Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: bswan4 on September 24, 2011, 05:32:36 PM
-
With Avast free AV program and Windows 7-64 bit installed, am finding that only Windows Internet Explorer will open. Attempting to open all other programs results in nothing happening (sometimes the ball icon spins for a second or so). This situation immediately follows routine weekly running of the recently updated Avast AV scan of C-drive which identified a trojan, located, maybe, in winsys64 which was sent to virus vault (though 1 of the 3 lines then said "file could not be located"), then did recommended boot scan resulting in mention of something about a CAB file, then Windows seemed to then open as usual. (Avast AV won't load so I can't check its scan logs for the specified items it identified.) As said, the only program I seem able to open now is Windows Internet Explorer. My usually used Firefox, MS Word, Adobe Acrobat, etc, do not open. All these programs, including Avast AV have worked fine for the past 5 months. Any advice/suggestions on how to proceed will be appreciated.
thanks,
Bob
-
I would say at least 2 things should be checked.
First, from your description, I wouldn't be 100% you are not still infected, or that a previous infection has left you with some non-working / corrupted files.
Second, only if the first observation is not correct (meaning, if you are NOT still infected or with some unwanted consequences), then the firewall rules should be deleted and rebuilt for everything Avast - related (avastsvc.exe, avast.setup, avastui.exe...).
-
The very exact same thing happened to me also to the T!! Even the whole 3items were discovered but then one couldnt be removed and then it booted it and wont allow me to access anything in safe mode either
-
I "PM,d" essexboy for this one. Essexboy is just about the best when it comes to infections. :)
Have either of you scanned using MalwareBytes or Super Anti-Spyware?
http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/
-
Lets have a look at the system
Download OTL (http://oldtimer.geekstogo.com/OTL.com) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
I cant access anything in order to dowload and sort it.. Im using my phone at the moment to message yourselves. Totally regret downloading thus avast! And to top it off, the computer shop across the road is closed tomorrow and I need it for uni on monday! Perfect timing.
-
Oh.. And my light fuse has just gone.. Yay?!
-
thanks essexboy.
OTL was downloaded (a 569 bit MS-DOS file), when double-clicked on asks "do you want to allow the following program from unknown make changes...," answered "yes," then nothing happens. Seems that the file was downloaded but will not run, just as other programs on my computer no longer run.
Would it be helpful and is it possible to access the Avast AV scan log file, without actually opening the AV program as it won't open? the information from the 2 recent scans might be helpful?
-
Hi Para-noid,
Just tried running MalwareBytes (previously installed and used infrequently), but like other programs, it won't load. Asks "do you want to allow changes...," answered 'yes' then nothing happens.
-
Same problem here. Can't run anything other than Internet Explorer 64-bit. IE 32-bit won't run - nor will anything else.
avast found a virus during normal scan late last night. Recommended a boot scan. After the boot scan, can't run anything other than IE 64-bit.
No other downloaded utilites will run either - just like everybody else is saying
-
RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop
[list=1]
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 2 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Then retry OTL
-
Hello,
I am having the same issue.
Tried downloading Roguekiller and it does not start either, nor does it work to rename it winlogon
Thank you for trying to help
-
This' becoming extremely frustrating.. Feel like kickin myself in the butt for goin against my better judgement and running the boot!
-
RogueKiller won't run either - even running as administrator. After saying yes to allow it to run, the display loses resolution and instantaneously comes back - but it didn't run and didn't produce a text report.
No regedits or utilities or registry merges have helped at all. Things were fine before the boot scan. Now, IE 64-bit and Notepad only.
-
RogueKiller, a 643Kb download, will not open as named, when renamed winlogon.exe, tried in both standard and safe mode. Same as described by Imoss and mardragon7, with the the flashed black screen after "run" then back to normal screen.
Has anyone tried a system restore? Opinion on this?--don't want to make things worse, thinking that the virus or trojan would still be present after a system restore.
-
I am experiencing the same problem exactly. My machine has been rendered useless.
System restore will not work as Avast will not free up it's quarenteened files.
This issue is popping up on forums elsewhere:
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/my-antivirus-program-avast-deleted-a-file-under/80befcad-196e-41ab-8aec-4d3bc7240e0e
http://www.bleepingcomputer.com/forums/topic420300.html
The funny thing is; I was considering upgrading to the paid version. To hell with that now. This is unacceptable. I have work to do this weekend! :-[
-
Hello
I am running Windows 7 on an HP G62-222US laptop with the free version of Avast. I am also having this problem, after running a scan that quarantined 3 Trojan files and a reboot scan which quarantined maybe 8 to 10 other, seemingly trivial game files before I grew impatient and aborted. After extensive Google searching I determined that only the programs under "Program Files (x86)" are affected, leaving me with the ability to run Internet Explorer and by pure happenstance, Maxon Cinema4D. I have tried to run system restore but all of my restore points are gone. I would love to simply restore all of the quarantined files but I can't open Avast. This seems like the best place to post and the most relevant thread to my problem, so I hope someone will be able to help.
-
Looking at some other forums, the name of the problem files is:
Win32:Cycbot-KI
http://i54.tinypic.com/24wv9f6.png (from one of LeeW's links above - a screenshot from another person who was infected but chose to seek advice before running a boot scan)
There are other documented cases of this virus in conjunction with Avast when you search the name directly, including this one:
http://www.bleepingcomputer.com/forums/topic420141.html
...which appears to be a very detailed and serious report.
I am by no means very knowledgeable about computers beyond how to use them, but I feel like this could be useful information.
-
I'm having the same problem! I wish I had just not run the scan.
Showed 4 "high" risk infected items. Moved 3 to the chest. Recommended a boot scan, which I did.
Now I cannot open anything!!! I tried system restore and it still doesn't work.
Cannot download and install other programs because they won't open.
Please help us!!!
-
As this thread is supposed to be for bswan4's problem which is being delt with by essexboy, everybody else should start your own thread for your own issues and stop hijacking this one.
This may also help for those of you that are recieving the Win32:Cycbot detection http://forum.avast.com/index.php?topic=85415.msg692170#msg692170
-
As this thread is supposed to be for bswan4's problem which is being delt with by essexboy, everybody else should start your own thread for your own issues and stop hijacking this one otherwise you wont recieve any help.
Who the hell is "hijacking" anything and at what point did Essexboy boy say "I'll take this one lads..."?
The "me too" posts on this thread show that this is a relatively sudden problem that has the same symptoms in every case. I think that's important to know.
The title of the OP's post sums up the problem pretty well and I don't see how it is necessary for each and every one of us to make what would essentially be a duplicate thread.
-
There seems to be a common thread with regards to our problems. Thought it would be easier to address the issue(s) in one thread, instead of numerous threads.
Off to start my own thread....thanks anyway
my thread: http://forum.avast.com/index.php?topic=85419.0
-
Who the hell is "hijacking" anything and at what point did Essexboy boy say "I'll take this one lads..."?
[/quote]
You are ::) You can see that essexboy has stepped in and asked the OP to run certain tools and is waiting for a reply and with all the chatter going on here the original seems to fade into the background.
Wheather you have the same issue or different it is always better to start your own thread.
See if this helps http://forum.avast.com/index.php?topic=85415.msg692170#msg692170
-
I feel only marginally bad about the hijacking. However, I am ecstatic that this seems to have solved the problem that seems to be common with many of us. Nothing else worked and couldn't even do a system restore. This simple one line command worked great.
-
Please go to my site and download the file Default_EXE to your desktop
Unzip the reg file within
Right click the reg file and select merge
Accept the warnings and then try the exe files
https://skydrive.live.com/?cid=32d8666f4048075b#cid=32D8666F4048075B&id=32D8666F4048075B%21117
-
It also appears that it may have been a file infector and an SFC /scannow run will replace the bad file
7 and Vista http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
XP http://www.updatexp.com/scannow-sfc.html
-
essexboy,
SUCCESS!!
Downloaded your default_exe (though this did not require unzipping or selecting 'merge' per your instructions). Then ran 'sfc/ scannow' as an administrator in Windows 7 which did repair some corrupt file(s).
Things seem to be working; can now run my usual programs. Re-started Avast AV program successfully, noting definitions are already up to date though I can (and will) update to program 6.0.1289 from 6.0.1203. Then I'll run a full AV scan.
Is there anything else you would suggest doing here? Your help is very greatly appreciated.
--Bob
-
Since these people can't run anything from their PCs, I recommended they have a friend download one of the free bootable .iso images from Avira, Bit-Defender, or F-Secure to name a few vendors. Then have the friend burn a CD from the .iso file. The friend will have to have burn software capable of creating a bootable CD if they don't have WIN 7.
Once CD is created, restart your PC and select the BIOS option to boot from your CD/DVD drive.
-
Wheather you have the same issue or different it is always better to start your own thread.
Seems to me that duplicate posts about the same problem are when the noise comes in.
From where I see it, your off-topic post (policing the board) and admittedly my reply to be the noise rather than the "me too" posts.
That said, thank you for the link. That CMD line fix WORKED!
-
Wheather you have the same issue or different it is always better to start your own thread.
Seems to me that duplicate posts about the same problem are when the noise comes in.
From where I see it, your off-topic post (policing the board) and admittedly my reply to be the noise rather than the "me too" posts.
That said, thank you for the link. That CMD line fix WORKED!
No point in discussing the matter any further as you dont seem to comprehend, im glad your system is now fixed :)
-
[/quote]
No point in discussing the matter any further as you dont seem to comprehend, im glad your system is now fixed :)
[/quote]
Well from my perspective chief, it's you who don't seem to comprehend.
-
Well from my perspective chief, it's you who don't seem to comprehend.
Please stop this now..!!
Thanks,
asyn
-
Please go to my site and download the file Default_EXE to your desktop
Unzip the reg file within
Right click the reg file and select merge
Accept the warnings and then try the exe files
https://skydrive.live.com/?cid=32d8666f4048075b#cid=32D8666F4048075B&id=32D8666F4048075B%21117
It also appears that it may have been a file infector and an SFC /scannow run will replace the bad file
7 and Vista http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
XP http://www.updatexp.com/scannow-sfc.html
If you have this problem please follow these steps
-
Well from my perspective chief, it's you who don't seem to comprehend.
Please stop this now..!!
Thanks,
asyn
What's the deal with the self appointed board police on this forum?
-
Please go to my site and download the file Default_EXE to your desktop
Unzip the reg file within
Right click the reg file and select merge
Accept the warnings and then try the exe files
https://skydrive.live.com/?cid=32d8666f4048075b#cid=32D8666F4048075B&id=32D8666F4048075B%21117
It also appears that it may have been a file infector and an SFC /scannow run will replace the bad file
7 and Vista http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
XP http://www.updatexp.com/scannow-sfc.html
If you have this problem please follow these steps
Thank you so much for helping to suss this out! Avast should give you a commission!!
-
@essexboy
I dare state I had the same issue, but I did manage to cure the program issue with system restore in the end.
My concern: Was this an infection that I still have and need to get rid off or a fault in avast blocking files it should not?
Thank you for any response.
-
I do not believe it to be a false positive, as soon as I saw the number of posts about this I did an immediate full scan of my system and received no alerts at all
-
I am experiencing the same problem exactly. My machine has been rendered useless.
System restore will not work as Avast will not free up it's quarenteened files.
This issue is popping up on forums elsewhere:
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/my-antivirus-program-avast-deleted-a-file-under/80befcad-196e-41ab-8aec-4d3bc7240e0e
http://www.bleepingcomputer.com/forums/topic420300.html
The funny thing is; I was considering upgrading to the paid version. To hell with that now. This is unacceptable. I have work to do this weekend! :-[
and what would you have done if this a virus/trojan that did this? The situation would be the same, the real issue here is that you have not taken time to look at what has happened and have not used the tools in Win7 to your advantage. Running SFC /SCANNOW would have dealt with your problem in minutes.
It may also be an idea to set your actions to "ask" so that you can check what files might be moved to quarantine .........
Just to add, I have AIS on 3 systems at home and all have run scans each day without any issue so I have doubts that this is a false positive at all.
-
I am going to let you guys know what I have done, I am certain you know what has happened, even if I do not. False Positive is a fake confirmed threat?
Win7 64bit
I dl default.exe and merged it. I followed the link installed registry booster, allowed it to fix 15 files. I did not pay for full version.
Restart.
Avast no longer can find any threats. I have the latest version of Avast.
I believe I am done with it.
Thank you very much for all your time and aid. I will check back for any problems.
-
Correct a false positive is a mistaken threat.. But having said that the vast majority do not appear to have experienced this which is why I have my doubts about it being a false positive