Author Topic: Avast being disabled in system startup - rootkit?  (Read 4434 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast being disabled in system startup - rootkit?
« on: December 15, 2014, 01:18:31 PM »
Hello, in one scan Avast has identified some rootkit files, which I've set to delete all, upon restart. problem is avast is frequently starting disabled (I also have bitdefender and malware anti-malware running), where I've to manually start it. malware antimalware didn't find anything and avast full system scan only finds some locked files. So I've run the programs as stated in the log thread and adwcleaner fail to run the "quick scan" option, I've attached a screenshot where it stops. without file scan it runs. There goes the logs.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast being disabled in system startup - rootkit?
« Reply #1 on: December 15, 2014, 01:28:49 PM »
First thing I notice is that you are running 3(!) av's at the same time.
Start with choosing which one you want to use and delete the others.

REDACTED

  • Guest
Re: Avast being disabled in system startup - rootkit?
« Reply #2 on: December 15, 2014, 03:14:43 PM »
First thing I notice is that you are running 3(!) av's at the same time.
Start with choosing which one you want to use and delete the others.

I am a warned guy. I believe there's nothing proven that the 3 antivirus interfere with each other. Anyway, I will disable bitdefender cause I like Avast the most. Now to the virus problem please? thanks

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast being disabled in system startup - rootkit?
« Reply #3 on: December 15, 2014, 03:20:45 PM »
1. Anyway, I will disable bitdefender cause I like Avast the most.
2. Now to the virus problem please? thanks
1. Disabling it is not enough, you've to uninstall it. (See: http://www.avast.com/faq.php?article=AVKB11#artTitle)
2. Wait a bit, help is on its way...
« Last Edit: December 15, 2014, 03:28:29 PM by Asyn »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Avast being disabled in system startup - rootkit?
« Reply #4 on: December 15, 2014, 04:10:27 PM »
Why Using Multiple Antivirus Programs is a Bad Idea   http://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/

When Software Collides! What to do with your old antivirus program.   https://blog.avast.com/2014/05/09/when-software-collides-what-to-do-with-your-old-antivirus-program/


REDACTED

  • Guest
Re: Avast being disabled in system startup - rootkit?
« Reply #5 on: December 15, 2014, 05:45:21 PM »
Please have forbearance while I analyze your log.

REDACTED

  • Guest
Re: Avast being disabled in system startup - rootkit?
« Reply #6 on: December 15, 2014, 06:01:08 PM »
Hi Gaucho_, :)

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.


Please uninstall Bitdefender Antivirus Free Edition and avast! Antivirus. Re-install avast! antivirus afterwards.




  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
Code: [Select]
Start
Closeprocesses:
Emptytemp:
CustomCLSID: HKU\S-1-5-21-1036154973-2463016285-3231558677-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FF1662F-9468-D082-79F6-80EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-1036154973-2463016285-3231558677-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5DE51214-9468-D082-4282-94AC85889A47} No File
Task: {1E5A0BD3-565D-4107-BE30-26ED2503A231} - System32\Tasks\EPUpdater => C:\Users\CLINIC~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
C:\Users\CLINIC~1\AppData\Roaming\BABSOL~1
Task: {35C5AD8F-7A44-4024-A904-47A913C28F7D} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {6F659ABF-DB4D-439A-AF10-05CC7538D562} - System32\Tasks\LaunchApp => C:\Program Files (x86)\JustCloud\JustCloud.exe
C:\Program Files (x86)\JustCloud\
Task: {7AB05AF2-3AC8-480C-8564-EEB617500E83} - System32\Tasks\Uninstaller_SkipUac_Clinica_Eternita => D:\ARQUIVOS\IObit Uninstaller\IObitUninstaler.exe [2014-12-12] (IObit)
Task: {A0314228-D8E2-4FBD-9CA0-D47B02D7E44B} - System32\Tasks\DealPly => C:\Users\CLINIC~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\CLINIC~1\AppData\Roaming\DealPly
AlternateDataStreams: C:\Users\ADM\Downloads\TeamViewer_Setup.exe:BDU
AlternateDataStreams: C:\Users\Clinica Eternita\Downloads\78EE.tmp:BDU
AlternateDataStreams: C:\Users\Clinica Eternita\Downloads\avast_free_antivirus_setup_online.exe:BDU
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1036154973-2463016285-3231558677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=9E1A5CC9D310194C"
File: C:\CONMED.bat
Folder: C:\Program
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.



  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum