Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: coolmoe on December 28, 2010, 05:54:00 PM
-
This weekend I picked up a virus or spyware. It would not allow me to open most of my applications and constantly created pop-up screens, prompting me to buy an antivirus product everytime I tried to click on icon on my desktop. After doing some research, I found out about Avast and installed the free antivirus software on my PC, then ran it in safe mode. Avast identified the infection as Win32:gen-rootkit[rtk] and I, promptly, placed it in the virus chest. But after I logged on again I noticed that I could not connect to the internet through IE or Firefox, although I was connected to my network. I went back to safe mode and, strangely, I was able to use my browers in safe mode. Can anyone help me with this dilemma?
-
I suggest you to run a full scam with Malwarebytes to see if something escaped from Avast! ;)
You can download Malwarebytes, here: http://www.malwarebytes.org/mbam.php (http://www.malwarebytes.org/mbam.php)
Install it, update it and run the scan.
Give a feedback and post the log when it's done.
-
This weekend I picked up a virus or spyware. It would not allow me to open most of my applications and constantly created pop-up screens, prompting me to buy an antivirus product everytime I tried to click on icon on my desktop. After doing some research, I found out about Avast and installed the free antivirus software on my PC, then ran it in safe mode. Avast identified the infection as Win32:gen-rootkit[rtk] and I, promptly, placed it in the virus chest. But after I logged on again I noticed that I could not connect to the internet through IE or Firefox, although I was connected to my network. I went back to safe mode and, strangely, I was able to use my browers in safe mode. Can anyone help me with this dilemma?
Hi coolmoe: Could you please provide further information, it will help in providing pertinent advice.
What OS are you using? Do you have any other security software installed on your machine? Also what version of Avast did you install?
-
Hi coolmoe: Could you please provide further information, it will help in providing pertinent advice.
What OS are you using? Do you have any other security software installed on your machine? Also what version of Avast did you install?
and what are you going to tell him once you know that ??? ::)
-
Hi coolmoe: Could you please provide further information, it will help in providing pertinent advice.
What OS are you using? Do you have any other security software installed on your machine? Also what version of Avast did you install?
and what are you going to tell him once you know that ??? ;D
Well I'm not sure. ;D
I like to know, before saying anything ;)
-
I'll tell you, probably that 2 firewall conflicts, that two AVs conflict etc...etc... I mean there seem to be a couple of noobs on the forums posting the same useless canned answers to increase their post count here. Give us a break okay, enough is enough. Mods stop that, thanks. This forum is slowly becoming an Internet garbage can. Save it before it's too late and all the guys who really help here get so pissed off that they stop coming around. I mean reading all that crap posted, reposted, re-re-posted is absolutely unbearable. Again it's not just the above poster, it's about ten like him who are currently making this place become the a**hole of the internet. Other people on other security forums must have a good laugh I tell you ::)
@schmidthouse: the OP in this thread has got a computer virus infection, if an mbam scan doesn't help like already suggested,he needs a malware expert, and there's only one that I know here, so just don't interfere if you have nothing to say.
-
Thanks for your response. My operating system is Windows XP. I also have Norton Internet Security (although it expired) and McAfee (also expired) I don't use either one of them for antivirus protection. I just recently installed Zone Alarm and Spybot Search and Destroy; both of them are freeware products. After installing and using them for a couple of days my machine worked fine. It all went haywire after I picked up that virus. Avast helped but my only problem is the internet connection. I'm not sure what version of Avast I installed. On the website it is listed as the free antivirus. All free stuff I know. I was experimenting this weekend LOL! Thanks again.
-
get rid of all the extra crap, i.e. other expired security software. Drivers are still loading and that's a problem. Use cleaners from Norton and McAfee if necessary. Then reboot. Once there make sure that you got the latest Avast 5 official build and update it. Now you didn't tell us what the mbam scan did? (see the first answer that you got in this thread)
ps: uninstall Zone Alarm too, it does conflict with most security software. Also remove spybot, it's oudated and useless.
-
...just pm'ed essexboy (he's a malware specialist here). He'll help you if you can't get rid of your infection. Just do what he says, follow his instructions okay ;)
-
I have to wait until I get home this evening to do mbam scan. My laptop is at home. I will post the results then. I will also get rid of the crap and follow the instructions. Thanks again.
-
You can find most of the uninstaller's here http://uninstallers.blogspot.com/, delet the program's that Logos has mentioned from add remove program's first then run the uninstaller tool's from the link i supplied in safe mode.
-
- A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)
Or ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe (ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe)
- You didn't say which McAfee version, so here are the various tools:
- McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe (http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe)
Or http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html (http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html)
2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe)
Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525 (http://ts.mcafeehelp.com/faq3.asp?docid=71525)
-
Yep remove the old AV's as all they do is use resources
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs please
-
I'll tell you, probably that 2 firewall conflicts, that two AVs conflict etc...etc... I mean there seem to be a couple of noobs on the forums posting the same useless canned answers to increase their post count here. Give us a break okay, enough is enough. Mods stop that, thanks. This forum is slowly becoming an Internet garbage can. Save it before it's too late and all the guys who really help here get so pissed off that they stop coming around. I mean reading all that crap posted, reposted, re-re-posted is absolutely unbearable. Again it's not just the above poster, it's about ten like him who are currently making this place become the a**hole of the internet. Other people on other security forums must have a good laugh I tell you ::)
@schmidthouse: the OP in this thread has got a computer virus infection, if an mbam scan doesn't help like already suggested,he needs a malware expert, and there's only one that I know here, so just don't interfere if you have nothing to say.
I may not be an expert like you, but I've helped in the past, and I will continue to help in the future.
My appologies if I have spoiled your day :)
-
Here are the results of my mbam scan (attached). Now I am about to remove Norton, McAfee, Zone Alarm... and run OTL.
-
Before running OTL, disable system restore and reboot to make the changes that MBAM made effective.
-
Yep remove the old AV's as all they do is use resources
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs please
Here are the text files from the OTL scan.
-
get rid of these toolbars: AOL, Yahoo, Ask, Crawler, MSN, Google ;D most of that stuff is spyware, adware etc...
-
okay
-
get rid of these toolbars: AOL, Yahoo, Ask, Crawler, MSN, Google
+1 No toolbars!
-
Once this has run try to connect again
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-1472831324-3927042380-58396928-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1472831324-3927042380-58396928-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1472831324-3927042380-58396928-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found
[2010/12/27 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
That did the trick. The last scan is attached. I appreciate all of your help. OTL is a nice program. I don't understand how it worked but I am back on the Internet again. Kudos to the whole Avast team.
thanks again,
moe
-
OK lets tidy you up now
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23 (http://java.sun.com/javase/downloads/index.jsp).
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select "Run as an Administrator.")
SPRING CLEAN
Download and run Puran Disc Defragmenter (http://www.puransoftware.com/Puran-Defrag-Download.html)
For the first run I would recommend a boot defrag and disck check
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programme:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave: