Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: aussie ness on September 18, 2007, 02:37:23 AM

Title: Cannot connect to Avast Website
Post by: aussie ness on September 18, 2007, 02:37:23 AM
Hi....I downloaded Avast (free) to replace Norton. I registered in time before it stopped working but forgot to check spam emails and think the email with the registration key may have been deleted. For some very strange reason have not been able to load the Avast website to re-register. I use XP, firefox, explorer, windows firewall and now AVG to keep me secure while I try to get Avast going again. My system is working fine, I can get any web page out there...just not Avast. I can get avast.com.au in Australia, but I can't find anywhere there to re-register. I have emailed a couple of times but the guy said he can get the website up without any problems. I am absolutely stumped as to why avast.com is the only website I cannot connect to.This is the error message I get.....

The server at www.avast.com is taking too long to respond.

    *   The site could be temporarily unavailable or too busy. Try again in a few
          moments.

    *   If you are unable to load any pages, check your computer's network
          connection.

    *   If your computer or network is protected by a firewall or proxy, make sure
          that Firefox is permitted to access the Web.

I really hope someone can help me. It's doing my head in and have spent soooo many hours on this and have hit a wall!
Title: Re: Cannot connect to Avast Website
Post by: DavidR on September 18, 2007, 04:06:38 AM
Can you connect to this link http://75.126.53.167/eng/home-registration.php ?

If so there might be an entry to block some anti-virus web sites.
HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file (http://en.wikipedia.org/wiki/Hosts_file)
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 18, 2007, 04:20:26 AM
Some malware prevent loading of security (good) sites.
If you try AVG antispyware, won't you find any infection that is preventing avast site to load?
My communication to the site is perfectly normal...
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 18, 2007, 05:29:53 AM
Thank you DavidR and Tech for your replies. The first thing I did was try DavidR's link and voila!! within seconds I'm now registered! Thank you! You lost me at the next step though. I don't understand what a HOSTs file is......can you explain? I still can't get to www.avast.com. (After Avast loaded successfully I tried getting there by clicking the link on the interface.) I have Spyware Blaster, Ad-Aware and (temporarily) AVG Anti Virus. Tech, are you saying to download AVG Anti-spyware and maybe it will get rid of something that is blocking me? By the way, I really appreciate your help.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 18, 2007, 05:44:49 AM
I don't understand what a HOSTs file is......can you explain?
C:\WINDOWS\system32\drivers\etc\hosts
It controls the internal loops for connecting the Internet. It's too technical, but it must be clean, i.e., has just one entry 127.0.0.1 for the localhost.

Tech, are you saying to download AVG Anti-spyware and maybe it will get rid of something that is blocking me? By the way, I really appreciate your help.
Yes, there is a chance...
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 18, 2007, 07:27:59 AM
The hosts file is kinda hard to explain, but you should check it anyways. If you are using a full version of xp, the path to the file is where DavidR posted. If you have an upgrade version of xp, it will most like be located in c:\windows. It will have a .sam extention. Open the hosts file with notepad, scroll down paste all the entries staring with #, What is there? There should only be one entry 127.0.0.1    localhost

If there is anything related to avast, highlight and delete it, then click file and save. You should be able to visit avast again.

The host file can be used as a web blocker. If anyone is interested I can post the link on how to set it up.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 18, 2007, 12:14:20 PM
This is what the hosts file looks like.....there is seven folders so i went for the one that just says hosts.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
127.0.0.1       localhost

1.1.1.1 free.grisoft.com
1.1.1.1 housecall.trendmicro.com
1.1.1.1 usa.kaspersky.com
1.1.1.1 ewido.net
1.1.1.1 www.ewido.net
1.1.1.1 zonelabs.com
1.1.1.1 www.zonelabs.com
1.1.1.1 www.bitdefender.com
1.1.1.1 download.bitdefender.com
1.1.1.1 upgrade.bitdefender.com
1.1.1.1 spywareinfo.com
1.1.1.1 www.spywareinfo.com
1.1.1.1 merijn.org
1.1.1.1 www.merijn.org
1.1.1.1 sysinternals.com
1.1.1.1 www.sysinternals.com
1.1.1.1 onguardonline.gov
1.1.1.1 www.onguardonline.gov
1.1.1.1 avast.com
1.1.1.1 www.avast.com
1.1.1.1 safety.live.com
1.1.1.1 www.paretologic.com
1.1.1.1 paretologic.com
1.1.1.1 services.google.com
1.1.1.1 www.webroot.com
1.1.1.1 webroot.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
Do you think my Spybot put all these here to stop me using these products?
Do I delete all the ones with the 1.1.1.1 in front of them?
Oh, and I tried two other sites on this list and they won't load either!!!!!!!!!!!!
The plot thickens.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 18, 2007, 02:55:15 PM
I'm not sure if spybot put them there. You would have thought spybot entries would have been between  # Start of entries inserted by Spybot - Search & Destroy and # End of entries inserted by Spybot - Search & Destroy. Anyways, remove the avast entries and see if you can reach avast. The address 1.1.1.1 seems like a dead end. If you can reach avast, clear the others, except for the 127.0.0.1 localhost.

You should try some other antispyware scans, as something did add to the hosts file.
Title: Re: Cannot connect to Avast Website
Post by: DavidR on September 18, 2007, 03:18:42 PM
I too would strongly doubt spybot S&D would put them there.

The whole purpose to to effectively deny access to these sites to prevent malware removal and that wouldn't seem to fit with a supposed entry by S&D. What ever created the entries could write whatever it likes so there is no way to certify what created the entries.

I would remove all the 1.1.1.1 entries and leave only the 127.0.0.1 localhost as oldman also suggest.

Why the link I gave you worked is because it uses the IP address (the string of numbers) and not the domain name avast.com which is effectively blocked in the HOSTS file. The link I gave to the Wikipedia page about the HOSTS will help you understanding of what the HOSTS file can do and how it can be effectively hijacked by malware.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 01:58:29 AM
Here's where I'm up to guys....I opened the file, deleted the two avast entries and saved. (It saves as a text file I think)....tried to load the website and ...nothing. Went back in to look at the hosts file and the entries are still there. Should I have deleted the entries a different way? By the way...I have another host file with the .sam extension but I can't open it. I'm so out of my depth here.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 02:02:27 AM
The .sam host file is the one you want. It should open with notepad and can be edited with notepad. What is the name and path of the hosts file you tried to edit?
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 02:13:59 AM
Here's where I went....
My Computer/Local Disc/WINDOWS/System32/Drivers/etc
Then I had seven choices......(there's now eight because of the text file I created)
hosts
hosts.20070918-153843.backup
hosts.msn
lmhosts.sam
networks
protocol
services
host.txt
I used windows explorer to find it all. Am I on the wrong track?
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 02:24:29 AM
You are on the right track, but there should be a hosts.sam file. I don't see it on your list. The LMhosts is something different. How about the first file hosts? Is that the one you previously edited?
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 04:00:15 AM
Yes that's the one I edited. I ran a search and the results don't help. Searching for the term 'host' in the file name resulted in alot of entries, but the only SAM file was the lmhosts.sam one. This is worrying me.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 04:08:55 AM
Ok, it seems that in xp the sam extention does not apply. So try this. Rename the hosts file you have to hostsold. Open note pad and type this one line

127.0.0.1      localhost


make sure the spaces are there.

Click file, save as. In the save in window at the top, use the drop down menu to get to the etc folder.(c:\WINDOWS/System32/Drivers/etc), in the filename box type hosts. In the file type box select all files. Make sure that there is no extention added to the file name, if there is remove it. Click save.

Open windows explorer and make sure the new hosts file is there without an extention. You should be able to tell by the time stamp. Check to make sure that the one line you typed is the only one there. If all is well reboot and try to reach avast.

What we have done is made a backup of you infected file by renaming the file to hostsold. Then created a new hosts file. If this one is immeadiatley added, then we have to look further. If the file remains unchanged, it should by you time to download any tools you may need. I suggest starting with a boottime scan.

Please post back.
 
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 04:43:15 AM
Am nervous about this...
have changed the name of the hosts file to hostsold and a little message says 'are you sure you want to rename the read-only file 'hosts' to 'hostsold'?
am I sure I want to do this?
also the next step in creating a new file...how many spaces between 127.0.0.1 and the word localhost?
sorry to be a pain, but I want to be sure I don't make things worse.
I really appreciate your help.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 04:51:53 AM
Minnum is one, but most have more. Hopefully the newly created file will overwrite the old one. If no joy, try safe mode.

BTW you're not a pain. I wouldn't be here if I didn't want to be.  ;D
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 05:13:02 AM
SUCCESS!!!!!!!!!!!
I am soooooo grateful, oldman. Thank you. I can now access avast.com and others that were blocked.
Ok, so what did you mean by buy me time to download any tools I may need? What exactly is a boottime scan?
Maybe I should let Spybot know about my problem. I have wasted hours on this and we all know Mum's don't have time to spare!!!!! Quite possible they aren't aware of it.
What's my next step?
Did I mention how grateful I am?
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 05:21:01 AM
Yuo're very welcome and glad something finally worked. did you have to do it in safe mode or just from windows. I'm trying to learn here too.

By buying time I meant if anything nasty was still living on your computer, you may need some tools to help remove it. I didn't and don't ean to alarm you.  8)

A bootime scan can be scheduled to run at the next bootup. It will scan files before windows loads.

To schedule it, right click the "a" icon, select start avast antivirus. this will start the simple user interface. Right click on schedule bootime scan. Reboot.

If any thing is found, please do not delete , use send to chest. Report back even if everything is fine. Someone else here may request a hijackthis log or similar.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 19, 2007, 05:29:20 AM
No, didn't have to use safe mode. I will continue with your instructions. I bet theres more junk here than I'm aware of. (The kids use my computer too.)
I regularly run my spyware and anti-virus apps, but obviously crap has still gotten in!
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 05:49:43 AM
Here's couple of good antispyware programs you may want to try. They even may ferret out a trojan or two.

 AVG anti-spyware

 http://www.ewido.net/en/download/

Resident scanner during trial On-Demand after trial ends.

Or SUPERantispyware

http://www.superantispyware.com/

 On-Demand only in free version.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 06:25:39 AM
SUCCESS!!!!!!!!!!!

Maybe I should let Spybot know about my problem.

As I said earlier in the thread and echoed by DavidR, spybot is highly unlikely to be the culprit here. All the entries where to av or security sites. These where placed here by some malware. This malware may or may not still be present. Spybot at one time may have added the two lines "# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy". But that would have be let you know that spybot added the lines between the start and end. In youp case there where no enties in that location.

BTW you can also remove the host.txt file you created earlier if you like, it's just a copy of your original hosts file minus the two avast entries. It's inert and won't do anything if you choose to leave it there.

Need someone with xp to confirm if the hosts file should be read only or archive. It's archive on win98se.

Just to correct my post regarding boottime scan, it should have said  right click the "a" icon, select start avast antivirus. this will start the simple user interface. Right click on the skin, select schedule bootime scan. Reboot.

Title: Re: Cannot connect to Avast Website
Post by: DavidR on September 19, 2007, 01:57:48 PM
Why create new files when you should edit the 'existing' original HOSTS file, note this is a file without an extension and do a Save and not a Save as.

When saving it should save the original file with adding a file extension .txt at the end of it. However if it has a whinge about that make sure that the Save as type is set to All Files and this should stop the file type extension .txt being added.

Edit: The hosts file in XP is also read only (I may have changed that to protect it from being edited though), archive, but I suspect that would have been changed to be able to edit the file to place the redirects in.

I have just checked further and even with All Files selected it may still create a new hosts.txt because the original is read only. If that is the case you can either uncheck the read only to be able to write and save any changes.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 04:42:20 PM
@ DavidR

People sometimes are more comfortable making changes knowing that a backup is in place. Rename and create new would have done this.

It seems, since it was a read only file, what ever modified the original file has the ability to either modify protected files without user input and/or change attributes, don't you think?

On an xp upgrade, seeing how the hosts file remains in the 98/me location does the sam extention still apply?
Title: Re: Cannot connect to Avast Website
Post by: DavidR on September 19, 2007, 05:36:12 PM
Since I did an upgrade from win98 to XP Pro the only hosts file/s that remained in the Windows folder was HOSTS which was empty, no hosts.sam or imhosts.sam or hosts.isc which are in the XP system32\drivers\etc folder.

I think that some of the applications that purport to protect the hosts file only change the attributes to read only.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 19, 2007, 06:21:47 PM
Thanks. Just checking to see what else is slightly different in an upgrade version vs full.

As for the protection, that's kinda what I thought.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 20, 2007, 07:02:13 AM
Hi.....I'm back...had to be a Canteen Mum today so only just getting back to you. I ran a boot-time scan yesterday and when I came back to the computer when it finally finished there was nothing on the screen so I guess it didn't pick up on anything. A couple of days ago I did have some 'Neptunia' trojans...my system is really slow at the moment too. I run Ad-aware, Spyware Blaster and Spybot weekly and Windows Defender occasionally so shouldn't get too many problems but I suspect my system probably does need further 'repair'.
So where are we up to with the hosts file? In reading your discussion, I'm a bit confused. (Easily done!)
Also with regard to suggested programs....will look into them. I'll end up having more spyware apps than fun stuff on my computer. The desktop will look like an armory!
Can you also explain what a Hi-Jack log is and how it's read to solve mysterious computer ailments?
Ness
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 20, 2007, 07:57:05 AM
I would say your hosts file is resolved, except to try and determine how it was changed. Depending on what you did you either replaced it or created a new one.
.
So where are we up to with the hosts file? In reading your discussion, I'm a bit confused.

Our discussion was mainly on the merits of create a new file versus edit the original. The result would have been the same unless you ran into a windows permissions error such as you did wilth the imhosts.sam file. The other part was on a system running the upgrade version of xp a few files aren't where you expect them.

I ran a boot-time scan yesterday and when I came back to the computer when it finally finished there was nothing on the screen so I guess it didn't pick up on anything.

The boottime scan will stop and ask for input if it finds anything. If it doesn't find anything windows will load as usuall. You say the screen was blank, can you elaborate a bit? The bootime scan screen is, I believe, blue with white text.(not available to me on win9se)

A couple of days ago I did have some 'Neptunia' trojans...

I can't find anything on "neptunia" except it's a game. Perhaps avast detected a trojan in one of the neptunia files. If it was avast that detected something, it should be in the log file. Right click the "a" icon, select avast log viewer and click on the warning button. You will have to expand the columns by sliding them sideways to be able to read the full file name and what was detected. You can post that info here if you wish.

.
my system is really slow at the moment too

Fixxing the hosts file shouldn't impact your computer's performance. In fact you can run withouy it. Malware though will slow you down.

.
Can you also explain what a Hi-Jack log is and how it's read to solve mysterious computer ailments?

Hijackthis is a program which can help see what is running on your computer. You can down load it from here
 http://www.download.com/HijackThis/3000-8022_4-10379544.html

it's zip file so you need winzip to open it.  A couple of tutorials can be read here  http://www.bleepingcomputer.com/tutorials/tutorial42.html and http://www.tomcoyote.org/hjt/#introduction

After it runs don't fix anything, save the log and post it here in this thread. It probably won't fit in one post so break it down into 2 or3. Someone here will have a look.


[/quote]
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 21, 2007, 02:45:30 AM
I have the Hi-Jack this log.
Logfile of HijackThis v1.99.1
Scan saved at 10:29:52 AM, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ness\My Documents\Downloads\hijackthis\HijackThis.exe


Also, from memory I think my system just booted into windows after the boot scan. By "nothing on the screen" I meant that there was no report of anything found.
There is alot in the 'Warnings' section in Avast so will post that too, but I guess I should tackle one report at a time.
I really appreciate all your help with this oldman.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 21, 2007, 02:47:01 AM
Heres the rest of it....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S48.tmp"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://frangipannikat.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144044991140
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3209.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3209.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 21, 2007, 03:06:49 AM
Your log seems ok.

I'm not an expert on HijackThis... But you can check the automatic analysis of your HijackThis log here (http://www.wikifortio.com/868236/aussie+ness.html).

You can find more info in the links of the last column of this table.
That info could guide you on the cleaning process.
Anyway, if you have doubts, just post here.
Also, take a careful look at the first column of the table:

1. If you don't recognize a legit program in one of the items marked as FIX IF UNKNOWN, please post it back here and maybe we can help you. Or, if you're sure it's a malware item, you can remove it as posted bellow.

2. If you agree with the automatic classification of the infected items marked as FIX (CHECK NOTES!), you can turn back to HijackThis program, check the box of this item and then remove it using the button 'Fix checked'.

Hope it helps.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 21, 2007, 04:19:43 AM
Like Tech, I'm not an expert on hijackthis logs. There are a lot of others here that are.

Which symantec products do you or did you have installed? I see some refernces to a live updater for norton internet security suite.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 21, 2007, 04:25:51 AM
Which symantec products do you or did you have installed? I see some refernces to a live updater for norton internet security suite.
Very good point... you're fully right... with Symantec products the user will have conflicts and maybe this is exactly what is preventing him to connect.

1) Remove NAV through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista 2008.0.0.21 (http://fileforum.betanews.com/detail/Norton_Removal_Tool_for_Windows_2000XPVista/1169144666/1).
3) Boot.
4) Install avast! Boot.
5) See what you get.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 21, 2007, 04:30:40 AM
Tech, the user's connection problem has been resolved. It was a hosts file modification. A list of av and security sites had been added. Now we're trying to determine what may have done this and is it still present on the computer. It could have been a drive by kinda thing to.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 21, 2007, 04:36:13 AM
So, he must follow your advices...

AVG anti-spyware
http://www.ewido.net/en/download/

Or SUPERantispyware
http://www.superantispyware.com/

Or
Spyware Terminator (http://www.spywareterminator.com/)
a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).

If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 21, 2007, 09:54:10 AM
I thought some of Norton was still on my machine. Have used your link and (hopefully) gotten rid of all traces. Thanks Tech. The link you gave me for analysis shows a file sharing page. This is safe isn't it?

Oldman,I downloaded AVG Anti-Spyware and ran a thorough scan. It found entries in two rarely used accounts. This leads me to wonder whether Ad-aware and Spybot scan these two accounts (My husband has his own log in and the Guest account) Anyway will continue working through these fixes. Thank you.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 21, 2007, 02:39:53 PM
After running the norton removal tool, did your preformance improve? Which line was shown as a file sharing page?

What did avg find?
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 21, 2007, 11:07:05 PM
The link you gave me for analysis shows a file sharing page. This is safe isn't it?
Where? On K9? The links are safe.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 24, 2007, 01:04:48 AM
Hi......sorry I haven't been back to you......have been super busy.
The AVG report was

mozilla.29:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.30:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.28:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.13:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.14:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.15:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.34:C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\76ajr282.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.20:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.23:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\6xhi6lob.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Ness\Cookies\ness@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

I did "kill" them even though it says no action taken. My computer seems to be responding better. (Not as slow to load programs)

Super Anti Spyware found some too.

Adware.Tracking Cookie
   C:\Documents and Settings\Katie\Cookies\katie@acvs.mediaonenetwork[1].txt
   C:\Documents and Settings\Katie\Cookies\katie@ad.joetec[2].txt
   C:\Documents and Settings\Katie\Cookies\katie@azjmp[2].txt
   C:\Documents and Settings\Katie\Cookies\katie@media.sensis.com[1].txt
   C:\Documents and Settings\Katie\Cookies\katie@media.soundbuzz[1].txt
   C:\Documents and Settings\Katie\Cookies\katie@mediaonenetwork[1].txt
   C:\Documents and Settings\Katie\Cookies\katie@mediaservices.myspace[1].txt
   C:\Documents and Settings\Katie\Cookies\katie@www.3dstats[2].txt
Ness
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 24, 2007, 01:18:10 AM
Quote
Which line was shown as a file sharing page?
Quote
I'm not an expert on HijackThis... But you can check the automatic analysis of your HijackThis log here.
Tech...I understand what you wanted me to do now, was worried about downloading something that already had my name on it! Anyway am currently printing 11 pages of the analysis and will try to look at it when I get home from work. There is quite a few "Fix if Unknown"s and one "Fix.Check Notes" Entry.

FIX (CHECK NOTES!)     O11 - Options group: [INTERNATIONAL] Internationa l*     Currently only the 'CommonName' hijacker uses this.     Extra group in IE 'Advanced Options' window     Google

I have no idea what this means!
Ness
Title: Re: Cannot connect to Avast Website
Post by: DavidR on September 24, 2007, 01:28:36 AM
Tracking cookies really are a minimal risk though avg-as makes a big deal of it and SAS is doing the same cookies really aren't a big deal.

I would leave the O11 - Options group: [INTERNATIONAL] International* as it is.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 24, 2007, 04:06:18 AM
I would leave the O11 - Options group: [INTERNATIONAL] International* as it is.
Me too... this seems a 'mistake' from the automatic analysis.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 24, 2007, 08:54:38 AM
Ok cool, will leave that one as is.
I wonder about a few other entries......should I finish off this thread since it has changed topics and start a new thread in General Topics? (Or should I head over to Bleeping Computer since my Avast is going well now and these aren't Avast related inquiries?)
What's the etiquette here?
I really appreciate your quick and helpful responses guys. Thank You!
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 24, 2007, 09:04:20 AM
Just to confirm a couple of things. Since running the norton removal tool, your computer seems to be running better?  You now have a hosts file (as in hosts with no extention), correct?
Title: Re: Cannot connect to Avast Website
Post by: Sand Viper on September 24, 2007, 09:14:51 AM
goto C:\WINDOWS\system32\drivers\etc

open hosts with word pad

and make sure this is all that is there, this is a copy direct from mine. That came with windows. i have noticed that some of these viruses are loading this up to block you from getting updates. typically, I use it on my daughters side to block sites That I do not want her on.. =)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 24, 2007, 09:41:22 AM
@ aussie ness

With all the cases of virut showing up, you might want to add these lines to your hosts file

127.0.0.1  proxim.ircgalaxy.pl
127.0.0.1  leon.htn.pl
127.0.0.1  ntkrnlpa.info
127.0.0.1  xp.attrezzi.biz
127.0.0.1  l.mezzicodec.net

just make sure after you have saved it, the hosts file appears in windows explorer without an extention.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 25, 2007, 10:40:10 AM
Ok something weird happening here. I opened the hosts file (no extension) to see if it was as we had left it..........didn't we just type 127.0.0.1 localhost and saved it???
Now it has squillions of entries in there of bad URLS (I suspect) eg? www.coolwebsearch
Spybot must have put these there. Perhaps to make sure I don't go to bad sites.
I also have two more hosts files. They are
hosts.20070919-190333.backup
hosts.20070919-190333.backup
What's going on? Does the system make a backup when I open/alter the hosts file?
My computer is running much better since completely removing Norton and maybe because I added more spyware apps as suggested.
Sandviper.....my hosts file used to say all that (from memory) but we made a new one that only said 127.0.0.1 localhost....although now it has squillions of new URLS (see above)
oldman......should I still add the lines as suggested....also is that a typo? I'm not sure what a virut is? Did you mean viruses?
ness
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 25, 2007, 10:55:57 AM
Now it has squillions of entries in there of bad URLS (I suspect) eg? www.coolwebsearch
Spybot must have put these there. Perhaps to make sure I don't go to bad sites.


If the new entries are between two lines something like this #start of entries added by spybot and # end of entries added by spybot, then Yes spybot added them. And you guessed it, to protect you. Spybot does have a rather large data base.


also have two more hosts files. They are
hosts.20070919-190333.backup
hosts.20070919-190333.backup
What's going on? Does the system make a backup when I open/alter the hosts file?


As for the backup files, I'm not sure how often windows makes one.


should I still add the lines as suggested....also is that a typo? I'm not sure what a virut is? Did you mean viruses?

Yes, you should add the lines. No. it's not a typo. It's the name of a nasty, nasty virus. This thread  http://forum.avast.com/index.php?topic=30492.0 shows the result of an infection. You can also learn a bit more about the hosts file near the end of that thread.

The updated vps does include detection for this variant.

My computer is running much better since completely removing Norton and maybe because I added more spyware apps as suggested.


I ran your hjt log through a analyzer and it was good. I suspect that the norton left overs was slowing you down a bit.

Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 25, 2007, 11:05:05 AM
Yes, is between start and end of entries by spybot.......oddly so were the other entries that blocked me from getting onto any good spyware/anti-virus sites!!!!!!! Seems odd that this should happen now......but I did update my spybot to the latest version.
Will definitely check out the thread you recommended. Apologies if I offended you...your my new best friend so wouldn't want to do that!
Thanks for having a look at the hjt log. It's basically Greek to me......but I do recognize alot of my programs there.
ness
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 25, 2007, 11:12:06 AM
Yes, is between start and end of entries by spybot.......oddly so were the other entries that blocked me from getting onto any good spyware/anti-virus sites!!!!!!!

Actually they where above the spybot references (1st page)  ;)

 
Apologies if I offended you...

Why would you think that you have offended me? It's always good to make friends.
Title: Re: Cannot connect to Avast Website
Post by: aussie ness on September 26, 2007, 09:30:34 AM
Quote
Yes, is between start and end of entries by spybot.
Yes, there were actually. Guess we'll never know who put the bad ones there.
Ness
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 26, 2007, 11:43:19 AM
No probably not. It could have something that avast or spybot picked up after the changes were made.

Thinking about it, the backups could have been made by spybot. I don't use the program so I can't check.

The main thing is you caught it before you were really compromised.

Just keep your av and avg as updated and do regular scans and you should be all right. Your new hosts file should help too.

Take care and check in often. There's always something new to learn here.
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on September 29, 2007, 01:47:06 PM
hi guys, i've had the exact same problem as at the start of this thread. I followed the instructions exactly as before, so that I could connect to the avast site. now what happened to me was that initially it worked fine(ish) i connected to the internet (not through IE, which wouldn't work, but through firefox) and managed to re-register and access internet. however when i restarted my computer the internet would not work at all on either I.E, firefox, messenger, etc.

I had made a copy of my original hosts file, and so i put that back in the folder and removed the one i had added, plus the backup hosts file, but wouldn't work at all. I can't figure out what the problem could be as I have tried editting the host file in every way that's been mentioned but to no avail. One aside, which i dont think is relevent but will let you know anyways, is that I had also installed comodo malware recently which removed an svchost.exe file, however this file was removed from the programs//DAP folder, which i'm sure is the folder for my (formerly used) Download Accelerator Plus program which i uninstalled a long time ago, and shouldn't affect anything.

So... I doubt that had anything to do with internet not working, i know it isnt a hardware problem, i doubt its a virus/trojan/spyware problem because i'm quite well covered, so I can't figure out what it could be?? Im not an expert at all when it comes to editting system files, so any help whatsover would be greatly appreciated. In running on XP SP2, and really just want the ability to connect to the internet again! All hardware conections are fine, and have tried repairing the LAN connection and have cleared the cache of temp internet files. If info is of any help windows messengers repair thing lists hosts file and dns in error state and asks if it can clean up the hosts file. I let it though nothing happens and is still in error state.

Any Suggestions???
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 29, 2007, 02:04:09 PM
I take it this is aussie ness?
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on September 29, 2007, 02:42:12 PM
No im not Aussie Ness, though yes am having the same problems she was
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on September 29, 2007, 08:31:36 PM
smcdona2, please, follow the general cleaning procedure:

1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887) or Windows XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware (http://www.ewido.net/en/). Some users recommend SUPERantispyware (http://www.superantispyware.com), Spyware Terminator (http://www.spywareterminator.com/) and/or a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest AVG (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0), Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx) and/or F-Secure BlackLight (http://www.f-secure.com/blacklight/try_blacklight.html).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the  Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.
Title: Re: Cannot connect to Avast Website
Post by: oldman on September 29, 2007, 10:39:56 PM
No im not Aussie Ness, though yes am having the same problems she was

Sorry. When I was reading the post it sounded like aussie ness had problems and had to reregister.

A few things to check.

Make sure the hosts file is clean and the copy as viewed through windows explorer has no extention.

Check to see if internet explorer isn't set to work off line.

What firewall do you use? Does it allow ashwebsrv.exe or any avast related items?

In xp some sevices have to be set to automatic. Check on the service tab.

C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner service)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner service)

The two first of them should be Automatic loaded and the two last Manually loaded.

And possibly a proxy setting. Do you use a proxy?
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on September 30, 2007, 12:42:39 PM
Hi just to update you all since i no longer have immediate access to internet i cant reply very quickly here. The only new news is that when running messengers connection troubleshooting it ok's everything (including the hosts file now??) up to the DNS. Also when i click on repair connection in the Network Connections folder, I now get the following message:

"Windows could not finish repairing the problem because the following action cannot be completed: Clearing the DNS cache For assistance..."

I dont know if this is part of the same problem or something different but i thought i would let you know. I will report back with hijack logs and the like that you requested, and try you guys step by step procedures. Many thanks for your help so far.

To Oldman - hosts file definatley looks clean, and has no extensions. internet explorer is not set to work offline. And i use commodo firewall, and choose whether to accept/deny every program/process and I definately have not denied anything from avast. About the 4 avast things i'll have to check up on them, though avast e-mail scanner keeps bringing up 4 error messages each time I reboot.

I will try again to fix it tommorow, and will report back to you guys as soon as I can. Any final words of advice??
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on October 02, 2007, 11:43:04 AM
well i tried your guys advice, thanks for your help though i still cant connect to the internet at all so think i'll have to reinstall XP tonight. any advice on the best way to install an OS without losing (or how to make a note of all the drivers, etc.) that i'll need? thanks
Title: Re: Cannot connect to Avast Website
Post by: oldman on October 02, 2007, 02:27:11 PM
An over install is possible with xp, but I'm not sure if it will change your situation.

Do you, or did you have another av installed. If so how was it uninstalled?

Have you tried teminating webshield? Left click the "a" icon, select webshield, terminate button.

Uninstall reinstall avast?

What are the mail provider errors?
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on October 02, 2007, 03:00:51 PM
I have uninstalled and re-installed both avast and McAfee(which I wasn’t using). I have since uninstalled all of these progs so that there would definitely be no conflicts, however I still can’t connect to the internet. I tried the massive in-depth Spyware, etc. searches and my comp was very clean as I had thought. The mail errors were something along the lines of failed to load, though I couldn’t remember the details, im guessing they were just a consequence of having no connection to the internet. I formerly had avg a while ago though had changed that for avast and all was fine. I also use webroot spysweeper and comodo firewall. So I’m afraid I have already tried everything you’ve suggested as well as start/run fixes such as flushing dns, etc. Why do you think re-installing xp won’t solve the problem?
Title: Re: Cannot connect to Avast Website
Post by: oldman on October 02, 2007, 06:01:40 PM
It seems more of a conflict between two avs. You said you had both mcafee and avast installed at the same time. Disbling mcafee is not enough.

Unininstall avast via add/remove and use the avast uninstall utility

http://avast.com/eng/avast-uninstall-utility.html

uninstall mcafee and run the mcafee removal tool from here. If mcafee has allready been uninstalled, just use the removal tool.

http://service.mcafee.com/FAQDocument.aspx?id=5535&lc=1033&partner=10005&type=TS

It's a small download, it will fit on all most any type of removable media.

Reinstall avast.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on October 02, 2007, 11:29:09 PM
I have uninstalled and re-installed both avast and McAfee
I formerly had avg a while ago
Please, one antivirus at a time.

I also use webroot spysweeper and comodo firewall.
Is ashWebSv.exe allowed to connect the Internet into the firewall settings?
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on October 03, 2007, 09:56:25 AM
sorry but as i said earlier:

I have since uninstalled all of these progs so that there would definitely be no conflicts

How can there be a conflict if I have uninstalled both of my antivirus applications? Surely there can't be if theres nothing there to conflict, so a virus conflict obviously cannot be the root of the problem.

To Tech - I have tried disabling my firewall, and i had said earlier that I didnt block anything from avast, so ashWebSv.exe would NOT be firewalled.

Thanks for your time guys, though looks like i'm gonna have to reinstall xp tonight...
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on October 03, 2007, 03:12:45 PM
smcdona2, some antivirus - even uninstalled - left files and registry keys behind and could mess avast installation. Norton is an example.

Sometimes disabling my firewall does not work. ZoneAlarm could be an example.
I'm just trying to narrow the problem and uninstalling it to test could give us a clue about what is happening.
Title: Re: Cannot connect to Avast Website
Post by: smcdona2 on October 03, 2007, 03:32:05 PM
Right ok thanks, though I am without internet connection except when I'm at work, and I cannot save files from here so wont be able to download the removal progs listed im afraid. Im more concerned about getting my internet up and running sooner rather than later to be honest, as my mom needs to it book a holiday asap!, so will just reinstal windows. Thanks for your help and input though, im sure it will help others who have had the same problem. gratias
Title: Re: Cannot connect to Avast Website
Post by: DavidR on October 03, 2007, 04:02:31 PM
There is some malware that when removed may stuff (sorry about the technical term) your connection. I don't know if this is what has happened but you can run this and see if it resolves the problem.

For XP SP2, try Windows Start button, Run - type 'netsh winsock reset' without the quotes - this may be enough to fix the issue. Also see http://www.cexx.org/lspfix.htm (http://www.cexx.org/lspfix.htm).
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on October 03, 2007, 04:38:46 PM
So will just reinstal windows.
We all consider this as a lose... but, ok, could be faster than troubleshooting.
If you need further help, you know the way to us.
Title: Re: Cannot connect to Avast Website
Post by: aya on June 13, 2009, 07:30:05 AM
hey guys..i also had the same problem but different entries found in the lnmost.sam file..can you help me? this is what the lmhost.sam contain

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      #BEGIN_ALTERNATE
#      #END_ALTERNATE
#      \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
# 102.54.94.102    "appname  \0x14"                    #special app server
# 102.54.94.123    popular            #PRE             #source server
# 102.54.94.117    localsrv           #PRE             #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.
Title: Re: Cannot connect to Avast Website
Post by: Lisandro on June 13, 2009, 01:42:41 PM
hey guys..i also had the same problem but different entries found in the lnmost.sam file..can you help me? this is what the lmhost.sam contain
Your lmhost.sam file has only comments (lines started with #). Nothing more.
What about your hosts file?