Unending problems

[jandg]

Before uninstalling Avast, is there someplace I can copy the "unlock key" from or is stored someplace on my machine (hopefully not in the directory that will be uninstalled).

Would love to send a screen print but I don't know how to do so when everything is disabled while the pop up is counting down.

Log attached

Thanks

[magna86]

Licens key? ...copy anywhere you want.

Would love to send a screen print but I don't know how to do so when everything is disabled while the pop up is counting down.

Ok. Leave it that way then if you will.
If a pop-up or a warning message shows again, it is best for begin to do re-install avast. Better than repair...

But as I said, the last attached logs are clean & malware free. Something else bothers avast. 


When pop-up shows, press few time PrtSc (aka Print Screen ) or Alt + PrtSc on keyboard. That should be enough.
When you remove the pop-up, go to paint and paste desktop image ( pop-ups image ).



PS: Check now if you have the avast logs, attach them now, I'l be happy to look at them. If not, then do as i wrote in my previous post, after re instaling avast and after the first warning message ( if shows again)

- Navigate to avast report folder and attach here BehaviorShield.txt and FileSystemShield.txt avast logreport

C:\ProgramData\AVAST Software\Avast\report\BehaviorShield.txt
                                                          ...  report\FileSystemShield.txt


...go to avast logs folder and attach here selfdef.txt avast logreport
C:\ProgramData\AVAST Software\Avast\log\selfdef.txt

---------------------------------------------------------
Also, i want you to install MCShield (just in case) to protect system from infection through a USB device or portable HDD and the like.

Download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

• Double click MCShield-Setup to install the application.
  
• Wait a few seconds to MCShield finish initial scan.

Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.

• Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

 

[jandg]

Magna,

Sorry to have be unclear.  My question was "where can I find the unlock key" so I can move it out of a directory that might be deleted during uninstallation.

Can't send behavior shield.txt as its 625kb or sefdef.txt as its 1.31mb.  If you'd like me to email them to you please let me know.

Thank you,

Jan

[magna86]

Can't send behavior shield.txt as its 625kb or sefdef.txt as its 1.31mb

Go to pastebin site:
http://pastebin.com/

copy/paste the contents of the log to pastebin site and click Submit.
Copy - paste URL here so i may see the contents of the text. 

-------------------

Abouth license file...i'm not shure, i need to ask.
You're supposed to save&backup your original license file somewhere.

But leave on for now. Don't re-install jet. I see interesting contents from scan results of MCShield program.
Sinse your logs are clean, and usb flash drives are clean now, let's see how will your PC running now.

If you again get pop-ups, report here (with posible screenshot).

[jandg]

Behavior Shield - http://pastebin.com/pe0xH7KZ

SelfDef - http://pastebin.com/E0rsU3gp


Apparently, AVAST will resend me the license on request so we're ok there

No pop-ups today (and they would have done so by now)

Thanks

[magna86]

Apparently, AVAST will resend me the license on request so we're ok there
No pop-ups today (and they would have done so by now)

it seems that problem is solved. If pop-up somehow still popup again, reinstall avast. But it should not occur any more.
By avast logs I do not see malicious staff, just attempting to access a some leght Windows file and for some reason it could not...






It is necessary to uninstall ComboFix !

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.

--------------------------------


> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.


--------------------------------

Re-run AdwCleaner and click on Uninstall button.
--------------------------------

I recommended to you to keep Malwarebytes and MCShield.
MCShield will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD


-------------------------------


Be safe  ;)

[jandg]

Magna,

Have followed all your instructions and recommendations.

I can't thank you enough for the time you spent on this.  I don't know what kind of arrangement you guys have with Avast or whoever, but I hope the effort that you put into this is somehow recognized.

JanDG

[jandg]

Magna,

I'm not reopening the issue because I'm pretty much sick of it and the problem something other than a virus anyhow.

But, if it's helpful to you, I'm attaching a screen shot of the pop up.  I have waited for the process to be identified and requested more info without success with either.

[magna86]

Let's again run detailed analysis of system...




• Download FRST to a USB flash drive.
  
• Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

• Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  
• Select Repair your computer.
  
• Select Language and click Next
  
• Enter password (if necessary) and click OK, you should now see the screen below ...

• Select the Command Prompt option.
  
• A command window will open.
• Type notepad then hit Enter.
  
• Notepad will open.
• Click File > Open then select Computer.
  
• Note down the drive letter for your USB Drive.
  
• Close Notepad.
• Back in the command window ....
• Type e:/frst.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  
• FRST will start to run.
  
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
    
  • When finished scanning it will make a log FRST.txt on the flash drive.
• Exit FRST.

• Close the command window.
• Boot back into normal mode and post me the FRST.txt logs please.

***************************************


Download DDS+ and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds+.exe

Double click dds to run the tool.
> Under Options for dds.txt check box for extend search period
> Click on Start

    * When done, DDS will open two (2) logs:
        1. DDS.txt
        2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

*********************************************





Download GMER , AntiRootkit tool from the link below and save it to your Desktop :


Download GMER

Double-clicking to run GMER .

• Wait for initial scan to finish - if there is any query, click No ;
  
  
• Click Scan and wait until the full scan is complete;
  
• Click Save ... - save the report to the Desktop (called Gmer1 );
  // note: the scan for Gmer1 log may take some time
  
  
  
• Right-click in the window GMER and select Options> Only non MS files - click Scan ;
  
• after a fasts scan, click Save ... - save the report to the Desktop (called Gmer2 );
  
  

> Attach here Gmer1 and Gmer2 logreports.