Avast WEBforum

Other => General Topics => Topic started by: Wilsty on February 13, 2010, 11:09:21 PM

Title: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 13, 2010, 11:09:21 PM
Hello, everyone.  I'm unsure if this has been answered in the forums before after being asked by other users.  If so, I apologize for a repeated question.

We've been using Avast for quite a long time on our home computer and it wasn't until recently that it got hit by a virus  (something "latawude.dll in the System32 files).  Anyway, my problem is this. 

After I download Avast Virus Cleaner and attempt to run the aswclnr.exe file, I receive a message saying "...aswlcnr.exe is not a valid Win32 application." 

These are the methods I've gone about downloading it.

-Firefox's downloader
-Downloading it via Internet Explorer
-Saving it to a USB drive

Still can't open it. 

Any help would be greatly appreciated.

P.S.  I'm an amateur when it comes to virus removal, so I figured it would be best to contact those with a bit more knowledge. 

Thanks for listening!

-Wilsty
Title: Re: Unable to run Avast Virus Cleaner
Post by: Pondus on February 13, 2010, 11:58:37 PM
Avast virus cleaner is an old program with a very limited detection and have not been supported for a long time
to my knowledge the normal avast program will do everything the old viruscleaner did and moore



Try these

malwarebyte antimalware http://filehippo.com/download_malwarebytes_anti_malware/
UPDATE and run quick scan. click on "REMOVE SELECTED" to quarantine any infections found

Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/


OBS: and come back and post the scan logs here
Title: Re: Unable to run Avast Virus Cleaner
Post by: DavidR on February 14, 2010, 12:27:09 AM
Quote from: Wilsty
After I download Avast Virus Cleaner and attempt to run the aswclnr.exe file, I receive a message saying "...aswlcnr.exe is not a valid Win32 application." 

This sounds like you have an infection, possibly a bagle variant as this error message is indicative of it blocking security programs. This is also usually protected by a rootkit.

The avast virus cleaner is limited to a small number of actual virus (file infectors) the aswclear.exe, which is completely different (for uninstalling avast). Neither of which will resolve this infection I believe.

So aside from the applications suggested by Pondus, you might want to try these:
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm (http://www.antirootkit.com/software/index.htm). Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip).
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight (http://www.f-secure.com/blacklight).

- GMER see http://www.gmer.net/ (http://www.gmer.net/). Don't take any action unless advised.
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 12:55:25 AM
Alrighty.  Here's what's been done so far.

1. Tried Malwarebytes, but received this message upon opening...
"Unable to execute file: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Create Process failed; code 2
The system cannot find the file specified."

So that was a no go.

2.  The Norman Malware Cleaner won't even start.

3.  I ran Panda and there were no rootkits found.

4.  I took DavidR's advice and ran GMER Rootkit Scanner and this is the log...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-13 17:49:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyikow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs       aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \FileSystem\Fastfat \Fat     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat     aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Hope this helps you guys help me.  Thanks again.



Title: Re: Unable to run Avast Virus Cleaner
Post by: Pondus on February 14, 2010, 01:34:22 AM
This means you have an infection blocking the install
Did you trie running Norman in safe mode?

Try Hitman pro http://www.surfright.nl/en/hitmanpro
How to start Hitman Pro in Force Breach mode http://www.youtube.com/watch?v=m6eRWTv2STk


follow the OTL part of this guide from essexboy, then he can see what is in there
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 04:42:36 AM
My computer isn't letting me start in safe mode.  It's as if it's pretending my F8 key doesn't exist.  I get to the part in startup where it says to push F8 to access safe mode and I push F8 and nothing happens.  Just boots in regular mode.

Hitman is scanning now.  I'll post if something happens.
Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 05:00:52 AM
Ran Hitman and it found a bunch of threats. 

Ran OTL.  Followed the instructions.  The program decides to become "unresponsive" once it hits the point where it says at the bottom, "checking service: hkmsvc."

So, I can't get a log if it's not going to work.

Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 05:14:51 AM
Here's a couple of screen caps of what Hitman found.  Wasn't sure what to do afterwards as I always seem to read that some should be quarantined, some deleted, some not touched.  I figured I'd post them first.

(http://i305.photobucket.com/albums/nn210/Wilsty/VirusShit.jpg)

(http://i305.photobucket.com/albums/nn210/Wilsty/VirusShit2.jpg)
Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 07:16:23 AM
Update:

Managed to get the computer to run in Safe mode.  Ran everything in Safe Mode.  Same results.

-OTL stops working after less than a minute.

-MalwareBytes won't start.

-Norman Malware Cleaner won't start.

The only thing that seems to be working is Hitman.

Oh, and the link to the video that Pondus linked is useless to me as ever since the computer got attacked, YouTube videos do not load.

 :'(
Title: Re: Unable to run Avast Virus Cleaner
Post by: Wilsty on February 14, 2010, 07:31:34 AM
Another update.

Ran Hitman and quarantined all of the files that were found.  At the moment, all seems to be well.  YouTube is loading, pages no longer require two clicks and a refresh to load, haven't ran into a pop up yet (knock on wood).

If it acts up again, I'll give y'all a ring.
Title: Re: Unable to run Avast Virus Cleaner
Post by: CharleyO on February 14, 2010, 02:01:01 PM
***

Thanks for the updates, Wilsty   :)

Hopefully, your computer will continue to run well. We will be here if needed again.

Please come back often and learn more.


***