Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Styler on April 16, 2011, 05:01:36 PM
-
I keep getting this big red box popping up on my computer, every 60 seconds or so, or every time I change pages or go to a new website. The voice also screams "Threat Detected". I have just, within the last few days, re-registered for the 2nd year of free Avast. I have run the update. I have run a Quickscan twice, a full scan twice, and also run a quickscan and a full scan of Ad-Aware. All to no avail. When I ran the first full scan of Avast, some objects were found. When I tried to quarantine them, it wasn't clear whether or not anything happened. I wasn't able to do anything further after attempting to choose this option. With Ad-Aware, they found some items, and removed them. The next time I ran both softwares, nothing was found. Still -- I get this message. Total time spent yesterday trying to fix this problem -- 7 hours. Total work done -- none. I own a commercial digital photo lab with a full-time tech. I am not a pro, but he is. I had him spend part of his day yesterday trying to fix this. He can find nothing wrong. Every time this message pops up, I am offered the option of getting further information. When I try to do this I am directed, not to a site where this info is shown, but to a site which pressures me to buy Avast's $29.95 upgrade. I now think that this "threat" is a cynical ploy on the part of Avast to get me to buy their upgrade. If this is true, I will promptly unload this software, and go back to the despised Norton. At least they are upfront with their relentless pressure. WHAT IS GOING ON??
-
Which is the URL detected? (please, post a dead link like hxxp or add spaces to it).
avast does not force you to upgrade. You can be probably being redirected to a fake site.
-
Download rkill first. Then download Malwarebytes and run a scan.
http://www.bleepingcomputer.com/download/anti-virus/rkill
http://www.malwarebytes.org/
-
1) Get rid of Ad-Aware. Running two av's at a time causes conflicts.
2) Uninstall any old versions of avast. See http://files.avast.com/files/eng/aswclear.exe (run for each version). Don't forget to re-boot.
3) Install 6.0.1044 http://forum.avast.com/index.php?topic=74515.msg617340#msg617340
4) Hope this helps.
Also provide us with info concerning any and all other security software you are using or have ever used in the past. And if uninstalled, how was it uninstalled. :)
-
I installed Ad-Aware AFTER all this started with Avast, so it's not the problem. I've also run a registry DX software, and "Malabytes". I've had Avast for over a year now, and my original Norton was removed by my tech. I've had NO problems with Avast until after I re-registered. I just ran yet another full scan of Avast, and NO threats were detected. STILL I get the screaming red box.
-
What sites and are your virus definitions up to date -
Are you getting redirected form the site you expect ?
-
I'm sorry -- I don't understand what you are asking me for either of these questions. You mean what sites on the web? Dozens -- Huffington Post, for one, and some IRS government sites. Also, the State Board of Equalization. All sites that I would assume are heavily policed. As for the other question -- I really don't know what you want to know.
-
I installed Ad-Aware AFTER all this started with Avast, so it's not the problem. I've also run a registry DX software, and "Malabytes". I've had Avast for over a year now, and my original Norton was removed by my tech. I've had NO problems with Avast until after I re-registered. I just ran yet another full scan of Avast, and NO threats were detected. STILL I get the screaming red box.
With all due respect. I would still get rid of Ad-Aware to prevent any possible conflicts. Running more than one active av at a time is asking for trouble. :)
-
I'm sorry -- I don't understand what you are asking me for either of these questions. You mean what sites on the web? Dozens -- Huffington Post, for one, and some IRS government sites. Also, the State Board of Equalization. All sites that I would assume are heavily policed. As for the other question -- I really don't know what you want to know.
What sites are you visiting when you get redirected? ???
-
OK first are your virus definitions up to date as there was a false positive on HTML files a few days ago
Current is 110415-1
What is the alert that Avast produces - could you take a screens shot or state which file/ip address is responsible
Then
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
And with all due respect to you, as well, this does not in any way address my concerns. The original problem existed before the Ad-Aware, and has not changed in any way since. It would make just as much sense to delete the Avast.
-
I am not on ANY other websites when I get redirected. I am directed from the Avast scan itself! I do the scan, and there is an option to get further information on the scan results. I choose this option (from the Avast website itself) and get sent to the advertising site.
-
Reply to the person who asked about my updates: everything has been updated as of late last night, and was done multiple times yesterday. As I said in my original post -- my tech and I spent 7 hours yesterday trying to get rid of this. He has an arsenal of professional tools that I can't even begin to list. He has worked for me for 7 years, and has been solicited 3 different times by HP (for whom we do beta testing) to work for them. He is a pro. When he says there is nothing to remove, I believe him. We have our own FTP sites for our customers, and constantly monitor our systems for problems. He says the message is coming from the Avast site, and I believe him.
-
Reply to the person who asked about my updates: everything has been updated as of late last night, and was done multiple times yesterday. As I said in my original post -- my tech and I spent 7 hours yesterday trying to get rid of this. He has an arsenal of professional tools that I can't even begin to list. He has worked for me for 7 years, and has been solicited 3 different times by HP (for whom we do beta testing) to work for them. He is a pro. When he says there is nothing to remove, I believe him. We have our own FTP sites for our customers, and constantly monitor our systems for problems. He says the message is coming from the Avast site, and I believe him.
Essexboy is a pro Malware remover if anyone in here can find out what and fix it then it is him
so follow his advice
-
I get this pop up 2 times, why?
(http://shareimage.ro/images/uz4sdu2vtumq2lhk1gui_thumb.jpg)
-
OK. I'll check out of here and try it. I'm alone without my tech today, so I just hope it doesn't do any further damage.
-
@ Essexboy I'm wondering if he isn't using 4.8 which if I'm not mistaken is no longer supported. But he did reply he was getting def updates. And the OP has not given any info concerning any other security software. I really doubt his problem is avast related. The OP has not stated if he has scanned using MBAM. I'm out of here since you (Essexboy) know a lot more about malware than all of us combined.
@ Zile You should start another thread. Click on "New topic".
-
Hi there, Para-Noid. (She), me, that is, isn't sure what you mean by 4.8. I am about to leave and try Essexboy's directions. For whatever it is worth -- I have a new HP computer with Windows 7 on it. All my hardware is just about new, and all my software is up-to-date. The version of Avast is the current one, and has been updated in the last 2 days or so.
-
@Zile
That is a dcom exploit blocked by Avast
Download and run dcombobulator from here http://www.grc.com/freeware/dcom.htm
-
Hi there, Para-Noid. (She), me, that is, isn't sure what you mean by 4.8. I am about to leave and try Essexboy's directions. For whatever it is worth -- I have a new HP computer with Windows 7 on it. All my hardware is just about new, and all my software is up-to-date. The version of Avast is the current one, and has been updated in the last 2 days or so.
Sorry for the "he". Please follow Essexboy's suggestions. He does know what he's talking about. I didn't think you were using 4.8 (an older version of avast). I just wanted to be sure. Any info concerning any other security software you are using or have ever used will always help in determining the direction we should be looking.
I do wish you the best with your problem. :)
-
Thanks. I'm new on this forum, and, in general, without my tech watching every move I make, pretty inexperienced at fixing things. I will post my results after trying Essexboy's fix. Styler -- Sue Tyler
-
Hi Sue, OTS for the initial run will be purely analysis - it will not do anything to your system unless I tell it to. So you will not see any change after it has run the first time
-
To Essexboy: I just tried your fix, but Avast won't let me download OTS. It says it's unsafe. I tried opening it in the sandbox, but get this message: Exception EOleSysError in module OTS[1] 00057DE9. Class not registered. What now?
-
To Essexboy: Also, I have my tech on the line with me, so if I get an answer soon, he can help me with this one. But, for now, he doesn't know how to proceed past this, either. He's researching OTS as we speak, so maybe he'll come up with something.
-
Essexboy -- one more thing. We disconnected my back-up drive as soon as we realized there was a serious problem. Is there some reason you would need it connected? And, is OTS a proprietary software for Avast? Can you see my system when I use it?
-
if you and your tech need some info on OTS there is some here
This is about OTL and older version of the program
http://www.geekstogo.com/2010/05/27/otl-by-oldtimer-a-modern-replacement-for-hijackthis/
If you surf the virus and worms section here in the forum you will see Essexboy using it all the time
Or at the removal section at Geeks2go http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/
-
Disable the web shield for a few moments whilst you download it.. Avast does get a bit paranoid sometimes . When sandbox pops up select run normally
No need for the backup drive
-
Maybe even better to disable sandboxing at all for the time you are fixing the problems? ::)
-
To Essexboy: This forum said the log exceeded the maximum allowable length, but I think that there is probably enough in it. (See above post.) The item I'm suspicious of is the "plpickle.com" site. I don't know what this is. Thanks for your help.
-
Essexboy: Avast would not post the Notepad log. It's too long. Is there somewhere else I can send it? Sue
-
Essexboy: Avast would not post the Notepad log. It's too long. Is there somewhere else I can send it? Sue
- You can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link in your next post.
-
Could you attach the log please it should fit as long as it is saved in the native ansi format
To attach the log - when posting at the bottom left is additional options click that and browse to the OTS log then post
-
Hey, Essexboy! What happened to the OP.
I stopped trying to help when you, with more experience, started to help (I knew when to sit back and watch). I was following this thread to learn more.
I wonder if her issue was resolved. ???
-
Aye she skipped over to G2G and we were working from PM there due to the upload restrictions here - Basically it was a search toolbar and a very full IE temp... Ie was using cached data when it went to the website hence the alerts ... I believe - just waiting for final results now
-
Possibly a good first step is to have OP's first clear their temp internet cache, temp files, something which I always used to do before kicking off an on-demand scan.
Mainly as there is no need to scan temp files, clear them to start with and cut down on the overhead.
-
Aye it is amazing what hides there ;D
-
Aye she skipped over to G2G and we were working from PM there due to the upload restrictions here - Basically it was a search toolbar and a very full IE temp... Ie was using cached data when it went to the website hence the alerts ... I believe - just waiting for final results now
What does G2G mean?
-
Geeks to Go - http://www.geekstogo.com/ (http://www.geekstogo.com/)
-
Slight setback she went on a game site and got best malware - but that is now fixed after a quick OTS and MBAM