Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wootie on August 09, 2006, 02:58:38 AM
-
Hi,
A few weeks ago i've reinstalled my Windows XP Pro SP2.
I made all update & installed back my software.
Since a few hours the Avast icon has dissapeared and so the icon of Ultramon & Creative Labs...
I tried to put it back those thru the registry and it worked fine one time and then dissapereared again.
It's like some malicious software is removing all entries in the registry "microsoft->windows->currentversion->run".
Also i run tcpview from sysinternal and it seems that my computer try to establish a link to IP 209.190.29.130:80 thru a system process.
I ran Avast manually with all update but didn't find any virus ...
Does someone knows what happen ?
Thx
Yves
Ps : i made a screenshot of the TCPView
-
It's like some malicious software is removing all entries in the registry "microsoft->windows->currentversion->run".
Do you use WinPatrol, PrevX, TeaTimer (of Spybot), Ad-watch or any other startup monitor?
I ran Avast manually with all update but didn't find any virus ...
Try trojan removers: a-squared (http://www.emsisoft.com/en/software/free/), ewido (http://www.ewido.net/en/) or Spyware Terminator (http://www.spywareterminator.com/).
i made a screenshot of the TCPView
Well, ashMaiSv.exe is the mail scanner of avast... (Is it this one? http://forum.avast.com/index.php?topic=19794.0;topicseen)
Are you checking email? Do you use any spam tool?
-
Well .. i run nothing @ startup right now... No Spyware Removal tools ....
Fact is that when i add a line in the registry telling to get the icon of avast in my toolbar after reboting are my registry entries empty!.
I was just wondering why my computer try to establish a link to 209.190.29.130:80 & 66.249.85.99.
I look to me like something like a rootkit or something like that...
Further when you call http://209.190.29.130 it goes to a really "bizarre" page...
Yves
-
:) Hi Yves :
If you suspect a rootkit, the best place to get help is :
http://www.castlecops.com/f233-Rootkit_Revelations.html
66.249.85.... may be a CWS site; I checked 209.190.29....
at "Webhelper" s site but it was not listed ( yr 2004 ) .
-
Thx
I'll check castlecops.com
I let you know what i find.
Thanks,
Yves
-
I went thru windows restore.. made some restore from 2 days ago and the connection dissapeared..
And my registry seems to be fixed..
Thx for the help
Yves