Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Datagg on June 30, 2004, 11:51:11 PM
-
Oh man, yesterday sucked so bad. Ill try to make this as short as possible here. Yesterday, Avast went off, Virus, Haxdoor virus, I deleted, again not one second later, went off again with, same hting, a total of at least 9 times, one after the other it went off. Then, I immedietly started to get Browser pop ups. Avast was shut off, so was my firewall. Both programs were shut down. I disconnected my modem, asap, for outbound connections were happening and no protection. Restarted up avast manually, to find that the Resident scanner was off, and the program was glitchy. Same with outpost, it was completely disabled in all settings. What ever this thing was, has wreaked havoc. At this point, there is a huge background screen on desktop that is black. Outpost wont turn on, avast is reporting memory resident viruses. So, I chose to run on boot up the memory scanner. Took a long time, but it reported thru this course, a Haxadoor.trj plus another 12 instances of trj and viruses hitting everthing from Windows 32, to mstask, it was just crazy. Deleting each entry as it was found, it was painfully obvious to me that the comp was going to be shot. Ironicaly, it booted back up. Yet outbound connections were active, clicks and background desktop corruption. Avast at this point wont load up, firewall also. Not even manualy, woudl they start up. Ran my spyware programs, showed a few, deleted them . Stil with cables pulled form modem, I decided to go to safe mode and run these tests.
Took 3 tries to get into safe mode, the rest of the time it wouldnt even boot.
Well, things only got worse, and at that point I just wound up reformating entire drive and now im here.
This computer was fort knox, well at least I thought so till yesterday. Thru some kind of virus, and I wish I could tell you more, I had no logs showing, becasue the programs were wiped out, it was like they were targeted, and new how to disable all protections.
Those few names, of haxadoor, or haxdoor, and so many .trj files of various names, I couldnt begin to tell you all of them. But this all happened in a course of 2 minutes. Avast went nuts, then was shut down, same with firewall.
This was a clean system up tothat point. Lie said im very security conscious, run scans everyday including virus, and spyware checks.
This was just so completely unbelievable
Well sorry this is so long, and for the ones who read it all, thanks for your time. Just wanted to share with yall, something that I have never seen before. I was shocked to say the least.
Dont know whats out there now, or if it will happen again. I am still using the same security protocols I have used for years now.
So becarefull you guys.
-
Datagg, I feel sorry about that :'(
Did you protect the ashServ.exe by Process Guard 1.1 (http://www.diamondcs.com.au/downloads/pgfree.exe)?
Seems that the virus 'disabled' avast...
With the Professional version, I suggest to use a password...
-
No I used to have proccess guard on here, but got rid of it. And im running home version.
All is well now, but I need to find out what in the heck cuased this to prevent it again.
-
All is well now, but I need to find out what in the heck cuased this to prevent it again.
Oh I will tell you how to prevent it... Switch to Mac OS X!!
Ok now being serious, Like technical said try the process guard. protect the avast services and the firewall services. (Mabye even get a hardware firewall?)
-
I do have a hardware firewall, luckily that is...
I just reinstaled protect guard also
-
Also try running Stinger (http://vil.nai.com/vil/stinger/) by McAfee. It's an on-demand AV that targets the viruses that disable firewalls & anti-viruses.
-
Why do you believe stinger is important at this point. Fresh instal of os, full avast up and running, outpost, and full version protect guard.
Im not saying you arent correct.Just trying to understand your thoughts. Avast + (gulp mcafee) is a scary endeavor...
-
As anyone used protect proccess here. Im using all option thus far to protect, all otehr programs such as outpost etc gave gloabal rights to download updates. But avast will not download, keeps saying not enough rights...All exe in avast folder given permission for hooks and download drivers in procccess guard. Does anyone have any idea how to fix this.....???
-
Are you sure HaxDoor was the name of the virus reported? Which file was reported as infected?
Did the alert from avast come suddenly (with no particular timing) or were you browsing e.g. some not-really-safe websites at the moment?
Thanks
Vlk
-
Vik I so much wish I could give you more. Avast lit up, alarm after alarm. Once i was allowed to run a boot memory scan, it showed a virus called haxadoor and then many many trj.... When avast went off, it was like litterally 10-12 times. I was browsing, then a pop up, then all went to hell.
I just got the full version pf protect guard tonight to prevent this from happenign again, yet when i have the program on full protection, im unable to download av updates, says not enough user rights.
I do have every exe in the folder, telling it to allow downloads and drivers, yet still no luck. Only way it will work is if I drop the protection " Block drivers and services protection "
Perhaps one of you guys know why that is hopefully.
As said vik, I wish I had more, there were no logs in any programs I had, outpost or avast. Whatever I got hit by completely wiped out all my protection programs. It even turned off the avast scanner once I was able to manually boot it up...it was unreal, and I dont want it to ever happen again I tell ya.
I looked up haxadoor, didnt see anything on it, so im really lost here...
Thanks vik and all who can assist here on this
oh and vik, from wha tI recal, the files done at boot scan showing were mstask.exe,windows32.exe,documents,tempfiles, so many, im trying to remember them all, there were at least 20 or so in total
-
Well i found the culprit..Reading up on it, brings back things that I forgot...
http://www.sophos.com/virusinfo/analyses/trojhaxdooru.html
Does anyone kow why I cant get updates with full process guard protection all point. All esle will work, yet avast will not even when told to allow download/etc still wont..says not even access to do this...
im sure its a setting im missing..all eexe in avast folder was given permission to hook up, yet doesnt matter unless the protection is disabled
-
Really unlucky !! You have many advanced protection software and hardware, but do you have the basic protection ? that is : don't use Internet Explorer and don't use Outlook.
Sometimes the best protection is basic protection. I recommand Mozilla or Firefox and Foxmail. All freeware.
-
I have many browsers, i design websites so i have to have them all. Email is mozilla.
-
i sypathise with you and wish i could help with process guard i also run it but i only have the trial/free version which allows one process so i have it on zone alarm . my question would be have you got any resident shields running as the likes of SSD and SWBlaster are great and free and use little or no resources . i also run a program called MRU blaster but i dont know wether that does any good or not.
-
My complete seet of security is Avast,outpost,spyhunter,aluria (protects against spyware installations ) spyware blaster,and now process guard.
Ive been real lucky for years now, pretty much fort knox on my end, and with my harwired firewall also I was pretty confident i was secure. Till yesterday, never witnessed before all my security programs being eradictaed 1 by 1....Hence now I just bough process guard....
Pretty sad when your protection programs needs protection themselves......
-
Pretty sad when your protection programs needs protection themselves......
Yeah... Don't give up. Let's learn about this tragedy... :-\
-
Oh im not giving up......Love avast too much and outpost for that....
Now im messign around with Process Gaurd. I got the entoire comp locked up, yet no matter how I give all avast exe's full permission in the rights, it wont download . Outpost and all else works, yet this is driving me nuts. Globally all is prevented to download anythign without permission . In the list, adding the main avast exe, and giving it right and to allow driver updates etc, doesn not sem to be working. I just went thru and added all the exe files in the avast folder, gave them all permission, yet still it says when i initiate a download, i dotn have anough access to do this. Damn, perhaps there is a .dll that needs permission or something. Anyone got any ideas????
sorry for typos, ive been up like 24 plus now gettign things back to normal. And making sure to the best I can that this never happens again.....
fyi- Just got word form one of the PG moderators , pretty much said what I wrote above as far as anotehr process somewheres.....Heres what he wrote.
-----------------------
I am pretty certain that it is another executable file that is probably not in the main Avast folder but possbly in Windows system32 folder or one of it's sub folders.
Avast support should be able to tell you which of it's files call up a service/driver and then you can make the necessary allows
--------------------------
Anyways, as mentioned all in avast folder is clicked on and given full rights.. Any suggestions??
Thanks yall
-
Well i'd go with my avast! External Control utility and schedule Boot-Time scan externaly from it :P You can get it in my signature.
This is the easiest way. You should also update avast! IAVS before Boot-time scanning with AEC too.
-
There are no perfect defense against PC gremlins. I keep ONLY the operating system in the primary C partition (only 710MB), then make weekly backup image file of that partition. That way, I can restore the PC with the good image file in case of a major corruption.
I don't even run a full-time AV scanner in the background. Just ZA Pro 4.5 (high security mode) and the e-mail scanner. This is one way to obtain a fast PC with near-perfect restoration capability. There are many good imaging software...True Image, Drive Image, BOOTITNG, etc....
F.
-
Thanks all. Does anyone know why PG wont allow updates to work for avast. One of the moderators at PG forum said there must be an external file somewheres which I cant find that I must allow. If anyone has thsi info i would be appreciated. Im new to this PG program, so any suggestions would be so cool.
And again thank you for the avatar my good friend....
-
Does anyone know why PG wont allow updates to work for avast.
For me, not a trouble (free version of PG and Pro version of avast 8)
One of the moderators at PG forum said there must be an external file somewheres which I cant find that I must allow.
Datagg, the only file that asks for permitions into firewalls is avast.setup.
Do you have the services of avast set to be run automatically with Windows? Specially aswUpdSv.exe
-
Datagg-
Sorry for your luck.I hope it doesn't happen to me too!
I use WinPatrol ( bob's suggestion) Spyware guard and blaster,Spybot resident+Script defender.
Also I use some on demand scanners,Ad-Aware,Bazooka,HijackThis,Swat-it,CrapCleaner
+xp-Anti-Spy.
I hope you have better luck with this install
-max
-
Tech, yes all runs when windows is turned on. But, with pg full version is protecting all system with all instances protected globaly, and then inseting avast exe and gi9vinh them allow rights, still wont allow dlownloads for avast..disable global block drivers and services in protection, it then will download again...
So eitehr im missing a exe file to allow, or it is somewhere esle and i cant find it..... In anotehr thread, this guy tells me to tell avast.setup to allow in list, yet this exe doesnt exist in the avast folders..... So im really lost here to say the least.
And Max, i hope it never happens to you either bro....
-
In anotehr thread, this guy tells me to tell avast.setup to allow in list, yet this exe doesnt exist in the avast folders..... So im really lost here to say the least.
Datagg, I think avast.setup is under setup folder of avast (avast4\setup).
It's created by setup.ovr, for instance, renaming itself from setup.ovr to setup.exe.
In the past, kubecj said me this will bring trouble but is how it works.
I was trying to access the Control Panel applet of avast!
-
Hmm I see the .ovr...gave it full rights, still nothing....
It went in the list as a exe though, showed the avast ball... yet still same as before, not enough rights....this is very frustrating, i know it has to be somehing we are just missing.
-
Tech, watchign in the avast folder when trying to access a download, the ovr dose indedd turn to avast.setup.........yet it leaves once i click ok to access rights denied.....so i cany get it in the allow list. Making the.ovr in list wit hful access changes nothing. Perhaps an avast peep can shine in here to help also.
OS is xp home....
For the hell of it tech, i tried to reinstal avast to see if anythign comes up, it wound up being the same denial for access rights.......uncheck the global protection bloclk driver and services, it works again.......every exe has been given rights thus far in avast folder, there must be something strange im missing here..... anyone
-
This is such bs.... here is the log
01.07.2004 21:42:57 general: Started: 01.07.2004, 21:42:57
01.07.2004 21:42:57 general: Running setup_av_pro-1a2 (418)
01.07.2004 21:42:57 system: Operating system: WindowsXP ver 5.1, build 2600, sp 1.0 [Service Pack 1]
01.07.2004 21:42:57 system: Computer WinName:
01.07.2004 21:42:57 system: Windows Net User:
01.07.2004 21:42:57 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
01.07.2004 21:42:57 general: DldSrc set to inet
01.07.2004 21:42:57 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
01.07.2004 21:42:57 general: Old version: 1a2 (418)
01.07.2004 21:42:57 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
01.07.2004 21:42:57 system: Computer DnsName: ***
01.07.2004 21:42:57 system: Computer Ip Addr: ****
01.07.2004 21:42:57 internet: SYNCER: Type: -1
01.07.2004 21:42:57 internet: SYNCER: Auth: 0
01.07.2004 21:42:57 package: Part prg_av_pro-1a2 is installed
01.07.2004 21:42:57 package: Part vps-42700 is installed
01.07.2004 21:42:57 package: Part news-40 is installed
01.07.2004 21:42:57 package: Part setup_av_pro-1a2 is installed
01.07.2004 21:42:57 general: Old version: 1a2 (418)
01.07.2004 21:42:57 registry: ERROR!:Cannot access registry HKLM\SYSTEM\CurrentControlSet\Services\TestService, error code: 0x00000002
01.07.2004 21:42:57 general: Err:Not enough user rights to continue.
disable protection in pg it works..enable,does not working...the above is the error it generates..... Vik ,avast peeps, a loyal user needs help here....
-
If you can't give access rights to a non-existent (at the moment) file - how about simply copying the avast.ovr file to avast.setup, granting the access and then deleting it again?
I guess I should note that I don't know anything about PG, so I can't say how (whether) it detects the validity of the file (if it's just a name, or even the content - the file will be updated during avast! updates).
-
Igor, is there a particulary reason for updating this way (a file changing itself to another name)? You need to allow firewall access and, in this case, Process Guard access...
I'm afraid it will be so stupid to detect only the file name that PG must have any kind of CRC check... ::)
-
I guess it has a reason, but you'd better ask Kubec about it ;D
As for the check... well, the content of the file is updated during each program update - that's the fact.
-
The reason is to prevent you guys from running the updater manually... :)
Well maybe not really you guys but all the curious users out there... Running the updater with invalid command line can screw up the installation. It was not meant to be run directly.
-
I guess it has a reason, but you'd better ask Kubec about it ;D
As for the check... well, the content of the file is updated during each program update - that's the fact.
Datagg posted in another thread that he could grant access and so avast was updated... It's weird, unless, like you said, the content of the file only changes in program updates, not virus database update.
-
The reason is to prevent you guys from running the updater manually... :)
Well maybe not really you guys but all the curious users out there... Running the updater with invalid command line can screw up the installation. It was not meant to be run directly.
Do you mean updating without a valid license key?
-
Do you mean updating without a valid license key?
No. I mean updating by directly running "avast.setup" (or whatever name it would have).
-
Does the Home version include the file ashUpd.exe?
If so, why executing avast.setup directly?
-
It does not, and even if it did, I'm sure there would be thousands of adventurers who'd be increasing their adrenaline level by running the updater directly... ;D
-
It does not, and even if it did, I'm sure there would be thousands of adventurers who'd be increasing their adrenaline level by running the updater directly... ;D
In fact I did it twice in the past ;D
Kubec alert me that I'll do s**t ;D