Author Topic: Avast your protection is a Joke by Crossbrowser  (Read 15097 times)

0 Members and 1 Guest are viewing this topic.

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast your protection is a Joke by Crossbrowser
« Reply #15 on: June 13, 2015, 03:39:50 PM »

You can tighten your security even more :

- Avast - Settings - General - Enable Hardened Mode

To add to very good suggestion.........
{Avast 9 Path}
- Avast - Settings - Antivirus - Enable Hardended Mode - Aggressive
https://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485
« Last Edit: June 13, 2015, 03:46:39 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline psikofunkster

  • Sr. Member
  • ****
  • Posts: 205
Re: Avast your protection is a Joke by Crossbrowser
« Reply #16 on: June 13, 2015, 03:55:28 PM »
Hi psikofunkster :)

It is still not clear to me how you became infected.
Did you download - and run a software installer, were you browsing the internet or ...
As you are using AIS it is a pitty you only use it by default, because you can do so much more.


For example :

- Avast - Settings - General - Check for potentially unwanted programs ( PUPs )
- Avast - Settings - Active Protection - Webshield - Customise - Main settings - Warn when downloading files with poor reputation

You can tighten your security even more :

- Avast - Settings - General - Enable Hardened Mode

Sandbox your Browser(s) :

- Avast - Settings - Tools - Sandbox - Customise - Virtualised processses - Add - ...

And as your are using the Sandbox under an Admin account :

- Avast - Settings - Tools - Sandbox - Customise - Parameters - Drop administrative rights and run virtualised applications as a limited user


Ofcource you can change a lot more, depending on your demands. But this would be a good start.
But before you are going to change your settings, backup your current first :

- Avast - Settings - General - Back up setings

Greetz, Red.

Hi Rednose,

Well yes my fault here, i downloaded a torrent file, i have the link here right now by the way, instead of double clicking on it i double clicked another file that was downloaded at the same time...right now i'm watching the extension...an exe file. =(

I tried to execute the exe again a few moments ago and yes, my bad, it is asking me for an admin permit....sight i must have given to it last night accidentally, it was late and i was tired...that's 100% my mistake....sigh.. :-X


However as soon i double clicked it there was pretty much nothing i could do about it, Avast intercepted  like 4 processes yes, if i remember correctly but other windows appeared, i might have clicked on the cancel and windows close ( X ) buttons (event alt+f) but i do remember there was a window which i never could close...after that i restarted the PC.


After the PC restarted i proceeded to uninstall the PUPs, all my firefox icons were replaced by the Crossbrowser icons and i wasn't able to close the crossbrowser process, also the crossbroser window opened itself by default.
I run Super antispyware detected trojans and bad cookies, deleted them, but the crossbrowser was still there also i couldn't remove it, i downloaded revo uninstaller portable and it finally uninstalled the crossbrowser.
And yes i performed a full Avast scan before all that...0 detections.

Yes i gave a malware exe file admin rights during the execution...i'm a fool i can't argue that now,however after that Avast did almost nothing for me...it's that a normal behaviour? and yes, i was using AIS by default...now i know i need to change that.

Thanks for your tips i'm gonna read them.
« Last Edit: June 13, 2015, 04:22:04 PM by psikofunkster »

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast your protection is a Joke by Crossbrowser
« Reply #17 on: June 13, 2015, 04:21:40 PM »
Hi, psikofunkster :)

Personally I wouldn't download and/or execute anything from unreliable sources such as Torrents.
But when you do, you also have the choise to execute them in the Sandbox : Right click the file - Run in Sandbox.
Don't forget to drop the Admin Rights of the Sandbox first though, as I descriped earlier.
But remember : With a Sandbox it is like with all security, there is no 100% guarantee that you are safe.

Greetz, Red.
« Last Edit: June 13, 2015, 04:33:10 PM by Rednose »
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline psikofunkster

  • Sr. Member
  • ****
  • Posts: 205
Re: Avast your protection is a Joke by Crossbrowser
« Reply #18 on: June 13, 2015, 04:33:40 PM »
Hey Rednose do you know if there's a way to know if i'm 100% clean currently? i've already executed 3 utilities a few times like malwarebytes, anti spyware and avast but i'm still not sure...i used to have the anti spyware utility with me only, but last night i gave a try to the malwarebytes too, well it detected  even more malware... 
Now i don't know if i should reinstall windows 7 again or just wait for windows 10...what a pain.  :-[


and yes i know since long time ago some people don't recommend to use a windows admin account for the daily windows use. However i install and uninstall software pretty frequently (among other things), it's a pain for me to change between accounts that frequently, i know there's a risk involved doing that though.

I only wish Avast could have done more for me here. That's all, that's why i'm complaining here. Yes i executed an infected exe file i admit my fault, however i would have loved Avast to stop that exe completely not partially...Avast never warned me about its execution, it stopped some processes? yes but allowed others..

Now i must pay and face the pain to install windows again...
« Last Edit: June 13, 2015, 04:50:39 PM by psikofunkster »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast your protection is a Joke by Crossbrowser
« Reply #19 on: June 13, 2015, 04:47:19 PM »
Lets have a manual look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.

Offline psikofunkster

  • Sr. Member
  • ****
  • Posts: 205
Re: Avast your protection is a Joke by Crossbrowser
« Reply #20 on: June 13, 2015, 05:00:57 PM »
Lets have a manual look see

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.


Thanks for your help.



I attached the file, but i'm definitely going to reinstall the OS (peace of mind), i've never experienced an infection like this, it was one malware after the other...I've been using PC's since 1989 and this was the most aggressive by far... 10 evil cookies, 4 trojans, 4 PUBs...  IMO an attempt to install one brought even more...
« Last Edit: June 13, 2015, 05:07:49 PM by psikofunkster »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast your protection is a Joke by Crossbrowser
« Reply #21 on: June 13, 2015, 05:35:12 PM »
It just shows how aggressive adware is nowadays..  However a reformat would be an overkill as this was adware pure and simple nothing else like key loggers etc. are present

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
S2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
2015-06-11 00:28 - 2015-06-09 12:28 - 00000040 ____H C:\Program Files (x86)\153a83b3.tmp
2015-06-01 10:24 - 2015-06-09 20:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-15 11:30 - 2015-05-15 11:30 - 00000038 ___SH C:\Users\Antonio\AppData\Local\69ff07055291669bb2b218.72821112
2015-06-12 23:45 - 2014-12-10 11:57 - 00000000 __SHD C:\Users\Antonio\AppData\Local\EmieBrowserModeList
2015-06-12 23:45 - 2014-10-07 21:51 - 00000000 __SHD C:\Users\Antonio\AppData\Local\EmieUserList
2015-06-12 23:45 - 2014-10-07 21:51 - 00000000 __SHD C:\Users\Antonio\AppData\Local\EmieSiteList
C:\Program Files (x86)\Common Files\ClaraUpdater
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast your protection is a Joke by Crossbrowser
« Reply #22 on: June 13, 2015, 05:38:53 PM »
Hi psikofunkster :)

You are in good hands with Essexboy, I would trust on his advise if I were you :)
But one last ( and maybe the most important ) tip :

Start making regular ( weekly ) image backups, and store them on an external HD.
It safes you the trouble from installing your OS again in case something goes wrong.
Windows 7 and up have all the tools build in for a good backup strategy.

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36624
Re: Avast your protection is a Joke by Crossbrowser
« Reply #23 on: June 13, 2015, 05:47:35 PM »
Quote
i have Avast internet security installed with default settings.
Default is PUP off ..... and PUP is not a infection, there are those who want to have some of this crap
Malwarebytes also have the option to ignore PUP, and i think default is warn but not remove, and i think avast should use that also

« Last Edit: June 13, 2015, 06:09:52 PM by Pondus »

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast your protection is a Joke by Crossbrowser
« Reply #24 on: June 14, 2015, 02:32:28 AM »
You are in good hands with Essexboy, I would trust on his advise if I were you :)

2nd that !

Run Essexboy's Fixlist (Reply #21) and see if resolves....he is the expert here.
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast your protection is a Joke by Crossbrowser
« Reply #25 on: June 14, 2015, 03:51:17 AM »
A topic like this also shows that people who are using/buying Avast, don't know how to take advantage of it.
I think Avast and we ( volunteers/helpers ) should think about how to improve that.

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43558
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast your protection is a Joke by Crossbrowser
« Reply #26 on: June 14, 2015, 05:42:35 AM »
A topic like this also shows that people who are using/buying Avast, don't know how to take advantage of it.
I think Avast and we ( volunteers/helpers ) should think about how to improve that.

Greetz, Red.
Sorry Red but that improvement needs to come from Avast by making users more aware of this forum and,
the Free help available here.
Maybe if the forum help were advertised as much as the third party help, that would be a good start. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31350
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast your protection is a Joke by Crossbrowser
« Reply #27 on: June 14, 2015, 03:53:54 PM »
Quote
i'm a fool i can't argue that now
I don't think you are. You where tired when you got your system infected. It is like with driving a car, don't drive when tired. Same goes for pc's. Don't use them if you are tired. Have a good rest first.

It seems to me you have calmed down after the frustration about the infection and are learning (new) things now.
That is good to read/see.

Please attach addition.txt create by Farbar to a next post so someone can have a look at that too.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast your protection is a Joke by Crossbrowser
« Reply #28 on: June 14, 2015, 04:52:32 PM »
Just started on another crossbrowser problem :)

Quote
Ads keep popping up on Chrome, even though my pop up blocker is turned on. I have Norton and Malwarebytes for security. Each time I run both there are multiple threats detected that neither can completely clean
Quote
C:\Users\****\AppData\Local\wd
C:\ProgramData\FlashBeat
C:\PROGRA~2\SearchProtect
C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
C:\Program Files\shopperz
C:\Program Files (x86)\RelevantKnowledge
C:\Program Files (x86)\Crossbrowse
« Last Edit: June 14, 2015, 04:54:52 PM by essexboy »

Offline psikofunkster

  • Sr. Member
  • ****
  • Posts: 205
Re: Avast your protection is a Joke by Crossbrowser
« Reply #29 on: June 17, 2015, 02:51:47 AM »
It just shows how aggressive adware is nowadays..  However a reformat would be an overkill as this was adware pure and simple nothing else like key loggers etc. are present


Spyware showed 4 trojans found too, also firefox was completely hickjacked even the icons replaced, and although i apparently solved those issues i wasn't sure...  I opted to go the hard path this time and i installed windows 7 during the weekend, what a pain is to do that more thatn 200 windows update already, took me an entire day... but that's Microsoft blame.

Time for me to buy a dedicated SSD and also adopt windows 10 when ready.

This advice stays with me as long as i use avast:

- Avast - Settings - General - Check for potentially unwanted programs ( PUPs )

IMO it should be enabled by default...we get the avast ads instead...just saying.

I'm not sure about this though:

Avast - Settings - Antivirus - Enable Hardended Mode - Aggressive


I will be continue using an admin windows 7 account though and keeping disabled the avast online security pluging...at my own risk.

« Last Edit: June 17, 2015, 03:03:22 AM by psikofunkster »