Author Topic: Avast is spamming me constantly about outgoing email  (Read 2414 times)

0 Members and 1 Guest are viewing this topic.

seibernator

  • Guest
Avast is spamming me constantly about outgoing email
« on: March 05, 2014, 08:49:45 PM »
Hello

I think my wife has downloaded a virus that Avast can't get rid of completely. I have constant messages popping up in the corner telling me Avast has blocked a threat. I get up to 51 of these messages before it starts again. They always refer to outgoing mail and that Avast has blocked it, but whatever it is doing it isn't getting rid of it completely.

Process is always mostly C:\windows\syswow64\svchost.exe

Any advise would be greatly appreciated.

Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: Avast is spamming me constantly about outgoing email
« Reply #1 on: March 05, 2014, 09:15:40 PM »
follow instructions here http://forum.avast.com/index.php?topic=53253.0

attach logs from Malwarebytes and OTL .....when done, help will arrive


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is spamming me constantly about outgoing email
« Reply #2 on: March 05, 2014, 09:16:37 PM »
Could you attach a screenshot of the alert please

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 




On completion of the scan click save log, save it to your desktop and post in your next reply


EDIT: Snap :)

seibernator

  • Guest
Re: Avast is spamming me constantly about outgoing email
« Reply #3 on: March 05, 2014, 10:42:19 PM »
Nice one, thanks very much.

Here is the output from the ASWMBR program and have attached the two files produced by OTL:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-05 20:58:58
-----------------------------
20:58:58.263    OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:58.263    Number of processors: 4 586 0x2502
20:58:58.264    ComputerName: SEIBERT-HURST  UserName: acer
20:59:02.597    Initialize success
20:59:06.538    AVAST engine defs: 14030500
20:59:17.085    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:59:17.090    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:59:17.215    Disk 0 MBR read successfully
20:59:17.217    Disk 0 MBR scan
20:59:17.233    Disk 0 Windows VISTA default MBR code
20:59:17.250    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
20:59:17.266    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24578048
20:59:17.274    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       464838 MB offset 24782848
20:59:17.378    Disk 0 scanning C:\Windows\system32\drivers
20:59:28.926    Service scanning
21:00:00.570    Modules scanning
21:00:00.579    Disk 0 trace - called modules:
21:00:00.592    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:00:00.599    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd3060]
21:00:00.605    3 CLASSPNP.SYS[fffff88001af043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004914050]
21:00:02.820    AVAST engine scan C:\Windows
21:00:07.067    AVAST engine scan C:\Windows\system32
21:03:28.933    AVAST engine scan C:\Windows\system32\drivers
21:03:45.538    AVAST engine scan C:\Users\acer
21:24:28.486    AVAST engine scan C:\ProgramData
21:31:53.041    Scan finished successfully
21:32:46.474    Disk 0 MBR has been saved successfully to "C:\Users\Maria\Desktop\MBR.dat"
21:32:46.480    The log file has been saved successfully to "C:\Users\Maria\Desktop\aswMBR.txt"


« Last Edit: March 06, 2014, 12:21:13 AM by seibernator »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is spamming me constantly about outgoing email
« Reply #4 on: March 05, 2014, 11:07:02 PM »
Let me know if this stops the alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [bfxjbhhh] C:\Users\Maria\AppData\Local\dgcfjdgm.exe ()
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [buvgcoev] C:\Users\Maria\AppData\Local\xwteuboc.exe ()
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [mttlkgab] C:\Users\Maria\AppData\Local\qkvwukij.exe ()
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [rwqsbljh] C:\Users\Maria\AppData\Local\rqjkremj.exe ()
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [smkhwaqi] C:\Users\Maria\AppData\Local\vqikptpt.exe ()
O4 - HKU\S-1-5-21-1210587596-3410156555-903348221-1001..\Run: [vqqqkdcd] C:\Users\Maria\AppData\Local\epefeoee.exe ()
[2010/02/11 02:43:14 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

seibernator

  • Guest
Re: Avast is spamming me constantly about outgoing email
« Reply #5 on: March 06, 2014, 12:20:24 AM »
Thanks very much, that has worked a treat!!!!

Cheers  :)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37599
  • Not a avast user
Re: Avast is spamming me constantly about outgoing email
« Reply #6 on: March 06, 2014, 12:30:37 AM »
check back tomorrow and essexboy will remove the tools used   ;)


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is spamming me constantly about outgoing email
« Reply #7 on: March 06, 2014, 12:28:14 PM »
In that case methinks I will send you on your merry way :)

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave: