Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: dford3772 on December 02, 2008, 06:39:17 PM
-
After posting earlier about troubles with Avast finding Win32 Trojan-gen I seemed to have everything under control with David's help until last night. I had changed my firewall from Windows firewall to PC Tools firewall and loaded MBAM to further help with malware. Last night MBAM found Trojan FakeAlert
and since I didn't exactly know what I was doing and didn't see a quarantine I removed it. THEN I ran DrWeb Cure and I did not disable Standard Shield.
It didn't find anything but I began having problems with my machine. This morning it booted up but nothing will open and I had to unplug it twice because
every time I tried to shut down I got these messages: Avast UI Control Window-End Program Avast and Avast not responding. All frozen--unplug again.
I'm just about nuts over all this misery. Thank God I have a second PC. I know better than to run two AV programs and though it was said it would be OK I don't think it was. Or do I just have an infection that has brought my machine to a standstill?
My task manager would not open but Process Explorer would and it says CPU at 100% but could not locate culprit. I do think Avast has become corrupted
even though I ran a scan last night with it. The scan was interrupted with incorrect screens like it was starting over but it did finally finish and shut down OK. Then today nothing works! Currently I have the box unplugged which was the only way to turn it off.
Please advise,
Donna
-
Neither MBAM or DrWeb CurIt should conflict with avast, though you don't have to, I would always pause the standard shield when doing a scan with another security program. You may possibly have an infection that is attacking avast, but that isn't by any means certain.
What avast processes are running in Task Manager, they begin with ash or asw, see image ?
MBAM doesn't directly say Quarantine, it says Remove Selected, it removes the original but a copy is placed in quarantine.
You don't say what the file name or location is, you should be getting used to this routine interrogation ;D it helps us to help you.
Try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow.
-
My machine simply would do nothing beyond the desktop--no task manager, no anything! I went into Safe
Mode and restored to Nov 26 and CPU is back to normal with everything working. The virus files are still in the chest. I really think the CPU culprit was HPProduct Assistant which was possibly in a loop. I have had
nothing but trouble since I installed my new printer in July because the amount of software with it should be against the law; I simply disabled what was bugging.
I'm back to the Windows firewall on XP and the router firewall; right now I don't care because you can't check something when nothing works. Avast seems fine.
I don't know whether I dare run an Avast scan (its in 4.8.1290) and see what happens. It may be where it
found the trojans the other day. What would you do?
-
To be sure you're clean, I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
Is there any useful information into Control Panel > Administrative Tools > Events, specially 'Errors'?
-
Thanks for the help. XP is running fine on the restore. A Complete Avast scan and SAS complete scan
shows nothing but I will do another one today.
Donna
-
XP is running fine on the restore.
Glad to know.
I will do other one today.
Good. Try MBAM.
-
I did just now and MBAM found another Trojan FakeAlert at this path C:\Documents and Settings\HP_Owner\GoToAssist_chat2way__317_en.exe (Trojan.FakeAlert) It matches no documents in Google.
Any idea what this is? I now have two of these in quarantine on MBAM on 12-1 and 12-4.
Donna
-
Any idea what, what is a) trojan fake alert or b) GoToAssist_chat2way__317_en.exe ?
a. A rogue application saying your infected when you aren't to try to extort money and or get you to visit a site where you are likely to be really infected.
b. The GoToAssist_chat2way__317_en.exe file is just a nondescript file name to make you think it is a benign or legit file. My google search on the file name matches many hits most to security relates sites.
-
:) Hi Donna :
MBAM "Detections" are best asked about on THEIR Support Forums at
www.malwarebytes.org/forums . It would seem the place to start would be
their "General......." forum, though you should consider using their "Search"
Feature . "Trojan FakeAlert" MAY be a symptom of a more serious malware
infection .