Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on June 29, 2015, 12:00:46 PM
-
Hi guys! I have some problems with my Avast. I've downloaded Avast Free 2015.10.2.2218 and the setup went well,but then it says that I'm not protected. If I click Start now or Resolve all,nothing happens. I also tried with other antivirus,to see where is the problem,and the same thing happens,I can't enable real time protection. Moreover,I have a program which has that shield, which means that only administrators can access it,and it won't open,although I am administrator(this is the only account on the laptop and it has admin rights).
I've read others topics here with the same issue,tried uninstalling and reinstalling several times,but nothing changed. The only security/cleaning tool I have is CCleaner.
Do you have any ideas? Thanks in advance!
-
1) What windows operating system do you have? What version of Service Pack has it got?
2) What is your previous antivirus software? Did you run it's uninstaller utility/removal tool after uninstalling it via add/remove?
3) What firewall do you have?
4) Did you try a repair of avast via add/remove?
-
I am administrator(this is the only account on the laptop and it has admin rights).
That is not true.
What you have is a user account with admin rights.
There is also the true administrator account.
Since you also tried other av's, you have a messed up system.
They all need to be removed before trying to install avast again.
What application do you mean with "which has that shield" ?
-
1) What windows operating system do you have? What version of Service Pack has it got?
2) What is your previous antivirus software? Did you run it's uninstaller utility/removal tool after uninstalling it via add/remove?
3) What firewall do you have?
4) Did you try a repair of avast via add/remove?
1) Windows 7/ 64 bit
2) Avira. Yes,uninstalled it,now the only AV installed is Avast.
3) Hmm,don't know exactly what to answer here. I have Windows Firewall,which is enabled for both home and public networks.
4) Yes,I have,nothing changed.
-
I am administrator(this is the only account on the laptop and it has admin rights).
That is not true.
What you have is a user account with admin rights.
There is also the true administrator account.
Since you also tried other av's, you have a messed up system.
They all need to be removed before trying to install avast again.
What application do you mean with "which has that shield" ?
This is my personal laptop,at home,and when I installed the OS,this is the only account I created. Shouldn't I be the admin?
I did remove all the AV and nothing changed.
That application was Anti Malware,I installed it to scan,I thought there may be a malware which causes all this trouble. I was able to run it only in safe mode. Now I uninstalled it,but Avast still won't work.
-
You need to use the Avira uninstaller utility/removal tool and run it in safe mode. Link is here http://www.avira.com/en/downloads#tools download the Avira Registry Cleaner.
Before you do the above, I want you to uninstall avast via add/remove and follow the instructions. After that, download the Avast uninstall utility from here https://www.avast.com/en-nz/uninstall-utility run it. It will say to you that this tool will automatically run your computer in safe mode, click yes and follow the instructions.
After that manually run your computer in safe mode and run the Avira Registry Cleaner and follow the instructions. After that download a fresh clean copy of avast and follow the instructions. After installation it will run a quick start up scan. After scan finishes, manually restart your computer and register your copy of avast.
Note: You mentioned you removed all antivirus? How many antivirus did you use prior to Avast? One is Avira! Any other antivirus? Prior to installing Avast, make sure you first use the Avira removal tool and other removal tool for other antivirus you have used?
-
Done everything you said,still same problem.
-
You might have malware or some other issues. Attach logs as mentioned here https://forum.avast.com/index.php?topic=53253.0 and once you have attached the logs I will ask an expert to help you out.
-
That is what I had in mind too :D
-
The four logs mentioned in the post.
Note: I ran Anti Malware in Safe Mode,that's the only way I could open it.
-
Hi you have a new piece of malware just a day or so old, it uses mainly open source software, I would like to either take a copy of the files or ask you to upload them to Avast when we are done
If when you run this fix you get a blue screen of death then restart the computer in safe mode with networking and run the fix from there, the malware service sometimes gets uppity if I try to kill it in normal mode
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
R2 VSSS; C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [99717824 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\MAUAU2MK.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\AUIYMAUU.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6M6YEYI2.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6KAUM2M2.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCC.exe
2015-06-29 11:58 - 2015-06-29 11:58 - 01415680 _____ (wj32) C:\Program Files\UAUIYI2K.exe
2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\K4GWO4OC.exe
2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCG.exe
2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\IHO8ZEEE.exe
2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\GVEDKK4T.exe
2015-06-28 15:48 - 2015-06-28 15:48 - 01415680 _____ (wj32) C:\Program Files\5L1H5D15.exe
2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\K6UE2I6K.exe
2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\5P9TL1T9.exe
2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\VJZN7BVV.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\L5TDTHP9.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\FZFZBVFJ.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\6UEYMY2K.exe
2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\G4O4SG04.exe
2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\FR7V3RFZ.exe
2015-06-27 19:17 - 2015-06-27 19:17 - 01415680 _____ (wj32) C:\Program Files\VJZJBRJZ.exe
2015-06-27 13:52 - 2015-06-27 13:52 - 01415680 _____ (wj32) C:\Program Files\G0O4SCCC.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\ZJ3NR7RZ.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\WGOC0O8S.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\P9T5XL5H.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\N7NFVJ37.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\F3FZN7RF.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\0OCSG0KO.exe
2015-06-26 13:51 - 2015-06-26 13:51 - 01415680 _____ (wj32) C:\Program Files\WGK4O8WG.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\N3N7F3R7.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\K2IAKE2M.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\7N7VBVFJ.exe
2015-06-24 19:36 - 2015-06-24 19:36 - 01415680 _____ (wj32) C:\Program Files\AKAUE2IM.exe
2015-06-24 12:30 - 2015-06-24 12:30 - 01415680 _____ (wj32) C:\Program Files\P5LDTHX1.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\JZJBRJZJ.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\CSC4K4KO.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\AKEUAUEI.exe
2015-06-23 12:36 - 2015-06-23 12:36 - 01415680 _____ (wj32) C:\Program Files\1H9PD1LP.exe
2015-06-23 12:35 - 2015-06-23 12:35 - 01415680 _____ (wj32) C:\Program Files\M2MEUEUY.exe
2010-11-21 06:24 - 2010-11-21 06:24 - 72990720 ___SH () C:\ProgramData\msouafor.exe
C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
Tcpip\Parameters: [DhcpNameServer] 78.96.7.88 192.168.0.1
Tcpip\..\Interfaces\{8B51EB5B-ACE4-44D4-8284-63EA06051247}: [DhcpNameServer] 78.96.7.88 192.168.0.1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Little mistake in that fixlist.
2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe
That is the setup for Glary Utilities.
-
Aye just emptying the downloads as I do not know what the dropper was and the time frames are very close
-
This is the fixlog
-
I see you had to run in safe mode... But, it looks to be gone, Avast and MBAM should now run in normal mode
How is the computer ?
Also could you zip the folder C:\FRST and upload to a file sharing site like Mediafire for me to collect https://www.mediafire.com/
-
Yes,MBAM finally runs in normal mode. As for Avast,it still says that I'm unprotected.
PS:I'll send the archive in 20 minutes,it's uploading.
-
OK I have noticed that this does damage most antivirus programmes so a repair may be in order. If you could try that and let me know :)
-
Repair what? Avast,from add/remove?
-
Yes using add/remove (programs and features) repair Avast :)
-
I repaired it and IT WORKS!
Thanks a lot! Respect! :)
-
OK all I need to do now is get a copy to Avast... Unfortunately it is rather large
Any further problems apparent
-
http://www.mediafire.com/download/cywo4s6h3mqlzbd/FRST.rar
Here's the link asked earlier,if it still helps you!
-
It does :)
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
Select the options as shown
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
If you do need to keep Java then download JavaRa (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
(https://dl.dropboxusercontent.com/u/73555776/javara.JPG)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Unchecky (http://unchecky.com/)
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave:
-
I've done everything you said.
Thank you for all your help. You're one of the kindest in the area! I appreciate your patience to help everyone! :)
-
My pleasure, keep safe :)