Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Classic on August 22, 2010, 05:52:03 AM

Title: [Resolved] Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 05:52:03 AM
I got a virus alert from Avast a few minutes ago, on an infected site. Then suddenly, most of the internet stopped working. I say "most" because my Gmail, newsgroups, and torrents still work, but I can't access any websites (I'm typing this from my laptop).

I tried to open Avast to see if it's blocking something or changed the firewall, but Avast won't open at all. I have the latest version.

I'm assuming I got infected with the virus, and I don't want to restart. I've reset my modem a few times, but it's not that (and the internet is working fine from my other computers). Can someone please help me troubleshoot this issue? For starters, how can I open Avast to scan my PC?

Thanks
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 06:49:12 AM
I right click and run as Administrator, but it still doesn't open.  ???

anyone?
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 07:03:31 AM
Hi Classic and welcome to the forum.  :)

First I need to ask you some questions to learn more about your system:
1. What is your OS, 32 or 64-bit, RAM?
2. What version and product of Avast are you using?  5.0.594 is the latest version.
3. What security software do you currently and previously have on your machine including antivirus (AV), firewall (FW), and other security programs (resident and on-demand)?
4. Are you current with your Avast definitions?
5. Are you current with your MS (if you have Windows) Updates?
6. Are you current with your software updates?

When you say you got a "virus alert from Avast," what exactly happened?  Did something come up on the screen or was something put in the Virus Chest?  Try to give me more details as this will help.  Thank you.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 07:25:46 AM
thanks for the reply SafeSurf

1. Windows 7 32 bit
2. 5.0.5 something. I updated it maybe a week ago or sooner
3. Just Avast
4. Yes
5. No
6. Avast, yes.

I got a pop-up alert from Avast that said the site I was on had a virus. The page stopped working, and shortly after that, every site stopped working except for Gmail. I'd been to a similar site before in the past and got a variant of the gumblar virus. This was December 2009, and actually lead me to purchasing Avast in the first place. Avast has protected me against this virus all year, and now I can't open the program at all.  :-[

Any help would be appreciated.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 07:56:12 AM
Just to clarify your system:
1. You are using Avast Pro (paid), you think you have the most current version but not the latest definitions.
2. You are not current with your MS Updates?
3. What do you use for a FW?  Windows FW, third-party FW, or nothing?

Where you using Google at the time you got the splash screen alert? 

We will need you go use the machine that is having the problem.  I will need you to install Malwarebytes’ Anti-Malware (MBAM) to do an initial check for malware.  Please print these instructions, then download it onto the (possibly) infected machine:

·   Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.


If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts -- Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.

After doing this, use you unaffected machine to post while I review your MBAM log.  Do you have any questions?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:02:13 AM
1. Yes, I'm using pro and I have the definitions from late July. I'm not sure if those are the latest. This virus is from December 2009 though, I'm positive of that.

2. No, it's a trial of Win7 that I never updated.

3. Windows FW

I don't get an alert on Google or any other site. The browser tab just loads indefinitely.

I will download Malware and let you know, thanks.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:05:58 AM
mbam-setup-1.46.exe won't open on the other machine. Should I start to get worried?
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:15:13 AM
Quote from: Classic on August 22, 2010, 08:05:58 AM
mbam-setup-1.46.exe won't open on the other machine. Should I start to get worried?
Is the other machine the machine that was infected before?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:18:31 AM
That was last year, and I was using Windows XP. I've long reformatted since then.

Like I said, Avast has protected me from this all year. Now it won't open at all, and apparently Malwarebytes can't install.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:19:32 AM
Quote from: Classic on August 22, 2010, 08:02:13 AM
1. Yes, I'm using pro and I have the definitions from late July. I'm not sure if those are the latest. This virus is from December 2009 though, I'm positive of that.

2. No, it's a trial of Win7 that I never updated.
1. When I refer to Avast definitions, what I'm saying is Avast "updates."  Do you remember when you last got an update on the machine we are trying to fix now?

2. For future reference, it's good practice to keep your MS Updates current as well as your software to avoid security holes, which help prevent things from happening.  But we will get this fixed after figuring out what is going on and doing more work.  OK?
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:22:58 AM
Have you tried going into Safe Mode to download?  Only stay online long enough to download it then sign off.  Everything else can be done off-line for MBAM in normal mode.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:28:52 AM
Quote from: SafeSurf on August 22, 2010, 08:19:32 AM
1. When I refer to Avast definitions, what I'm saying is Avast "updates."  Do you remember when you last got an update on the machine we are trying to fix now?

2. For future reference, it's good practice to keep your MS Updates current as well as your software to avoid security holes, which help prevent things from happening.  But we will get this fixed after figuring out what is going on and doing more work.  OK?
1. Yes, I updated a couple of weeks ago.

2. Okay

Quote from: SafeSurf on August 22, 2010, 08:22:58 AM
Have you tried going into Safe Mode to download?  Only stay online long enough to download it then sign off.  Everything else can be done off-line for MBAM in normal mode.

I already downloaded the set-up file on this computer, and moved it to the infected one. The exe file will not run on it.

Is there a way to go into safe mode without rebooting? I'm trying to fix this problem before it gets worse, which it will if I restart my computer.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:33:23 AM
Quote from: Classic on August 22, 2010, 08:28:52 AM
I already downloaded the set-up file on this computer, and moved it to the infected one. The exe file will not run on it.
How did you do this?  With a USB Flash drive?
Are you getting an error message?  What is happening when you try to do the install?
Title: Re: Avast won't open, and http doesn't work
Post by: Gargamel360 on August 22, 2010, 08:39:28 AM
Alternative?>>http://www.superantispyware.com/ (http://www.superantispyware.com/)
Try the portable?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:40:02 AM
Quote from: SafeSurf on August 22, 2010, 08:33:23 AM
Quote from: Classic on August 22, 2010, 08:28:52 AM
I already downloaded the set-up file on this computer, and moved it to the infected one. The exe file will not run on it.
How did you do this?  With a USB Flash drive?
Are you getting an error message?  What is happening when you try to do the install?
It's on the network, I just moved it over. The internet  works fine on this computer, just not that one.

And nothing happens when I try to install. When I click the malwarebytes set-up file, or the Avast executable, nothing happens. No error, just nothing. There is something preventing virus protection from running on the machine. I right clicked, "run as Administrator" also, and nothing happens that way either.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:47:02 AM
Word of caution...some malware can spread from an affected machine to an unaffected machine through a network.  Until we know what we are dealing with, we need to be careful with both machines now.

Try installing SuperAntispyware portable http://www.superantispyware.com/ (http://www.superantispyware.com/) as previously suggested and let me know how this works.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:48:23 AM
Thank you Gargamel360 for your suggestion.  ;)  Hopefully this works for the OP.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:52:16 AM
Quote from: Gargamel360 on August 22, 2010, 08:39:28 AM
Alternative?>>http://www.superantispyware.com/ (http://www.superantispyware.com/)
Try the portable?
This worked. I put this file on my USB drive, brought it to the other machine, ran the update, and I'm now doing a full scan. I'll report what I find.

Thanks
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 08:54:53 AM
Remember...this USB drive is now considered infected.  Do NOT put it back in your other (non-infected) machine!
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 09:22:37 AM
scan is done. how do I paste the results without connecting my USB?

I'll try something, give me a min...
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 09:28:02 AM
You did the scan on your infected machine...right?  Just copy and paste it in your post.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 09:29:13 AM
The infected machine cannot browse/view websites. I feel like I'm repeating myself a lot here.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 09:31:53 AM
Worked around that. Here's the log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2010 at 02:18 AM

Application Version : 4.41.1000

Core Rules Database Version : 5390
Trace Rules Database Version: 3202

Scan type       : Complete Scan
Total Scan Time : 00:29:14

Memory items scanned      : 914
Memory threats detected   : 0
Registry items scanned    : 8257
Registry threats detected : 0
File items scanned        : 31341
File threats detected     : 353

Adware.Tracking Cookie
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@a1.interclick[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.mediafire[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@pointroll[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@doubleclick[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@content.yieldmanager[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@interclick[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@youporn[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@www.burstnet[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ads.pointroll[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@tribalfusion[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@mediafire[1].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@realmedia[2].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[3].txt
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@burstnet[2].txt
    .burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .doubleclick.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .invitemedia.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .paypal.112.2o7.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .www.burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adbrite.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .adecn.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    www.burstnet.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    www.burstbeacon.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .burstbeacon.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .bs.serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .serving-sys.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .legolas-media.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .revenue.net [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .content.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    ad.yieldmanager.com [ C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    acvs.mediaonenetwork.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    bc.youporn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn.insights.gravity.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn2.invitemedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cdn4.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    cloudfront.mediamatters.org [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    content.yieldmanager.edgesuite.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    convoad.technoratimedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    core.insightexpressai.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    crackle.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    i.adultswim.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    ia.media-imdb.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    indieclick.3janecdn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.foxsports.com.au [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.king5.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.mtvnservices.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.mtvu.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.onsugar.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media.scanscout.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media1.break.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    media2.firstshowing.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    mediaforgews.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    msnbcmedia.msn.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    objects.tremormedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    s0.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    secure-it.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    secure-us.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    static.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    video.redorbit.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.naiadsystems.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.pornhub.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]
    www.three21media.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6BD7T6GU ]

Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 09:39:46 AM
I don't use SAS (the software I had you install that was suggested); I use MBAM.  Did SAS give you the option of putting infected items into quarantine?

Also, do you have any saved passwords on the infected machine?  If so, please delete them if you can.

Are you able to download anything at this time without having to waste more USB sticks?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 09:45:51 AM
I'm already familiar with SAS and how to use it. I thought this forum would help me to run Avast though, the software I actually paid to use. I truly apologize if I come off rude, but this problem is very frustrating for me, and your replies are somewhat redundant. I know you're just trying to help, but this is killing me right now.

I'm going to go rest and take another stab at this in the morning. If anyone else has any replies, please leave them. Thanks in advance.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 09:48:24 AM
You have malware...that's the problem.  What I need to know is can you download anything to this machine.  I need to you download something now if you can.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 09:50:29 AM
What is it?
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 22, 2010, 09:58:21 AM
We need to run more diagnostic tools, that is why I need to know if you can download.  I need you to download OTL:

OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide.  Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan.  It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.
Download OTL  to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Check the box that says Scan All Users
    * Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
          o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
          o Post both logs to your desktop.  Attach both logs to your next post.

I have asked our Certified Malware Expert, Essexboy, to follow up with you after you post your OTL logs.  He will ask you additional questions and give you more directions to help you with this problem.  I'm not sure if he will be here over the weekend, but please look for his post in this thread.

When your problem is resolved, we will help you with a massive PC clean up, updating of software, and everything else that is needed...a "Spring Cleanup" as it is called.

Edit:  If you have difficulty downloading OTL, go to Essexboy's Sticky on Avast http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) and download it directly from there.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 06:05:24 PM
I can't run the OTL.exe file on the infected computer, even renamed. Is there a portable version?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 06:28:42 PM
I just read this (http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/) but I can't run TFC either. It's not letting me run any recognized virus software.

Is there no way to just close this malware without rebooting? As soon as I do that, it's going to really screw over everything, I know this already.
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 06:36:56 PM
Hi lets try this first, if it fails go to Plan B

 Note: If using Firefox right-click on any download links and choose Save As as these are .scr files and FF interprets them as text

Please download OTH (http://oldtimer.geekstogo.com/OTH.scr) to your desktop
Please download OTL (http://oldtimer.geekstogo.com/OTL.scr)  to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

(http://oldtimer.geekstogo.com/OTH/OTH_Main.gif)

Then select Start OTL. OTL will now run

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
* rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
* rkill.pif  (http://"http://download.bleepingcomputer.com/grinler/rkill.pif")


Once it is downloaded, double-click on rkill  in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:01:23 PM
The process of dragging the OTH to my desktop causes everything to lock up. The dialog box is frozen and won't change. I tried running rkill, but it's stuck too. The circle over the cursor is just spinning, nothing is happening.
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 08:06:31 PM
Windows eventually crashed. I'm trying to restart explorer.exe without rebooting, but it's still locked up. I can't access the start menu, let alone the drive that rkill is on.  :'(
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 10:46:19 PM
Do you have access to a cd and computer with a cd burner ?

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
Note : as you are running from CD it is not exactly speedy
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 10:46:59 PM
Okay, the PC finally became unusable, so I was forced to reboot. I ran OTH, and used that to run OTL with the custom scan.txt

Thanks essexboy. I've attached the two text files.

What's my next step?
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 10:54:26 PM
Looks like we may have a well hidden rootkit here

Download ComboFix from one of these locations:


Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 10:56:59 PM
Quote
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 6.81 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 4.94 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.77 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
This is also a very severe problem - you have no drive space left - you will need to clear at least 15% from each drive
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 11:03:43 PM
Thanks for the quick response.

Can this Combofix actually fix what's wrong, or just produce more reports? I did something similar to this last year, and ended up having to reformat. If I have to do that again anyway, I'd just assume not waste Sunday downloading virus programs. If you had to guess based on the OTL report, what's my next step after pasting the Combofix report?
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 11:05:47 PM
Also, should I try to install Malwarebytes now that OTH can kill processes, or is Combofix better than Malwarebytes?
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 11:08:47 PM
In fact in retrospect - I reckon if you clear at least 10 - 15% from your C drive things may well start working again.  Ignore combofix for now and lets try to make some room to work with.  This programme will clear your temporary files - but you do need to move some files (MP3, Pictures, movies) over to the drive which has lots of room on it  Drive J: | 973.17 Mb Total Space | 531.34 Mb Free Space | 54.60% Space Free | Partition Type: FAT

Clear Cache/Temp Files
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 11:12:54 PM
I'm pretty sure I have malware, specifically a variant of the Gumblar virus. I don't think clearing space on my harddrive is going to solve that. It's not running slowly since the reboot, I just believe it to be infected still. I could be wrong though, what's the best way to check that?
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 11:21:49 PM
When windows operates memory and data is continually swapped from RAM to the HDD as more programmes are used, at the moment you have no spare capacity on your hard drive so the system will get slower and slower as all available RAM is used until it freezes.  OTH cleared all processes from memory so the system could commence working again.  From the OTL scan there was nothing running that would stop your programmes from running

Run TFC and let me know how much space that clears, then you must look at either deleting unused programmes or moving data file to another drive.  Otherwise any removal tools I use could break your system 
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 11:25:12 PM
I have 7 gigs free on my C drive, and 4 gigs ram. How am I going to break my system by removing a virus? I don't quite follow.
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 11:29:54 PM
There will be a lot of file movement whilst the tools are working and if the system runs out of RAM or swap space a file switch may be disrupted halway through - you could then end up with a missing system file that stops the boot or system operation
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 22, 2010, 11:35:44 PM
Okay, I'm going to clear about 80 gigs from my C drive and come back. It should take a while.

What's next after that?

Also, Avast is working now, so I'm running a full scan while I move some larger files from drive C. I'll report what it says.
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 22, 2010, 11:37:01 PM
Once that is done then you can safely run Combofix
Title: Re: Avast won't open, and http doesn't work
Post by: YoKenny on August 22, 2010, 11:42:58 PM
I would buy a second hard disk either internal or USB to off-load or backup the overcrowded C: drive.

http://ncix.com/products/index.php?sku=36050&vpn=ST3500418AS&manufacture=Seagate&promoid=1088
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 23, 2010, 01:17:19 AM
Avast found nothing.

I put ComboFix on the desktop and nothing happens when I run it. I disabled Avast and ran it again, but still nothing.
A small status bar appears, finishes, and then nothing.
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 23, 2010, 08:06:24 AM
Classic,

Quote from: essexboy on August 22, 2010, 11:21:49 PM
Run TFC and let me know how much space that clears, then you must look at either deleting unused programmes or moving data file to another drive.  Otherwise any removal tools I use could break your system.
Did you Download TFC by OldTimer to your desktop and run it?  How much space was freed up when you ran it?  It tells you in a pop-up window.

link=topic=63069.msg532784#msg532784 date=1282510619]
Quote
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 6.81 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 4.94 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 0.77 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
This is also a very severe problem - you have no drive space left - you will need to clear at least 15% from each drive [/quote]
Did you clear out at least 15% from each drive listed above?  In your last post, it sounds like you only were going to remove 80 gigs from my C drive.  If you need to put pics, music, etc. onto your J:/drive, which seems to have plenty of room...you can do that. 

Please try to follow Essexboy's instructions as he is trying to repair your machine.  Thank you.  He should return in the morning.

As for Avast, just keep it running as normal.  Don't do anything more except the instructions that Essexboy left you (see above).  Thank you.

Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 23, 2010, 11:51:48 AM
Lets try a different tool

Download avz4.zip from here (http://z-oleg.com/avz4.zip)
Note: If you recieve an error message, chose a different source, then click Start again


(http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png)
When restarted

(http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png)
Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post
Title: Re: Avast won't open, and http doesn't work
Post by: Classic on August 26, 2010, 09:15:20 AM
Sorry for the lack of response. None of these programs were satisfactory, so I just reformatted. The virus appeared to be gone, but I had the same virus last year, and it's pretty vicious. It retrieves all logins from your FTP client, and uploads itself to every site that you admin. I couldn't take any chances, so I had to start from scratch.

Thanks for all of the responses.

One follow-up question. When I run Avast, it finds one infected file on my D drive in a hidden folder (System Volume Information), but when it tries to delete or move to chest, it says the file can't be found in red text. I can't access this folder at all manually, so I can't see whether it exists or not, but Avast says the mystery file is infected. Ideas?
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on August 26, 2010, 09:28:07 AM
I would wait for Essexboy to respond as he may need to uninstall some tools that he used or give you additional instructions.  Thanks.  :)
Title: Re: Avast won't open, and http doesn't work
Post by: essexboy on August 26, 2010, 03:09:56 PM
That is in the system restore folder of your D drive, turn off system restore for that and then turn it back on again.  That should clear it
Title: Re: Avast won't open, and http doesn't work
Post by: SafeSurf on September 07, 2010, 09:35:58 AM
Classic, please let us know if everything is working on your machine now.  Thank you.
Title: Re: [Resolved] Avast won't open, and http doesn't work
Post by: Classic on September 07, 2010, 09:40:54 AM
Yes, everything's fine. You can close this thread, thanks again.