Avast WEBforum
Other => Viruses and worms => Topic started by: lostfilez on November 29, 2011, 06:41:55 AM
-
I'm in safe mode and I'm able to open and run the internet.
But in normal mode, I'm not able to open any program -- including avast. :-\
I've read the post by choirgirl ...
so I've gotten to the step where OTL is downloaded and run ...
can someone help me finish the rest?
Oldman? :D
-
Hi lostfilez,
Please post the logs from OTL. Please do not use any of the fxes in choirgirl1's thread as they may not apply to your computer.
-
Oldman!!! :D
Oh thank you!!!!!
Ok posting now as attachment....
-
realizing that there is another file generated from the OTL run labeled "extras"
...
Here it is.
:)
-
Hi lostfilez,
Unfotunately the forum softeware has made the logs unreadable (looks like Chinese). This happens from time to time. Please upload the logs to http://www.mediafire.com/ (http://www.mediafire.com/) and post the link in your next reply.
-
wow...ok, that *is* simple file sharing.
Text files uploaded.
-
you need to save/attach the log as ANSI and not unicode
look here how to http://forum.avast.com/index.php?topic=53253.0
-
Thanks Pondus ...
As soon as I posted, I realized it wasn't as simple as it appeared as nothing posted ... :-\
-
OTL in ANSI format: http://www.mediafire.com/?exbr269x7w88i1q
Extras in ANSI format: http://www.mediafire.com/?4aopm72j84im57q
:)
-
Doh ::)
text version at Media:
-
Text version at Mediafire:
OTL log -- http://www.mediafire.com/?x6ukl31l681b5m5
Extras log -- http://www.mediafire.com/?ktp87zvmup1pig1
-
why do you attach hand upload to mediafire....not necessary to do both?
-
covering all bases...
too much is better than too little.
;)
-
Hi lostfilez,
Saving as ANSI seemed to o the trick.
Next, Right click on OTL.exe and chose Run as Administrator to run it- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
:Services
:OTL
O4 - HKCU..\Run: [Privacy Protection] C:\Users\blakely\AppData\Roaming\privacy.exe File not found
:Files
C:\Users\blakely\Desktop\Privacy Protection.lnk
ipconfig /flushdns /c
Then click the Run Fix button at the top
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
- Reboot your computer Your computer into normal windows.
Please post the OTL fix log.
Next
Download and save to your desktop the attached file, scan.txt
- Right click on OTL.exe amd click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Minimal Output at the top
- Check the boxes beside LOP Check and Purity Check.
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
- Click the OK button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open a notepad window. OTL.Txt, no Extras.Txt this time.
- You can attach it to your next reply.
Please post back withHow's the computer?
-
Ok -- ran the fix. It took all of two seconds.
Log is uploaded in ANSI format (thanks again Pondus).
Going back in to read/follow the second part of the instructions...
:) thanks for helping with this
-
:D
the nefarious little icon is GONE...
I am able to open firefox...
I am able to run programs...
My computer has been saved!!
Oldman you are a GENIUS!!!!
THANK YOU!!!!
:D
How does one say a proper thank you????
Seriously, what is proper protocol for someone saving a computer and files from imminent demise?
-
Oh Canada ...?
While saluting?
;D
http://www.mediafire.com/?4z4q04ik207c7z1
-
Hi ostfilez,
A thank you is more than enough but thanks for the tune. :)
Let's tidy things up a bit.
Your java is out of date.
Click on the Start button > Control Panel
Depending on your setings, either
- Click on the Uninstall a program option under the Programs category.
- If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program
Java(TM) 6 Update 3
Do not uninstall Java(TM) 6 Update 26
Next
Go to Start > Control Panel , switch to Classic View if it isn't already.
- Locate the Java icon (it looks like a coffee cup)
- double click it to open it
- click the Update tab
- Click update now
Next, Right click on OTL.exe and chose Run as Administrator to run it- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
:Services
:Commands
[createrestorepoint]
[emptytemp]
Then click the Run Fix button at the top
- Let the program run unhindered
No need to post the log.
Next
Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with thw MBAM log.
-
Did everything just as you asked ... and...
The MBAM scan took 2 minutes and came up with ...nothing!!
:D
Thank you so so so so much.
*salutes to Oh Canada*
-
Hi lostfilez,
So far so good. Please post a new OTL scan log so we can see if there are any remnants. Just open the program by right clicking on OTL.exe and chose Run as Administrator and click Quick scan.
-
Quick Scan complete.
;D
howz it look?
-
Hi lostfilez,
This will be a quick scan with a short log.
Next
Please open OTL.
- Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, click the None button near the top (it may looked greyed out)
- In the window under Custom Scans/Fixes copy and paste the following
/md5start
userinit.*
/md5stop
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
We'll get a file scanned at VirusTotal. If you are unable to copy and paste the filepath as in the instructions you can use the Browse button instead. If yu need to use the Browse button you will need to unhide the file,
- Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
- Click the View tab.
- Under Advanced settings, click Show hidden files and folders, and then click OK.
To submit a file to virustotal, please click on this link
VirusTotal (http://www.virustotal.com)
copy and paste the following into the upload a file box
C:\Windows\system32\userinit.exe
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete[/b.
Please post back with- OTL.txt
- VirusTotal results
Thanks
-
???
Oh my gosh -- what happened??
My windows validation is in question and I can't start my computer.
A quick check indicates that an Avast download to Vista breaks the validation.
http://www.ccl-la.com/blog/index.php/alert-avast-av-seems-to-break-windows-validation/
what do I do????
I can't get into my computer!!
-
You sure you didn't mistakenly delete this file: C:\Windows\system32\userinit.exe?
-
Pretty sure as I did nothing but what is posted in this thread.
still can't get into my laptop...using a different computer to write this.
:(
-
Windows validation error is somewhat ambiguous. Is it saying your copy of Vista is not genuine or is it asking you to revalidate which you do by entering your original Vista product key. Have you done that? Many times malware removal will cause core system drivers to be reinstalled. Each time a core driver is installed, a system change counter is incremented. Once a predetermined count threshold is reached, Windows assumes there has been a major system upgrade and you will be required to revalidate with the original OS product key. Sometimes the automatic validator won't work and you will have to call Microsoft, explain your malware removal activities and they will usually - not always - give you a new product key to enter.
Are you on SP1? There appears to be a problem with Avast 6 and Vista SP1.
Appears the solution is to uninstall Avast which you can do in safe mode. You did post that you can get into safe mode. Then install another AV. I would also run Avast's cleaner to remove all traces of it prior to installing another AV.
Or install Vista SP2 after Avast has been removed and cleaned, then try to reinstall Avast after SP2 has been installed. I would download the SP2 installer on your other PC and burn it to CD/DVD or copy it to a USB drive rather than doing the SP2 download via WIN updates. Your choice.
-
Suggestions anyone?
Install SP1 if you haven't. Reboot. Install SP2 if you haven't. Reboot.
Go to "Control Panel -> System and Maintenance -> System" and re-validate / re-activate your Vista.
There is a possibility that you would need to re-activate Vista before updating each SP (#1/#2), and then, after rebooting, that you would need to re-activate it again.
After each, any and all of the above steps, reboot.
Finally, download the latest stable version of avast, install it with "right click -> run as administrator" and reboot when the installation finishes.
-
Hi lostfilez.
What exactly did you do?