Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: koolx on August 17, 2012, 10:31:06 PM
-
i got xp pro sp3. after installing the free version, i found that the avast program is disabled. i then checked to see if the service was running. it was not. i then tried to start it but i get this error:
"could not start avast antivirus service on local computer error 5 access is denied"
i tried to repair it but nothing. how do i fix this issue?
-
Hello and welcome to the forum! :)
First some additional questions:
- Which OS? (32/64 Bit - which SP)
- Which program version (7.0.1456 is the latest)?
- Other security related software installed?
DJBone
-
what other security programs do you have..
-
Hello and welcome to the forum! :)
First some additional questions:
- Which OS? (32/64 Bit - which SP)
- Which program version (7.0.1456 is the latest)?
- Other security related software installed?
DJBone
hello all.. to answer your questions,
- i got xp pro sp3
- i got the latest avast free version program
- i got no other security programs installed.
need help
-
Have you installed avast from an administrator account?
DJBone
-
.....after installing the free version,........
and what AV did you have before installing avast ?
-
Have you installed avast from an administrator account?
DJBone
yes i have admin rights.. at least i do.. its my computer and no one else euse it. so i'm certain i got admin rights.but i'd like to know how to check this just in case.
-
.....after installing the free version,........
and what AV did you have before installing avast ?
i had avast before.
-
You could try a clean install of avast:
- Download latest stable version of avast: http://www.avast.com/download-software
- http://www.avast.com/uninstall-utility (note the Windows Safe Mode detail).
- Run aswclear several times, for each version / edition of avast ever installed or updated to in your system.
- Install avast and restart after the installation finishes.
DJBone
-
You could try a clean install of avast:
- Download latest stable version of avast: http://www.avast.com/download-software
- http://www.avast.com/uninstall-utility (note the Windows Safe Mode detail).
- Run aswclear several times, for each version / edition of avast ever installed or updated to in your system.
- Install avast and restart after the installation finishes.
DJBone
yes ive tr4ied using the uninstall utility several times and then doing a fresh install.. but that doesnt work either.
-
Maybe you could try the Release Candidate from here: http://forum.avast.com/index.php?topic=102720.0
DJBone
-
Maybe you could try the Release Candidate from here: http://forum.avast.com/index.php?topic=102720.0
DJBone
that wont do anything. the problem is that the avast service wont start. when i go into Admin Tools>Services, and i try to start the service, it gives me an error that says, "error 5: access is denied".. how can i get rid of this error and enable this service finally?
i also get the following error when i enter into safe mode:
"error 1068: the dependency service or group failed to start."
so i really need help with this.
-
that wont do anything. the problem is that the avast service wont start. when i go into Admin Tools>Services, and i try to start the service, it gives me an error that says, "error 5: access is denied".. how can i get rid of this error and enable this service finally?
i also get the following error when i enter into safe mode:
"error 1068: the dependency service or group failed to start."
so i really need help with this.
The error messages look like some troubles with your Windows. Maybe someone with better english knowledge could help you. Sorry!
DJBone
-
The error messages look like some troubles with your Windows. Maybe someone with better english knowledge could help you. Sorry!
I agree with DJBone.
You can read and get help for this here, if you wish: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)
For the moment, I would use another computer, since you appear to not have antivirus protection on your system. You can transfer all requested programs and logs to the affected system, and back again. Use a known safe system to do this. Do not use your system on the internet until a diagnosis and solution is achieved for you. Hope this works for you.
Attach the logs for Malwarebytes, OTL (two), and aswMBR.exe in your next reply.
-
The error messages look like some troubles with your Windows. Maybe someone with better english knowledge could help you. Sorry!
I agree with DJBone.
You can read and get help for this here, if you wish: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)
For the moment, I would use another computer, since you appear to not have antivirus protection on your system. You can transfer all requested programs and logs to the affected system, and back again. Use a known safe system to do this. Do not use your system on the internet until a diagnosis and solution is achieved for you. Hope this works for you.
Attach the logs for Malwarebytes, OTL (two), and aswMBR.exe in your next reply.
hi mchain link.. i posted my attachments below as you requested. please note that when i ran malwarebytes, the log reported that i got some registry hacks in the start menu. these are not viruses.. they are pure hacks, NOT viruses. please dont mistake them for viruses.
please take a look at the logs and let me know how to finally get rid of 'Error 5'. i'll await your reply!
-
Unlike traditional antivirus programs that use definition-based detection, Malwarebytes uses a heuristic approach (behavior-based) to detect newer and unknown malware. So, the registry keys found by Malwarebytes kind of fit that detection modality.
I have gone and PM'd a malware expert, so help should be on the way. Please be patient, as malware experts volunteer their time here, and live in a multitude of different time zones. So, at times, it may be a little bit of ping-pong going on, but in the end, it will all work out.
-
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {653D0EFF-653E-4B62-BEA0-BF2F909CE969} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-616249376-839522115-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-616249376-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O20 - AppInit_DLLs: (dyeari.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\ljJDtUml) - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(http://dl.dropbox.com/u/73555776/TDSSFront.JPG)
- Then click on Change parameters.
(http://dl.dropbox.com/u/73555776/TDSSConfig.JPG)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(http://dl.dropbox.com/u/73555776/TDSSFound.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(http://dl.dropbox.com/u/73555776/TDSSEnd.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
FINALLY
run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(https://dl.dropbox.com/u/73555776/FSS.GIF)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
you mentioned that this may fix my system. will this fix modify in any way the tweaks and hacks that i put in my system?
-
Unlike traditional antivirus programs that use definition-based detection, Malwarebytes uses a heuristic approach (behavior-based) to detect newer and unknown malware. So, the registry keys found by Malwarebytes kind of fit that detection modality.
I have gone and PM'd a malware expert, so help should be on the way. Please be patient, as malware experts volunteer their time here, and live in a multitude of different time zones. So, at times, it may be a little bit of ping-pong going on, but in the end, it will all work out.
hi mchain link. i appreciate that you contacted your malware expert friend.. but malwarebytes didnt detect any problems.
-
23:02:38.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4655a0]<<
Malwarebytes does not check the MBR
-
23:02:38.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a4655a0]<<
Malwarebytes does not check the MBR
hi, but my question is, will your fix alter in any way my hacks? for example, i tweaked my system to remove some items from the control panel in my start menu. with your method modify my system? or will it just spit out a report?
-
It will remove two LSA/appint entries
And if my guess is right then TDSSKiller will remove an MBR infection
-
It will remove two LSA/appint entries
And if my guess is right then TDSSKiller will remove an MBR infection
can you please tell me what these "LSA/appint" entries mean? will they remove my registry tweaks made on my start menu and control panel?
-
No, they will not affect the tweaks I am only removing bad entries
-
No, they will not affect the tweaks I am only removing bad entries
hi essexboy.. i ran the programs and i attached the files below. i know you said to copy and paste the results. but theyre too long to post - but if you still want me to paste them, i can do that. i just think its easier for the thread. just to let you know, i still cant start the avast service after running the fix. please let me know the next steps. and thank you... i'll await your next reply.
-
Did you turn off all those services ?
Re-run TDSSKiller with the same parameters when you see the following select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
-
Did you turn off all those services ?
what services are you referring? are you referring to the services that tdskiller found? just to let you know, i turned off many services that werent needed. i only got 10 services running.
Re-run TDSSKiller with the same parameters when you see the following select delete :
\Device\Harddisk0\DR0 ( TDSS File System )
i deleted this and then i restarted my computer. but i still cant start avast. when i try to start it, i get the same error:
"error 5: access is denied on local computer"
but i found out something else.. i cant start many other services that i previously disabled. when i try to, i get the same error message. could this be the problem? if so, which services do i enable to get this issue fixed?
-
The bolded services should be running if you want the system to function normally
Farbar Service Scanner Version: 06-08-2012
Ran by x (administrator) on 19-08-2012 at 20:08:36
Running from "C:\Documents and Settings\x\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\System32\wuauserv.dll".
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\System32\qmgr.dll".
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000B0000000A000000090000000600000007000000
IpSec Tag value is correct.
**** End of log ****
-
The bolded services should be running if you want the system to function normally
so far, i enabled BITS (Background Intelligence Transfer Serv) and Security Center. but, i dont see or know how to start: Dnscache Service, Sharedaccess Service, or Wuauserv Service. but regardless, i still cant enable the avast service.
-
DNS cache is also called DNS Client
Shared Access is windows firewall
Wuauserv is Windows Update AutoUpdate Service
Once you have restarted those could you run FSS again please
-
DNS cache is also called DNS Client
Shared Access is windows firewall
Wuauserv is Windows Update AutoUpdate Service
Once you have restarted those could you run FSS again please
i restarted those services and i ran FSS. look at the attached log from FSS. but again, after restarting all the requested services, the avast service doesnt start. at this point, i think this could be a permissions or group policy issue.
-
What error does Avast give for not starting ? Does it mention a service ?
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
(https://dl.dropbox.com/u/73555776/waio%20start.JPG)
Go to step 3 and allow it to run SFC
(https://dl.dropbox.com/u/73555776/waio%20step3.JPG)
On the start repairs tab click start
(https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG)
Select the following items and tick restart system when finished
(https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG)
-
What error does Avast give for not starting ? Does it mention a service ?
the error i get is:
"Could not start the avast antivirus service on Local Computer. Error 5: access is denied."
but also, i checked the dependencies of the avast service. and i see it depends on 2 services:
- Remote Procedure Call (RPC)
- aswMon2
i do have RPC enabled, but i dont see aswMon2 in my list of services. how can i get this service in my list to enable it?
-
HAsve you tried a repair install of Avast ?
-
Hi koolx,
If I may interject for a moment or two:
It does appear as if you had a rootkit on your system, and several needed services were then disabled, some that Avast! needed to run properly, so merely uninstalling, removing remnants left over with aswclear.exe, would not ever allow Avast! to install properly and run. This is the damage you are now trying to repair ATM. That is why I brought essexboy in to assist you in fixing your issues. Damage appears to be much more severe than first indicated here.
essexboy does know what he is doing here.
-
Also ensure that you run windows repair as that will fix access problems
-
Hi koolx,
If I may interject for a moment or two:
It does appear as if you had a rootkit on your system, and several needed services were then disabled, some that Avast! needed to run properly, so merely uninstalling, removing remnants left over with aswclear.exe, would not ever allow Avast! to install properly and run. This is the damage you are now trying to repair ATM. That is why I brought essexboy in to assist you in fixing your issues. Damage appears to be much more severe than first indicated here.
essexboy does know what he is doing here.
thanks mchain link..
-
Also ensure that you run windows repair as that will fix access problems
hi essexboy.. to answer your question, i tried a repair of avast 3 times last week but it didnt work. i did run the Windows Repair (all in one) and restarted my system.. but when i tried to start the avast service, it still gave me error 5. maybe i should try to uninstall then reinstall avast after doing the Windows Repair (all in one)? i'll try it and report back.
-
As essexboy lives in England, might be a bit before he is back online. (Different time-zone) You should do the proposed solution, that of repairing Avast! as essexboy requests, before going on to uninstall, aswclear, etc.,. That way he knows exactly where you are with your system, and no further changes need to be looked for. Makes the repair work a little bit easier for both of you.
Please be patient, you are under his expert care.
-
As essexboy lives in England, might be a bit before he is back online. (Different time-zone) You should do the proposed solution, that of repairing Avast! as essexboy requests, before going on to uninstall, aswclear, etc.,. That way he knows exactly where you are with your system, and no further changes need to be looked for. Makes the repair work a little bit easier for both of you.
Please be patient, you are under his expert care.
hi mchain link. thanks for the reassurance. i really appreciate all your help as well as essexboy. i'll be patient.