Avast WEBforum
Other => General Topics => Topic started by: Chunker on January 08, 2012, 05:18:23 PM
-
Why am I not seeing any indications of any emails being scanned by Avast? I have email scanned turned on but when I click on mail shield it shows no activity whatsoever under shield traffic. Also at the bottom nothing appears beside "last email scanned" or "last email infected". I have no way of knowing if avast is actively scanning my emails. Any help would be appreciated.
-
Outlook, Outlook Express, Windows Live Mail, etc. ???
Which one are you using ???
-
My ISP provides Gmail as their mail program. I download all my mail via Thunderbird using my gmail settings. I also forgot to mention that on my Mail Shield page inside Avast it always shows E-mails scanned/infected as 0/0.
-
Since it is deliverd by Gmail, then i guess you have SSL settings ?
meaning if you want avast to scan the mail, you must remove the SSL settings from your mail client and let avast do the SSL connection
avast! 5.x: Some e-mails are not scanned by the Mail Shield
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
Some info: if you dont get it to work, you are still protected
Gmail protect all accounts with postini spam/virus filter using two AV engines from Authentium and McAfee
-
avast! 5.x: Some e-mails are not scanned by the Mail Shield
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
It is the same for avast! 6.0
-
Yes, they are all encrypted as SSL. If I understand your link properly Avast won't scan unless I change them to none? Is this what I should do to have Avast scan my emails? Would doing so stop my ability to receive my emails? Just want to know as much as possible before I try your proposed solution.
-
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
-
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
I suggest he does that after he's solved his problem. :)
-
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
are you locked on to that signature nag again ???
-
If I understand your link properly Avast won't scan unless I change them to none?
correct....that is the point with SSL...it is a secure connection...cant be scanned
so if you want avast to scan, you dissable the SSL in your mail client and let avast take care of the SSL connection....so it will still be secure
it is all in the guide posted above
-
Thank you, I'll give it a try and post how things turn out for me. I also hope my profile update is what somebody wanted me to do? Thanks again!
-
I also hope my profile update is what somebody wanted me to do?
it is voluntary........but a demand from Kenny ;D
-
I just gave your fix a try and it seems to work perfectly. I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment. Now I see the email scanned information in Avast and the email did go out and did come in. I thank all who responded to my question!
-
I also hope my profile update is what somebody wanted me to do?
it is voluntary........but a demand from Kenny ;D
Its not a demand but it sure helps us avast! Überevangelists help people to use avast! better. ;)
-
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964. So you and I are brothers of a sort!!!!!!!!!
-
I just gave your fix a try and it seems to work perfectly. I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment. Now I see the email scanned information in Avast and the email did go out and did come in. I thank all who responded to my question!
congrats.....you now have trippel scanning of your mail Authentium/McAfee/avast that should be secure enough ;D
-
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964. So you and I are brothers of a sort!!!!!!!!!
In Canada Winnipeg is affectionaly known as Winterpeg ;D
I worked in Raleigh N.C. for 2.5 years and hated to have to go back to Cold Canada EH! :'(
-
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012!!!!!!!!!!!!!! I got hit with it a few weeks ago and it changed my system forever. Of course I'm talking about losing my Windows Security Center. Because of that I also lost my auto Windows Update feature, Windows Defender, and Windows Firewall. I've had the virus removed and to compensate for my loses I have to manually look for windows update, installed Comodo for a firewall, and Superantispyware for a defender. One more thing I did was to install Norton DNS. That seems to work perfectly along with Avast. Don't know what else I can do. Just wish all the AV programs can get a handle on this monster. I know quite a few people that have been plagued with it. In my case Avast alerted me, but not until after it installed itself and caused irrevocable damage. :'( :'(
-
@Chunker,
No Security program will ever be able to protect you or me 100%.
One of the reasons why regular image backups are essential.
Unless you have one available to install which was made prior to the infection,
a fresh installation is about the only option.
-
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012
I recomend Malwarebytes PRO
then you get a protection module, IP block (that David does not like) and auto update
a one time fee for a lifetime license http://www.malwarebytes.org/
Remove Win 7 Security 2012 (Uninstall Guide)
Automated Removal Instructions for Win 7 Security 2012 using Malwarebytes' Anti-Malware:
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012
.....and caused irrevocable damage
then i recomend you let Essexboy have a look inside.....and fix it
-
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012
I recomend Malwarebytes PRO
then you get a protection module, IP block (that David does not like) and auto update
a one time fee for a lifetime license
I like Malwarebytes PRO and I do like IP block that I refer to many times.
I have two licenses.
One for each system I own.
-
Are you still having problems with the system ?
If so what areas
-
My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned. I do have a complete system backup on an external drive that I could run but that would entail one heck of a lot of work to get all my programs, changes, and functions restored to what I have now. The experts who cleaned and fixed my system installed and used SuperAntiSpyware. I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed. I don't run it real time so as to not conflict with Avast. The Norton DNS is a cloud service and causes no problems. That virus is so quick, it installs in the blink of an eye. From what I've read via Google, it's running out of control. This was the very first virus I've been hit with in over 15 years of computing.
-
The Norton DNS is a cloud service and causes no problems.
I use openDNS
I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed. I don't run it real time so as to not conflict with Avast.
It does not conflict with avast......but Malwarebytes is better ;)
My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned.
Strange....if it was a pro doing it?
see Essexboys guide here http://forum.avast.com/index.php?topic=53253.0
to avoid multiple post with copy and paste, attach the OTL log so Essexboy can have a look inside
-
Thank you Pondus, I'm going to take a long look at Malwarebytes per your suggestion. I wasn't sure if it could be run in real time and not conflict with Avast. I thought the same with SAS. I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy! Funny but when you first mentioned essexboy, the first thing that popped into my head was "I've never heard of that program before, maybe I should Google and take a look at it?" I think I'll just keep running as is. I believe my system is one heck of a lot safer now than it was before. Comodo seems to be a better firewall than the windows built in version. The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program. It is grayed out now and I can't get it to turn on. That virus destroyed the system security center. When I had it, I could do nothing, not even open notepad. Since you have inferred running Malwarebytes in real time would not conflict with Avast, I will more than likely give it a try. Thanks so much!
-
I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy
not complicated...you click the red OTL in the guide and download the program, save to desktop and scan
then attach the log here....just follow the instructions
how to attach, se lower left corner - additional options > attach
The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program.
This is bc the malware turned that off....
-
I just gave your fix a try and it seems to work perfectly. I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment. Now I see the email scanned information in Avast and the email did go out and did come in. I thank all who responded to my question!
I know you are talking about something else now, but just to be clear I'd like to point out that you say:
- now email client is not configured to use SSL;
- now avast says it is scanning emails.
What you didn't mention (but I guess you did anyway) is that you actually configured avast *with* SSL now (which was not configured as such before).
Sorry for the interruption. Please continue.
-
Sorry Ady4um, I guess I'm almost as confused as your are! My Thunderbird mail program downloads my ISP Gmail account. All my Thunderbird settings were SSL. That is why Avast wasn't scanning my emails and I showed no email activity. Now that I've changed those setting to None, Avast is now showing email activity. What bothers me still is that when I go into the Avast mail shield/expert settings/SSL accounts, it lists about 20 different email servers including gmail with SSL turned on. Guess I'm scared to touch any of those accounts listed. I never built them, I'm guessing Avast built them in there when I installed the program?
-
Sorry Ady4um, I guess I'm almost as confused as your are! My Thunderbird mail program downloads my ISP Gmail account. All my Thunderbird settings were SSL. That is why Avast wasn't scanning my emails and I showed no email activity. Now that I've changed those setting to None, Avast is now showing email activity. What bothers me still is that when I go into the Avast mail shield/expert settings/SSL accounts, it lists about 20 different email servers including gmail with SSL turned on. Guess I'm scared to touch any of those accounts listed. I never built them, I'm guessing Avast built them in there when I installed the program?
OK, now that you actually wrote it, it is clear to me that avast is indeed configured for SSL with your gmail account and that your email is working correctly, together with avast scanning it. Please continue with your logs for Pondus and Essexboy.
-
Hi there lets take it one stage at a time then
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
Well, I think I'm done. I've read and reread that link and it is still way too confusing for me. It's not just download and run a scan and attach a log file. There are about 10 black screens that make absolutely no sense. Plus whatever to type in before the scan out of 20 or so lines?? I know very well that virus turned off my windows notification icon. Microsoft can't even tell me how to turn it back on. All they say is to do a complete system restore.
-
sounds like you are still infected ???
when you have downloaded OTL to your desktop, you click the OTL icon to run it, and this it what you see...click the attached screen shot to enlarge
at the lower section you see a green line where it say "Custom Scan/Fix" belowe that line you copy and paste in this
COPY AND PASTE WHT YOU SEE BELOW____________
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
COPY AND PASE WHAT YOU SEE ABOVE_____________
Then you click the pink quick scan button you see at the top
-
Ok, I tried exactly what your said in your step by step instructions. I have the two logs and will post them here. Hope this is what you wanted to look at? Thank you for being so patient with me.
-
Perfect ;) no Essexboy will do the rest
-
Oh no, don't say I might be still infested??? I've run avast many times, I've run Superantispyware and I've also ran Malwarebytes. All show no infestations. Plus all my programs work now, where not one worked before. I have both my browsers taking me where I want to go, not where the virus wanted me to go. It seems all I might have are some bad registry entries left behind. I also run CCleaner and keep everything cleaned up. Please don't say I'm still infected. Now I won't sleep tonight!!!!!!!!!!!
-
Semper fidelis. :) Rest easy.
If there is a problem, you're now at least in good hands an,
these hands really care and don't cost anything. :)
-
Pardon me but I have to say a couple of things. For Pondus, I live in a part of the US that has very large Scandinavian roots, especially with that of Norway. In fact your King and Queen were here visiting just a short time ago. My wife is also a quarter Norwegian. During Christmas we always enjoy Norwegian holiday favorites and don't even ask me to try and spell their names here! And for Essexboy, "Long Live Oasis!" I love English rock and have all the way back to the early 60's. I'm starting to feel better now!
-
Hi OK as suspected the 3 registry keys that control that part of your system are missing
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s >
I will remove the remaining malware and construct some registry fixes
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1328042321-976296846-4080170246-1000\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
[2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o
[2011/12/27 10:11:26 | 000,010,036 | -HS- | M] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o
[2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\Users\Chunker\AppData\Local\06xp1102x88ndgc76kybh54u05b74u2o
[2011/12/26 15:32:49 | 000,010,036 | -HS- | C] () -- C:\ProgramData\06xp1102x88ndgc76kybh54u05b74u2o
[2011/07/11 07:49:34 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Once you have done this I will then give you the registry fixes.. As I have a 64bit win 7 I will export them from my registry
-
Sorry Essexboy but I don't think your instructions worked for me? I mean things didn't go as you had laid out. It seemed that everything hung up and I ended up powering down my pc to get anything to work. I did as you said, pasted your entries in and hit the fix button. It ran about a minute then just seized up. I now have two shortcut to desktop.ini files on my desktop. I also have a desktop.ini a cmd.txt and a cmd.bat file where the OTL is located. Kind of lost what to do now? Don't know what file you want me to post here and if they are good files or not?
-
I rechecked and the two on the desktop are not shortcuts but actually .ini files but look to be grayed out? Plus they are off two different sizes.
-
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post??? Don't know if I should do that or not suspecting that the fix run didn't complete properly??
-
I'm sitting here wondering if I should delete all the files from my last attempt and try the entire fix process once again?
-
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post??? Don't know if I should do that or not suspecting that the fix run didn't complete properly??
I was probably hanging on "empty temp"
but you can do the rerun and attach the new log
Essexboy is on UK time and have logged out for today....but he will be back tommorow and continue ;)
-
Thank you Pondus for making me aware of that. I just completed the new run and will attach the new file to this post. This time there was only one file created, the OTL.txt file and no extras.txt file as in the first quick scan. I also realize something that I had mentioned in my earlier posts about 2 .ini files on the desktop. It seems that running the fix scan in OTL changes the view option to view all files and not hide system and hidden files. Once I put the view back to hide, they are no longer visible. They must be files that have always been there. I still have the three files created by the aborted fix scan that somebody might want, but won't post them until asked for. Thanks so much!
-
Just to confirm that I am repairing the correct entries could you do the following please
run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg)
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Here it is Essexboy! Hope it is what you wanted.
-
Farbar Service Scanner
Ran by Chunker (administrator) on 09-01-2012 at 15:06:18
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Firewall Disabled Policy:
==================
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
OK I will need to find two replacement files before I can do the registry fix
- Run OTL.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
mpssvc.*
bfe.*
/md5stop
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
Ok, done, but it only posted one log. Here it is.
-
OK the files report a good MD5
Download Chunker.zip from here http://www.mediafire.com/?h6cg5xilof9f4qk (http://www.mediafire.com/?h6cg5xilof9f4qk)to your desktop
Extract both registry files to your desktop
To extract just double click the folder and select from the options extract
Right click BFE.reg and select merge
Accept the warnings
Right click mpssvc.reg and select merge
Accept the warnings
Reboot and see if the windows security centre is back
-
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964. So you and I are brothers of a sort!!!!!!!!!
And put that in your profile too Chunker. ;)
-
Well Essexboy, I really appreciate all you're trying to do for me, but I'm sorry to say I see no real change from what I had before. The first thing I checked is to see if the security center icon that gives me notifications for everything was on, and it is still grayed out, can't turn it on. When I go into my control panel, I see only the windows update window and not the security center window that was previously the norm. Since I have comodo running as my firewall, I didn't even try to turn on the firewall. But I did try to turn on windows defender and that still won't start, I get an error message. Then I turned off my avast. I'd always get a security message notification that my firewall was disabled via a notification from that same icon. No notification, no nothing. I was crossing my fingers but that didn't even help.
-
Could you run Farbar again please
-
Also could you go to administrative tools > servieces and check that both are running .. If not then start them
-
Ok, checked administrative tools and there are about 30 or so entries with over half of them running and the rest are manual. Here is the log from farbar.
-
Well EB, I took a good look and I believe the Security Center is running. The only thing is it's a little different than before. But it still lists all the functions such as firewall and antivirus. It tells me they are being protected by comodo and avast. The same with spyware pretection. That also shows comodo and avast. I'm thinking that if I uninstalled avast and comodo, windows might allow me to turn on Windows Firewall and Windows Defender. So as is it seems to be ok. The only real problem I seem to still be having is the security icon that runs in the systray does not appear and is grayed out in the list and I can't turn it on. Without that icon I can't get any security notifications and notifications of windows update. If I could get that back I'd be more than happy!
-
Could you go back to services and ensure that the following are set to auto
MpsSvc
bfe (Base Filtering Engine)
Under the View heading in service select customise
Ensure all boxes are ticked and OK out
Then as each service is selected on the right select more actions > Properties and ensure the start type is auto and start the service
-
MpsSvc
bfe (Base Filtering Engine)
MpsSvc shows started and Base Filtering Engine shows Automatic but not started. I tried to do a start on it and it wouldn't start
-
Within the properties tab could you click on dependencies and take a quick screenshot of it
-
Here it is
-
Could you confirm the the RPC service is running and set to auto please
-
I already checked in admin services and both of those two dependencies that I seem to be missing show automatic and started.
-
Could you update windows please and then let me know what problems remain
-
By updating windows, I show no windows updates. All I can do is a reboot. Will do that and post back the results.
-
Ok, you knew there were updates as I don't get notifications. I had checked earlier today and there were none. But with you alert, I checked and there were 4. Did those and after a reboot, there was another. Did that one, and then another reboot. Then I checked an the same problem exists. The security center icon is still grayed out. I also went ahead and took a look at the properties that I had checked earlier, and now there are no dependencies listed at all. I think maybe it is no sense kicking a dead horse. My pc is running fine. The only thing I'm really missing is the auto notifications of windows updates. I feel more secure with comodo as a firewall over Windows firewall. That and avast should keep me safe. I'm also running Norton DNS and I have SuperAntiSpyware. I'm going to purchase and run in real time Malwarebytes instead. I know you have tried your hardest but I think this would be the most logical thing to do. I also have an image that I can go back to that was saved on an external drive about 9 weeks before I became infected. I shouldn't lose too much doing that but I feel confident in staying where I am along with the change in malware detection. This has taken a heck of a lot of time for me and you which I really appreciate. If you have any other advice please feel free to let me know!
Wayne :-)
-
It just so happens that there is one final registry fix that may cure that
Go to my malware files here https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B%21117
Near the bottom is a zip file wscsvc(64)
Download to your desktop
Extract the reg file to your desktop
Right click the reg file and select Merge
Accept the warnings and reboot
Is it working now ?
-
Went ahead and did what you said. After reboot, nothing has changed at all. The service center icon is still grayed out, can't start either firewall or defender. Still no icon in the tray to give me any notifications. Looks like that didn't do anything at all.
-
Grrr could you download and install the MSFixit centre from here http://fileforum.betanews.com/detail/Microsoft-Fix-it-Center/1271432341/1
This will give you a vast range of MS tools
Select the ones relevant to updates and security... I would recommend that you retain this programme as it is very usefull
-
Downloaded it, installed it, and ran for all security center issues. Some of them said it fixed something but the log didn't show what? The only one that really failed was the firewall one. It said it couldn't fix. It also mentioned to uninstall my comodo and then to try and run the fix again. I checked and the security center icon is still grayed out and I think that is the real source of my trouble. If I could get that back on somehow??? I guess this tool didn't really do anything either. But I am saving the tool on my pc and will try it again when something needs looking at. Thank you! An hey, no more grrrrs! Laugh! If anybody should be grrrring it is me. Today I went and preplanned and prepayed for 2 funerals! Hope my kids appreciate it????
-
Lets run farbar and see what we get - this tool is getting a lot of use lately
run farbar service scanner (http://"http://download.bleepingcomputer.com/farbar/FSS.exe")
(http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg)
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Ok, here is the log.
-
Could you go Start > run and type in the following please
sfc /scannow
This will check the veracity of your files
-
Ok, I gave it a try. The search finds it but when I right click and pick run as administrator, it seems to run for about 1 second or so and then shuts down with no report or any log.
-
OK bear with me I am installing XP on a VM at the moment - So I am playing with the wrong system ;D
Meanwhile lets see if you have a replacement file on your system
- Run OTL.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
wscsvc.*
/md5stop
Then press quickscan and attach the log
-
Here it is attached. Just to let you know I'm now running with Windows Firewall. Did an online port check and it says 100 percent stealth. It came on after I uninstalled comodo. So that seems to work fine. Right now I'm running Avast, Windows Firewall, Malwarebytes Pro-real time, and also Norton DNS. The only thing that I seem to be missing is the action center icon. It is still grayed out and I can't get it on. I found a site with a reg fix to turn it on, but that didn't work even after a reboot. I'm assuming that virus stopped that service so I wouldn't get notifications from windows that something was going on. But how they did it and where they did it is the big question?? Otherwise I'm running a lot safer than I ever was. Oh yea, almost forgot. I've also turned on Windows UAC to the highest level.
-
Here's a screenshot of what I'm referring to. The bottom two used to be active but not since the virus. I don't care about the power one, but the action center one is critical to receive messages from windows on. It always loaded when windows started on a delayed load.
-
OK run OTL
In the custom scans and fixes box copy/paste the following
:Files
C:\Windows\System32\wscsvc.dll|C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll /replace
Then press run fix
Then go to my site https://skydrive.live.com/?cid=32d8666f4048075b&id=32D8666F4048075B%21117
And download the clear-notification-items.vbs
To your desktop
Double click the file and accept the warnings
What this will do is clear all the notification area
then as programmes are used they will repopulate
-
Just some info. You say You did run a port scan.......if You are behind a ruter with a firewall or your ISP supplied box has a firewall, then it is that firewall You are testing. ;)
-
If what essexboy suggested doesn't work, what happens if you restore the default settings ???
Will that allow you to again make your custom changes ???
Also, remove the lock taskbar till you're satisfied with all your changes.
-
As suggested (if what essexboy posted is not enough), I would also suggest:
1_UNlock taskbar.
2_Restore default icons.
3_Reboot.
4_Review the start up type services again.
-
Gonna run and what EB mentioned. Before I do that, Bob, I wish it were that simple. That does nothing in that window but goes back and changes all the personal notification choices that I've made for all those running. And Pondus, don't understand what you're trying to say??? I did a firewall scan online and it shows all ports running in stealth, the same thing I had using comodo. So, now with comodo gone, I'm assuming my windows firewall in running properly. Back shortly!
-
When You run a port scan, it is the frist firewall that is tested........mening if you have a router and or a ISP box with a firewall than it was that firewall You tested.......and not your Windows firewalll. You Can test this by turning off the win firewall and run the test, if You still get same result, then You are behind a firewall.
OBS You should still keep winfirewall on ;)
-
Ok, that doesn't work either. Believe me I've done over a thousand suggested fixes during the last 3 weeks. Everything seems to be ok but the except for the problem with the Action Center icon. If you Google that phrase, you'll see thousands have the same problem I have and they all relate to the same virus. Nobody can recommend a simple fix, only to restore to an earlier system image. I've also flushed and reflushed my notifications icon area about a hundred times. Yes, they all go away and reappear when they start. But only those that are turned on. That will only flush those that are in the running and active screen which is previous to the screen I took a screen shot of. It's awful hard to work with somebody and try to post and have others jumping in. I appreciate all the attempts to help me but I'm at the end of my rope on this. I just wanna call it good and go on from here. It's only gonna cost me a couple of extra minutes a day to do a manual windows update. I'm much better protected now than I was 3 weeks ago. It's because of this board that I implemented every one of the changes I've made and I truly appreciate all that was done for me.
-
I have no router, no firewalled isp box. Nothing but windows firewall running. I turned it off and took the test. Everything that was stealth now shows closed. Put it back on and everything changes to stealth.
-
The firewall is not to bad on Vista/7 so I would not be to concerned
I think we have now changed, fixed and jumped up and down on all possible elements. If you have windows updates set to automatic then it will download them for you and notify you when they are ready to install
As it stands it is not a security loophole in your system, just an embuggerance
-
If it say closed.....then you are behind a firewall
-
Registry keys to "enable" Action Center in Windows Seven.
1_UNlock taskbar.
2_Restore default icons.
3_Merge the following registry key (you may want to backup the registry first or take a restore point just in case, as a general recommendation)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAHealth"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAHealth"=-
4_Reboot.
5_ Your previous status for the Action Center was grayed out (not selectable). Now (after the above steps) you should review if the icon for Action Center can be re-enabled again in the properties. If it can, then select it, save changes and review the results in the tray area.
Please report back.
-
Thank you for your suggestion. I did exactly what you suggested and exactly as you laid it all out. Sorry to say, this did not work either. They two are still grayed out and I'm unable to select them. Guess I'm going to have to live with it.