Avast WEBforum
Other => Viruses and worms => Topic started by: ASAR25 on March 30, 2009, 02:52:23 AM
-
Hi i cant update avast...some programs crush all the time....(skype, msn messenger ,and mozilla )
can enyone help me and say whats the problem?
this is what i get when i try to update avast
30.03.2009 02:38:55 general: Started: 30.03.2009, 02:38:55
30.03.2009 02:38:55 general: Running setup_av_pro-537 (1335)
30.03.2009 02:38:55 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
30.03.2009 02:38:55 system: Memory: 55% load. Phys:466276/1047856K free, Page:1830140/2520316K free, Virt:2069096/2097024K free
30.03.2009 02:38:55 system: Computer WinName: COMPUTER
30.03.2009 02:38:55 system: Windows Net User: COMPUTER\Sasa
30.03.2009 02:38:55 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
30.03.2009 02:38:55 general: DldSrc set to inet
30.03.2009 02:38:55 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
30.03.2009 02:38:55 general: Old version: 537 (1335)
30.03.2009 02:38:55 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
30.03.2009 02:38:55 system: Using temp: C:\DOCUME~1\Sasa\LOCALS~1\Temp\_av_proI.tm~a00220 (62644M free)
30.03.2009 02:38:55 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
30.03.2009 02:38:55 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;p)
30.03.2009 02:38:55 system: Computer DnsName: Computer
30.03.2009 02:38:55 system: Computer Ip Addr: 192.168.1.64
30.03.2009 02:38:55 system: Installed in: C:\Program Files\Alwil Software\Avast4 (62644M free)
30.03.2009 02:38:55 internet: SYNCER: Type: use IE settings
30.03.2009 02:38:55 internet: SYNCER: Auth: another authentication, use WinInet
30.03.2009 02:38:55 package: Part prg_av_pro-537 is installed
30.03.2009 02:38:55 package: Part vps-9032800 is installed
30.03.2009 02:38:56 package: Part news-4f is installed
30.03.2009 02:38:56 package: Part setup_av_pro-537 is installed
30.03.2009 02:38:56 package: Part jrog-c4 is installed
30.03.2009 02:38:56 general: Old version: 537 (1335)
30.03.2009 02:38:56 general: GUID: 0b348da6-4e16-4927-8490-923c4c9445ea
30.03.2009 02:38:56 general: Server definition(s) loaded for 'main': 235 (maintenance:0)
30.03.2009 02:38:56 general: SelectCurrent: selected server 'Download703 AVAST Server' from 'main'
30.03.2009 02:38:56 internet: SYNCER: Type: use IE settings
30.03.2009 02:38:56 internet: SYNCER: Auth: another authentication, use WinInet
30.03.2009 02:38:56 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
30.03.2009 02:38:56 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
30.03.2009 02:38:56 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
30.03.2009 02:38:56 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
30.03.2009 02:38:56 general: progress thread start
30.03.2009 02:38:56 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;f)
30.03.2009 02:39:17 internet: Used server: http://174.133.30.186/iavs4x
30.03.2009 02:39:32 internet: Used server: http://174.133.30.186/iavs4x
30.03.2009 02:39:32 file: GetFileWithRetry: servers.def.vpu downloaded .
30.03.2009 02:39:32 file: GetNewerStampedFile:DSA_FileVerify(C:\DOCUME~1\Sasa\LOCALS~1\Temp\_av_proI.tm~a00220\onefile), error: 0x2000000B
30.03.2009 02:39:32 package: Download servers.def, servers.def.vpu failed with error 0x20000011.
30.03.2009 02:39:48 internet: Used server: http://174.133.30.186/iavs4x
30.03.2009 02:40:04 internet: Used server: http://174.133.30.186/iavs4x
30.03.2009 02:40:04 file: GetFileWithRetry: servers.def downloaded .
30.03.2009 02:40:04 file: GetNewerStampedFile:DSA_FileVerify(C:\DOCUME~1\Sasa\LOCALS~1\Temp\_av_proI.tm~a00220\onefile), error: 0x2000000B
30.03.2009 02:40:04 package: Tried to download servers.def but failed with error 0x20000011.
30.03.2009 02:40:04 package: LoadAllDefs failed 0x20000011
30.03.2009 02:40:04 general: Err:The package is broken
-
The package is broken... something is messing the avast update, maybe other browsers or programs running in background... can you post the last lines of the log?
-
ok ill tell you what i have when trying to update avast...:
first after some waiting i got a message the package is broken!
i go to view log ... and in a window werbosity i can select minimal normal verbose and debug...
i posted you a debug log...and there 's no more log than this
this problems ocured today when my skype suddenly crush and mozilla and msn messenger......i can start skype again but it repeats the crush again
is that some virus...
pleas help me ..
sorry for bad english.
-
can someone from the tech admins explain to me if this problem maybe looks like CONFICKER virus ?
unable to download updates for avast
mozilla crush from time to time
skype crush allso
msn crush allso
f secure scaner did not find any thing
kaspersky scaner on critical area did not find any thing
trend micro scaner didnt find any thing
instaled malwarebytes sofrweare and found 30 viruses and malvare!!but cant update it allso >:( !
i suspect on CONFICKER...can someone help.or give his opinion please.
-
any admin help today?
-
You still haven't posted the last lines of your log.
As long as you update your computer with windows updates, then no, I don't think you have the conficker worm.
Please post the rest of the log so that we may help you.
-
can you tell me where to find the rest of the log?
do i need to post from the log menu minimal normal verbose or debug log.....?
thats the options i have.
and i' did not updated my windows latelly
-
Well, if you're worried about conficker, go here and follow microsoft's instructions.
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
It's possible that you may have a firewall that is blocking Avast's update feature (obtained this:SUCCESS!
I found the problem in PCTools Firewall and removed it and now all is OK.
Thanks for everyones help. It is to bad that the rest of the world can't get along like we can and help each other instead of hurting each other.
take care everyone.
Mike
from this post from someone with the same problem: http://forum.avast.com/index.php?;topic=35969.0
It's also possible that your installation is corrupt. You can try to run a repair of avast from Add/Remove Programs applet in control panel.
-
instaled malwarebytes sofrweare and found 30 viruses and malvare!!but cant update it allso >:( !
Download updates from this link http://www.gt500.org/malwarebytes/database.jsp (http://www.gt500.org/malwarebytes/database.jsp) These are for version 1.35 Post the scan results.Strange that MBAM finds 30 viruses and Kaspersky nothing
Double click on update file to update MBAM. I believe these updates will only work with 1.35
-
ok ill try to update malwarebytes ...somehow..
i had personal firewall but yesterday i removed it from pc ..because i was suspecting that maybe its infected somehow...so now i only have windows firewall.
ill post log of that scan .
-
this is the first log which malware bytes has found....but its on my language!!! sorry i edited a litlle and put infected where infection is found..
so you can see what is found yesterday.
im doing now new scan...i hoppe its virus database is updated corectly.
ill post it here
Malwarebytes' Anti-Malware 1.35
Verzija baze podataka: 1904
Windows 5.1.2600 Service Pack 3
30.3.2009 6:08:24
mbam-log-2009-03-30 (06-08-20).txt
Tip provjere: Brza Provjera
Provjerenih objekata: 70289
Vrijeme trajanja: 3 minute(s), 16 second(s)
Zaraženi procesi u memoriji: 0
Zaraženi moduli u memoriji: 0
Zaraženi ključevi u registru: 21
Zaražene vrijednosti u registru: 8
Zaraženi podaci u registru: 1
Zaraženi spremnici: 0
Zaražene datoteke: 0
Zaraženi procesi u memoriji:
(Zloćudne stavke nisu otkrivene)
Zaraženi moduli u memoriji:
(Zloćudne stavke nisu otkrivene)
infected keys in registar ********:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
infected vrijednosti u registru********:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
infected** informations in registar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Zaraženi spremnici:
(Zloćudne stavke nisu otkrivene)
Zaražene datoteke:
(Zloćudne stavke nisu otkrivene)
-
It looks pretty well updated.It says no action taken did you check the boxes and choose remove selected
-
yes afer mbam found that i deleted all that.
this is the new log nothing found :(
Malwarebytes' Anti-Malware 1.35
Database version: 1893
Windows 5.1.2600 Service Pack 3
30.3.2009 18:56:28
mbam-log-2009-03-30 (18-56-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 105382
Time elapsed: 18 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
so how should i approach to this problem.
in your opinion
-
It looks pretty well updated.It says no action taken did you check the boxes and choose remove selected
-
yes i deleted all
-
Ok, is the problem fixed after removing the bad entries, or are you still having a problem?
-
Can you update windows now ? So Avast runs but will not update ? You could try a couple more scans, and post a Hijack This log
http://www.superantispyware.com/ (http://www.superantispyware.com/)
http://www.freedrweb.com/cureit/ (http://www.freedrweb.com/cureit/)
http://filehippo.com/download_hijackthis/ (http://filehippo.com/download_hijackthis/) open HJT choose 'scan and save a log file ' copy/ paste the results that appear in notepad
You could also try updating manually and run a boot time scan
http://www.avast.com/eng/updates.html (http://www.avast.com/eng/updates.html)
Post the HJT log first
-
Ok, is the problem fixed after removing the bad entries, or are you still having a problem?
Sorry about that scythe944, I didn,t mean to butt in.
-
Looks like he did as he has run MBAM again and no detections found in the latest MBAM log.
-
It's cool! it's "brute force" helping. lol.
-
ok i had some unpredicted events here in my house..lol sorry
after i made last scan with MBAM...the scan didnt find nothing any more but the crashing of mozilla and skype remain and i cant update avast...and for mbam it gives me information that its already updated.so i can't check if it working
i turned on automatic update for windows and tryed to go on the windows update page but something is strange nothing happens and the page freeze ..(not responding)
ill try to do hijack this scan
and try to update avast again manually
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:35, on 30.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ispuni obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Prilagodi izbornik - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Alatna traka - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spremi obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spremi - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spremi obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Alatna traka - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238439717937
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c987047ad7ad86) (gupdate1c987047ad7ad86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9197 bytes
-
i download the updates for avast manually and the message apears : virus database is updated from 090329-00 to 090330-00
ill do a boot time scan
-
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware and yours is well out of date and vulnerable to exploit. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp (http://java.sun.com/javase/downloads/index.jsp)
Or JRE version 6 update 13 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Fix:
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
See http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search={C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} (http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search={C2A1C5CB-C0EF-4689-9436-F62CCA1C5383})
Those O16 entries for on-line scanners can be removed/fixed as they aren't needed unless you are going to run the scans again, if you did want to run them again the activeX controls (O16 entries) would be recreated, so they are a bit redundant.
AdAware IMHO is a waste of hard disk space and has been a total passenger in this so I would say time for it to go. You now have MABM I would suggest you also get superantispyware.
You don't appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?
-
ok since i work online and i need my pc i decited to currently use another computer...
it think its better that way..now its even that 1 april thing coming...and i need to do some important transactions
about the sugestion to remove and update thank you ill try to do all that
also ill remove ad aware
i had a personal firewall... sygate symantec..but i remove it ..because i removed half of my pc yesterday when this started to happen..lol
i want to thank all of you for help ..and as soon ill be o my pc ill post again ..
thank you!!
-
You're welcome.
-
You should turn on windows update automatic :) if u didnt then you should me i have do that its a good way too for prevent of the worm and conflicker :)
-
I would also consider fixing the entry O1 - Hosts: 66.98.148.65 auto.search.msn.es, unless you know why its there.It seems suspicious, especially as all your problems seem internet based
-
ok ALL the problems remains the same ..cant update avast and MBAM also....i tryed to update windows but i dont have original windows and i just have genuine windows detector poping out all the time but dont know if i updated windows (dont know how to see if windows is updated) im at my pc again and will try to do as you guys sugested me......but
DavidR
1. can you tell me when i want to update java ...in ad remove programs i have ...... Java (tm) se runtime enviroment 6.
do i need to remove it and instal new from the link you gave me ( http://java.sun.com/javase/downloads/index.jsp ) or just update with that link.
2. how to fix O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
do i need to delete it?..where should i find that file ..and what i need to do with this link that you gave me?
http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search={C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
016 entries of online scaners i can delete in program files? or?
i removed ad aware
micky77
how do i need to fix O1 - Hosts: 66.98.148.65 auto.search.msn.es.
where do i find it and do i need to delete it.
thank you please help.
-
today i downloaded this http://www.bdtools.net/
bit defender removal tool for conficker ...hopping it will remove it .but mozilla instantlly crash on that page ...so i opened again and download it run a scan and in the midle of the progress bar on scaner..the program just informs ..no problem found....hm strange behaviour..
:(
-
To fix O1 - Hosts: 66.98.148.65 auto.search.msn.es, open HJT choose scan only, put a tick in the box next to that entry,then choose fix selected.Although I think there maybe another underlying problem elsewhere
-
This is hijack this new log i made today..
i selected all scaners and files that you have sugested me and fix them all from the old hjt log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:31, on 4.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ispuni obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Prilagodi izbornik - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Alatna traka - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spremi obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spremi - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spremi obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Alatna traka - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238439717937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c987047ad7ad86) (gupdate1c987047ad7ad86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7262 bytes
I instaled super anti spyware profesional and ...guess what.......cant update... :( .
the message i was geting was:
generic host processfor win32 services has encountered a problem and needs to close we are sorry ....
and in thechnical descriptions this locations was shown
c:/DOCUME~1/sasa/LOCALS~1/TEMP/WER fbfc.dir00/cvchost.exe.mdmp
and
c:/DOCUME~1/sasa/LOCALS~1/TEMP/WER fbfc.dir00/appcompat.txt
But i did complete scan with Super anti spyware and he found 2 viruses...here is thhe log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2009 at 10:26 PM
Application Version : 4.26.1000
Core Rules Database Version : 3816
Trace Rules Database Version: 1770
Scan type : Complete Scan
Total Scan Time : 00:14:28
Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 4691
Registry threats detected : 1
File items scanned : 12518
File threats detected : 1
Trojan.DNSChanger-Codec
HKU\S-1-5-21-1757981266-963894560-725345543-1003\Software\WinSpyControlDownloader
Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\SASA\APPLICATION DATA\THINSTALL\CSDATA\1000000600002I\SVCHOST.EXE
-
now Ill remove Java and instal new
-
***
Your latest HJT log looks good ... nothing to report except the absence of a firewall and I suppose your are using Windows firewall.
***
-
Thats excellent SAS has found the pigs thats stopping you updating your programs
You can update SAS manually ( use another pc ) http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html)
I take it you removed both threats, try another scan,if they return,reboot in safe mode ( f8 ) key and scan :D
-
I instaled http://www.freedrweb.com
dr web found:
ZAN2EA.exe.bac_a01120\data005;C:\Documents and Settings\Sasa\.housecall6.6\Quarantine\ZAN2EA.exe.bac_a01120;Trojan.Popclick.44;;
ZAN2EA.exe.bac_a01120;C:\Documents and Settings\Sasa\.housecall6.6\Quarantine;Archive contains infected objects;Moved.;
ZAN2EA.exe.bac_a02428\data005;C:\Documents and Settings\Sasa\.housecall6.6\Quarantine\ZAN2EA.exe.bac_a02428;Trojan.Popclick.44;;
ZAN2EA.exe.bac_a02428;C:\Documents and Settings\Sasa\.housecall6.6\Quarantine;Archive contains infected objects;Moved.;
bd_rem_tool_console.exe;C:\Documents and Settings\Sasa\Desktop\New Folder;Probably MULDROP.Trojan;Moved.;
some problems where automaticaly moved to quarantine and some where moved ..where (dont know)
i did not understand how can i update superantispyware manually with another computer
-
All those files named ZAN2EA.exe.bac, appear to be from what Trend Micros housecall online scanner found ::) Did housecall find anything ? Or maybe its something to do with the scanner.
http://forum.avast.com/index.php?topic=43784.msg366285#msg366285 (http://forum.avast.com/index.php?topic=43784.msg366285#msg366285)
The last 'threat' found by Drweb is the tool you used
http://forum.avast.com/index.php?topic=43784.msg367582#msg367582 (http://forum.avast.com/index.php?topic=43784.msg367582#msg367582) from bit defender
So all in all looks like everything Drweb found was no harm at all
To update SAS manually, download the definitions from another pc, and transfer to the infected one via cd, make sure SAS is not running and double click on the update file.This is only necessary if you cannot update automatically.
So after SAS found those two threats, are you still not able to update programs ?
-
ok i will update sas manually tomorow when ill be on other pc....
yes it seems that that's it ..those files were from bit bdefender tool...and yes trend micro found 3 or four problems ...but since it was not stated as big problems or viruses ..i did not posted that on forum..and it was one of the first scans and somethimes trend micro found even those potential problems..so it did not seems something important..sorry....
all problems are still here..
i updated java allso..removed skype and msn programs and half of pc ..but still mozilla crash from time to time and cant update avast sas and mbam.
also when i go to update page for windows the page freeze?! i dont have original windows so dont know if thats the virus that prevenhing me to update or microsoft.
besides updating sas and runing scan in safe mode is there any thing i can do more .maybe trend micro scan again or kasperski.?
thanks
-
Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD's:
1. Avira (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)
2. Kaspersky (http://dnl-eu10.kaspersky-labs.com/devbuilds/RescueDisk/)
3. BitDefender (http://download.bitdefender.com/rescue_cd/)
4. F-Secure (http://www.raymond.cc/blog/archives/2008/07/26/free-f-secure-rescue-cd-300-to-clean-virus-from-unbootable-windows/)
5. Dr. Web (http://www.freedrweb.com/livecd/?lng=en)
-
Well I am not too familiar with the hosts file, but I been experimenting a little with a program called hostsxpert. It allows all sorts of modifications to the hosts file.Something I think malware has already done to you.
Before you consider that program,can you look at your hosts file. Carefully, navigate to C/windows/system32/drivers/etc ( etc is a folder ) after opening etc you should see the hosts file.
Right click on the hosts file and choose open, when you are asked what program to use, choose notepad.
The contents will appear in notepad. Right click choose ' select all' which will highlight everything in blue, then right click and select 'copy'
Come back here and open a thread, right click and choose paste
Mine looks like this
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
-
Your hosts file is clean and ok.
Problem could be in some drivers into Windows folder that prevent avast to update, so, I've suggested the CD scanning.
You can also try a full computer on-line scanning:
BitDefender (http://www.bitdefender.com/scan8/ie.html)
ESET NOD32 (http://www.eset.com/onlinescan/)
F-Secure (http://support.f-secure.com/enu/home/ols.shtml)
For detection-only, not cleaning:
Kaspersky (http://www.kaspersky.com/virusscanner)
Trendmicro housecall (http://www.trendmicro.com/hc_intro/default.asp)
-
Your hosts file is clean and ok.
Thats my file Tech, not the OP
-
Thats my file Tech, not the OP
:-[ :-[
-
Thats my file Tech, not the OP
:-[ :-[
Tech maybe i misunderstood you. Seeing as ASAR25 has already removed zlob with MBAM a dodgy HJT entry O1 - Hosts: 66.98.148.65 auto.search.msn.es, SAS found Trojan.DNSChanger-Codec and Trojan.SVCHost/Fake not to mention what Housecall removed. Also he cannot update windows, SAS, MBAM, I thought it possible that maybe he's already removed the threat, but his Host file has been changed and was manually blocking sites. No offence intended to you :)
-
ok yesterday i was manually updating avast...AND started the avast program ...and in memory testing avast found 4-5 viruses... ;D ;D..
than program sugested aboot time scaner and i did it..since i was just about to go in another pc wich is not in my house i left the scaner to worh and clicked 2 to delete all problems found....
now i would like to put here the boot time log here but all i could find from this scan is this..
04/06/2009 17:34
Scan of all local drives
File C:\Documents and Settings\Sasa\Local Settings\vtlrtl.dyc is infected by Win32:KillAV-KS [trj], Deleted
Number of searched folders: 4631
Number of tested files: 32578
Number of infected files: 1
this was in C:\Program Files\Alwil Software\Avast4\DATA\report in file aswboot notepad.
is there any other boot time scaner log to find in details what avast found?
is there a log of viruses which i deleted whili avast was checking memory on opening of program..?
i think i managed to update avast!!!!!!!!!! ;D
I THINK my virus database is now 090407
ill do a full scan again..
-
i managed to update all programs ..no more viruses found skype is working ok mozilla is not crashing any more.. ;D ;D
big thanks to the avast forum community!!
-
***
Congratulations on your success!
***