glad I could help.