« previous next »
Pages: [1]   Go Down

Author Topic: it blocks my Avast/AVG/S S&D  (Read 4325 times)

0 Members and 1 Guest are viewing this topic.

subcodes

  • Guest
it blocks my Avast/AVG/S S&D
« on: June 11, 2007, 12:31:11 AM »
Howdy ho...

I have something that erases the Avast executable (free edition) and also does the same to Spybot Search & Destroy and AVG executables. It also doesn't allow me to restart my Windows XP in safemode - I get the bluiescreen if I try ;)

I've tried to reinstall Avast and S S&D a hundred times, won't help. Have no clue about what to do.. what I've seen it do this far, except diabeling anti-viri software is that it pops up ads using IE7.

Edit: I've also tried using the avast! Virus Cleaner without success.
« Last Edit: June 11, 2007, 12:34:05 AM by subcodes »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89670
  • No support PMs thanks
Re: it blocks my Avast/AVG/S S&D
« Reply #1 on: June 11, 2007, 02:23:27 AM »
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

subcodes

  • Guest
Re: it blocks my Avast/AVG/S S&D
« Reply #2 on: June 11, 2007, 06:25:33 AM »
The only antivirus thing I've managed to run was Symantecs online check, and it showed the following log. Notice that I still haven't managed to remove a single virus on the list:

G:\program\Windrop\tclpip84.dll is infected with Trojan Horse 
G:\program\Windrop\lib\dde1.2\tcldde12.dll is infected with Trojan Horse 
G:\program\Windrop\lib\reg1.1\tclreg11.dll is infected with Trojan Horse 
G:\program\MIRC603standard\logs\rythom420.log is infected with IRC.Worm.gen 
G:\program\Radmin\AdmDll.dll is infected with Remacc.Radmin 
G:\program\Radmin\raddrv.dll is infected with Remacc.Radmin 
G:\program\Radmin\radmin.exe is infected with Remacc.Radmin 
G:\program\Radmin\r_server.exe is infected with Remacc.Radmin 
G:\program\mirc60\logs\rythom420.log is infected with IRC.Worm.gen 
C:\WINDOWS\system32\12345678.exe.bak is infected with Spyware.ActMon 
C:\WINDOWS\system32\actmonnnn.exe is infected with Spyware.ActMon 
C:\WINDOWS\system32\obcore.exe is infected with Trojan Horse 
C:\WINDOWS\system32\wsaupdater.exe is infected with Adware.BlazeFind 
C:\WINDOWS\exefld\134218.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\140796.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\141437.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\144796.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14693187.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14727828.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14740453.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14829765.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14842953.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14869718.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\14993671.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\150906.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\159140.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\159515.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\186390.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\208875.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\211468.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\215984.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\288140.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\29195406.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\29292890.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\343265.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\375203.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\379875.exe is infected with Trojan.Dropper 
C:\WINDOWS\exefld\379984.exe is infected with Trojan.Dropper 
C:\Program\MIRC603standard\logs\rythom420.log is infected with IRC.Worm.gen 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~11.exe is infected with Infostealer 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~13A.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~13B.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~13E.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~13F.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~140.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~143.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~17.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~18.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~1B.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~1C.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~1F.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~2.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~20.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~23.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~24.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~27.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~28.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~29.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~2A.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~2F.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~3.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~30.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~33.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~34.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~37.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~38.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~3F.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~4.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~42.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~45.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~4C.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~5.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~55.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~56.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~59.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~5A.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~5D.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~5E.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~6.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~61.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~62.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~63.exe is infected with Infostealer 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~64.exe is infected with W32.Beagle.gen 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~69.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~6A.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~7.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~8.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~AC.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~AD.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~B.exe is infected with W32.Beagle.DZ 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~C.exe is infected with Trojan.Mitglieder 
C:\Documents and Settings\rebell girl\Lokala inställningar\Temp\~F.exe is infected with Trojan.Mitglieder 

I've also tried to install Panda antivirus & Kaspersky but that was also impossible and blocked just like every other program I've tried... it seems as if they block all antivirus programs.
« Last Edit: June 11, 2007, 06:34:48 AM by subcodes »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89670
  • No support PMs thanks
Re: it blocks my Avast/AVG/S S&D
« Reply #3 on: June 11, 2007, 03:25:54 PM »
Your system is seriously compromised.
Have you got a firewall and if so what is it ?
With all these reported Trojan Droppers, these will be trying to download more of the same and it looks like they might have already done so. A firewall with outbound protection might just stop any unauthorised outbound connections.

If you can boot into safe mode you may be able to rename the suspect (SUS) files e.g. 134218.exe to 134218.exe.SUS or rename the C:\WINDOWS\exefld\ to C:\WINDOWS\exefldSUS\ or move them to a newly created Suspect folder, so they are either no longer the same name or not in the original location. Yes you could delete the suspect/detected files but I'm loath to delete as a first action as you have zero options left.

The Radmin is a strange one it could be a legit application (a Remote Admin application) but here are many hits that indicate it is spyware/malware, did you install this and do you know about it ?
http://www.google.com/search?q=%5CRadmin%5Craddrv.dll
http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453096740

RESTORE SAFE MODE BOOT
The malware may have deleted the SafeBoot registry keys.
Here are some options to restore them:

http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/
http://didierstevens.wordpress.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

Clear your Temp folders, ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc. They are likely to come back possibly because of the trojan droppers without a firewall with outbound protection.

You say you have tried to install other 'anti-viruses' (not anti-rootkit) Panda and Kaspersky, unless you get rid of the underlying problem, a probable rootkit you are unlikely to succeed. Download the anti-root-kit tools that I gave links for (also read the avast forum topic link that I gave). If you are able to get into safe mode using the other links, then run the anti-rootkit tools from safe mode. If not try to run from a normal boot.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: it blocks my Avast/AVG/S S&D
« Reply #4 on: June 11, 2007, 08:44:10 PM »
I suggest that you get clean as soon as possible:

1) Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3).

2) Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4) It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5) If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6) After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »