Author Topic: Avast your protection is a Joke by Crossbrowser  (Read 18984 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast your protection is a Joke by Crossbrowser
« on: June 13, 2015, 08:37:29 AM »
I pay for an Internet Security license and only 2 clicks were enough to get my system infected by trojans, spyware, firefox 38 hickjacked and Avast did absolutely nothing to protect me, oh wait, yes, i remember 2 warnings telling my avast had blocked process x and y but that was all.....

Revo Uninstaller and malwarebytes were more useful removing all that garbage than Avast...

What a HUGE disappointment i'm NOT protected at the end of the day with Avast.
« Last Edit: June 13, 2015, 08:39:09 AM by psikofunkster »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: Avast your protection is a Joke by Crossbrowser
« Reply #1 on: June 13, 2015, 08:55:04 AM »
NO security program have 100% detection.... that includes Malwarebytes

what did Malwarebytes detect that avast did not? ..... can you post the log


if you could use revo uninstaller to clear this, then it sounds like it was PUP detections
have you turned avast PUP detection on?


« Last Edit: June 13, 2015, 10:37:20 AM by Pondus »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast your protection is a Joke by Crossbrowser
« Reply #2 on: June 13, 2015, 10:50:21 AM »
I agree with Pondus.

What did you do with the warnings ?
Only 2 clicks ?
I find that really hard to believe.

Let me guess, you did not use a limited account but one with administrator rights.

Security starts with people, not with hard-/software !

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast your protection is a Joke by Crossbrowser
« Reply #3 on: June 13, 2015, 12:10:00 PM »
Let me guess, you installed a programme and clicked your way through the add all toolbars you want pages and download these programmes to speed up the PC ?

That is the way that you get them and unless you tell Avast that you do not want pups then they will continue to appear


REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #4 on: June 13, 2015, 02:23:03 PM »
NO security program have 100% detection.... that includes Malwarebytes

what did Malwarebytes detect that avast did not? ..... can you post the log


if you could use revo uninstaller to clear this, then it sounds like it was PUP detections
have you turned avast PUP detection on?

Check the thread of this title pretty much a beauty called Crossbrowswer. PUP = Potentially unwanted programs, yes they were many of them at least 4, i have Avast internet security installed with default settings.

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #5 on: June 13, 2015, 02:33:16 PM »
I agree with Pondus.

What did you do with the warnings ?
Only 2 clicks ?
I find that really hard to believe.

Let me guess, you did not use a limited account but one with administrator rights.

Security starts with people, not with hard-/software !

By 2 clicks i mean opening a false torrent file by mistake, yes i didn't notice the file was 1.2 Mb anyways i didn't received a Windows 7 warning asking me for admin rights.

And yes i've been using an admin account since the first day Windows 7 was released, so far 0 problems until last night with such an aggressive malware, pretty much Avast did NOTHING.

Yes yes it's easier to blame the user for you.... i disagree with your comment, Avast did nothing BEFORE and AFTER the infection.
« Last Edit: June 13, 2015, 02:39:02 PM by psikofunkster »

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #6 on: June 13, 2015, 02:36:44 PM »
Let me guess, you installed a programme and clicked your way through the add all toolbars you want pages and download these programmes to speed up the PC ?

That is the way that you get them and unless you tell Avast that you do not want pups then they will continue to appear

As far as i remember i click the program, i got 0 Windows 7 admin warnings for this software, 3 or 4 avast pop ups telling me Avast had stopped them, and pretty much 1 malware got installed one after the other, there was nothing i could do about it. Even if you press cancel or try to close the window (which i couldn't) pretty much unstoppable.

No toolbars here and no mate i didn't download software to "speed up" my PC i'm not that noob. LOL  Now my PC appears to be cleaned again, in order to do that you need certain knowledge...
« Last Edit: June 13, 2015, 03:06:52 PM by psikofunkster »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast your protection is a Joke by Crossbrowser
« Reply #7 on: June 13, 2015, 02:39:28 PM »
Quote
That's all one can expect from these forums.
And that is is asking the same thing multiple times while the question has already been answered. It is even answered by someone from avast.

psikofunkster,
it is always a good practice to "explorer" the options/settings a application provides the user with.
So many systems, so many users, so many different needs/preferences. ;)

It is never a good idea to use a admin account or a account with admin rights for "daily" use.
Always use a limited account.
It offers more security.
Quote
pretty much Avast did NOTHING.
avast did gave you warnings and you seem to have ignored them.
Quote
Yes yes it's easier to blame the user
I almost 100% of all cases, it is the user that is at fault. A system doesn't say "Hé today, when my owner is sleeping, I am gonna do a bit of internet surfing and install things on my own".

If you follow these instructions, we will check if your system is really clean or not:
https://forum.avast.com/index.php?topic=53253.0

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #8 on: June 13, 2015, 02:44:22 PM »
Quote
That's all one can expect from these forums.
And that is is asking the same thing multiple times while the question has already been answered. It is even answered by someone from avast.

psikofunkster,
it is always a good practice to "explorer" the options/settings a application provides the user with.
So many systems, so many users, so many different needs/preferences. ;)

It is never a good idea to use a admin account or a account with admin rights for "daily" use.
Always use a limited account.
It offers more security.
Quote
pretty much Avast did NOTHING.
avast did gave you warnings and you seem to have ignored them.
Quote
Yes yes it's easier to blame the user
I almost 100% of all cases, it is the user that is at fault. A system doesn't say "Hé today, when my owner is sleeping, I am gonna do a bit of internet surfing and install things on my own".

If you follow these instructions, we will check if your system is really clean or not:
https://forum.avast.com/index.php?topic=53253.0

I didn't ignore any warnings, they were pop up messages telling me Avast has stopped certain dangerous process but didn't stop them all obviously.

Systems don't get infected by themselves that's pretty elemental my friend, still a GOOD software should be able to manage and stop this kind of infections (unless the user decides to install ALL that malware of course), AVAST did nothing before and after the infection that's why i'm posting here.

Come on mate you are linking me to a thread that suggest to use malwarebytes? LOL i KNOW!
« Last Edit: June 13, 2015, 02:50:32 PM by psikofunkster »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast your protection is a Joke by Crossbrowser
« Reply #9 on: June 13, 2015, 02:50:42 PM »
Quote
I didn't ignore any warnings, they were pop up messages telling me Avast has stopped certain dangerous process.
And you should have investigated what the pop-ups where about to prevent a infection or at least reduce the change on it.
Quote
still a GOOD software should be able to manage this kind of infections
avast is good software, but there is no software in the world that can detect/remove all bad things.
Quote
Come on mate you are linking me to a thread that suggest to use malwarebytes?
There is more in that post and I am not your mate.

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #10 on: June 13, 2015, 02:52:39 PM »
Quote
I didn't ignore any warnings, they were pop up messages telling me Avast has stopped certain dangerous process.
And you should have investigated what the pop-ups where about to prevent a infection or at least reduce the change on it.
Quote
still a GOOD software should be able to manage this kind of infections
avast is good software, but there is no software in the world that can detect/remove all bad things.
Quote
Come on mate you are linking me to a thread that suggest to use malwarebytes?
There is more in that post and I am not your mate.

There was nothing i could do, all happened too fast, do you think i had time to do some research?

I doubt that now, as i already mentioned Avast did nothing BEFORE and AFTER the infection, that's pretty lame.

You don't want me to call you my mate? sure, now could you please stop posting here? i  know you since long time ago and i've never liked your ways, thank you.
« Last Edit: June 13, 2015, 02:58:26 PM by psikofunkster »

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #11 on: June 13, 2015, 03:20:58 PM »
@psikofunkster,

I read the thread and when a PC gets infected it is PIA....so emotions come out.
Perhaps the bedside manner of the Forum members is not warm & fuzzy but they know of what they talk about and that is the point.
The cold hard reality here is Avast is very good but not a complete solution.
You need to stack your security to truly have a good protection effort.....basically layered.
However, many people go from too little to WAY too much and they have software conflicts and PC burps.
It takes a lot of research on what is best, or best for you, what works well together, etc.
Also, good surfing/installing habits are really the best protection.  ;)

There are many whom will chime in BUT using Avast alone is NOT ENOUGH.....good, but not enough.
I use MalwareBytes Pro & Malware Anti-Exploit.
I don't get into the fancy Firewalls.....just use Windows.
I add CryptoPrevent.
Is this perfect.....no....others will talk about Adware Blockers, etc.....for that I use FireFox for my Browser with JAVA & Adware blockers.
Point of my config is that I don't spend my life updating, configing,.....I actually use my PC.....my families use theirs as well.
These all work nicely together and have minimal effect on PC performance.
Also, if you are set on using Admin account change your UAC to "Always Notify Me"......default is below that.

Just some suggestions.....what happened to you is in past.....can't dwell on it.....question is what action will you take moving forward.
Also, as suggested above......if you want to make sure your PC is truly clean....I highly recommend......then follow the link provided and you can even post the logs and there are fantastic virus experts in this Forum that will help.
It is worth the time.....maybe 30minutes to hour tops to run and post.
https://forum.avast.com/index.php?topic=53253.0

« Last Edit: June 13, 2015, 03:23:22 PM by thekochs »

REDACTED

  • Guest
Re: Avast your protection is a Joke by Crossbrowser
« Reply #12 on: June 13, 2015, 03:25:26 PM »
@psikofunkster,

I read the thread and when a PC gets infected it is PIA....so emotions come out.
Perhaps the bedside manner of the Forum members is not warm & fuzzy but they know of what they talk about and that is the point.
The cold hard reality here is Avast is very good but not a complete solution.
You need to stack your security to truly have a good protection effort.....basically layered.
However, many people go from too little to WAY too much and they have software conflicts and PC burps.
It takes a lot of research on what is best, or best for you, what works well together, etc.
Also, good habits are best protection.

There are many whom will chime in BUT using Avast alone is NOT ENOUGH.....good, but not enough.
I use MalwareBytes Pro & Malware Exploit.
I don't get into the fancy Firewalls.....just use Windows.
I add CryptoPrevent.
Is this perfect.....no....others will talk about Adware Blockers, etc.....for that I use FireFox for my Browser with JAVA & Adware blockers.
Point of my config is that I don't spend my life updating, configing,.....I actually use my PC.....my families use theirs as well.
These all work nicely together and have minimal effect on PC performance.
Also, if you are set on using Admin account change your UAC to "Always Notify Me"......default is below that.

Just some suggestions.....what happened to you is in past.....can't dwell on it.....question is what action will you take moving forward.
Also, as suggested above......if you want to make sure your PC is truly clean....I highly recommend......then follow the link provided and you can even post the logs and there are fantastic virus experts in this Forum that will help.
It is worth the time.....maybe 30minutes to hour tops to run and post.
https://forum.avast.com/index.php?topic=53253.0

Yes i agree things can get fuzzy, but we are not here in the army thekochs also this is not the first time.

Thanks for your comments this is my Malwarebytes log by the way:

Code: [Select]
Malwarebytes Anti-Malware
www.malwarebytes.org


Procesos: 2
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\nsmEC11.tmpfs, 2492, Se eliminará al Reiniciar, [07d06455f59530062b5b3c45867fcf31]
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\hnsc5151.tmp, 2704, Se eliminará al Reiniciar, [07d06455f59530062b5b3c45867fcf31]

Modulos: 0
(Sin elementos maliciosos detectados)

Llaves del Registro: 37
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\jipuxyzu,  Cuarentena, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zedepory,  Cuarentena, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass,  Cuarentena, [ae2946731674fc3adf37b7cbd035bb45],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass.1,  Cuarentena, [8552ac0d0d7d4fe72ceaccb6e22310f0],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc,  Cuarentena, [14c34871622833031afc2b5750b56997],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0,  Cuarentena, [8453ad0cf7930a2cf422fb87da2b6b95],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService,  Cuarentena, [30a77e3b5d2d96a01df96c1685804cb4],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0,  Cuarentena, [a6319a1f7f0bda5ce92d661ca461af51],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc,  Cuarentena, [4d8ad1e8d3b778be75a13151d2331be5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0,  Cuarentena, [bd1a8237642696a0ac6af78b24e1bd43],
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Crossbrowse,  Cuarentena, [1cbba910fb8f9c9a1da0cf2263a0f60a],
PUP.Optional.ICinema.A, HKLM\SOFTWARE\WOW6432NODE\I - Cinema,  Cuarentena, [14c39e1beaa01f17e5727c9904003bc5],
PUP.Optional.ICinema.A, HKLM\SOFTWARE\WOW6432NODE\I - Cinema-nv-ie,  Cuarentena, [7a5d665391f984b2421553c2b64e7c84],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider,  Cuarentena, [716631881f6ba690a3be6689838046ba],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass,  Cuarentena, [4b8c7c3d5b2f7abc9b7ba8da0bfaeb15],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass.1,  Cuarentena, [a03736836426f83ebc5af38f16efaf51],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc,  Cuarentena, [f5e2af0a56347abccb4bc7bb42c34fb1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0,  Cuarentena, [7d5a01b80486979f65b1750dcc399c64],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService,  Cuarentena, [9344cdecc5c5b383cb4b92f09e670af6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0,  Cuarentena, [0fc85168791167cf62b4e0a2c441cb35],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc,  Cuarentena, [3f988b2e543638fe54c23f4314f19d63],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0,  Cuarentena, [5582c4f51b6fd95dee28ceb4f90c8977],
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\Crossbrowse,  Cuarentena, [884ff2c7d2b8171f9d208f622cd7df21],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients,  Cuarentena, [31a64e6b602ab185e539216763a24eb2],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE,  Cuarentena, [d40361582466ed499eec4bcfc3419f61],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\25257,  Cuarentena, [c710b207e4a61026dfab3df4bf45af51],
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\crossbrowse.exe,  Cuarentena, [ddfab108e7a383b3bb00609140c3c739],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage,  Cuarentena, [13c4a118652589ad691d116f43c24fb1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10,  Cuarentena, [d601a712b3d7bd79e78a9dd741c42dd3],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4,  Cuarentena, [8d4adfda66240e28bdb5ea8a33d2e818],
PUP.Optional.ICinema.A, HKU\S-1-5-18\SOFTWARE\I - Cinema-nv-ie,  Cuarentena, [f7e08f2a3852b2847bdbc154996b2ad6],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_,  Cuarentena, [29aef6c35535bc7a883695efa164d32d],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\CrossBrowser,  Cuarentena, [983f714847437cbac4f43bb6fa0921df],
PUP.Optional.ICinema.A, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\I - Cinema-nv-ie,  Cuarentena, [409779401278d561243204115aaa8878],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider,  Cuarentena, [e3f4f1c8494162d4549cc79f9b6aa759],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY,  Cuarentena, [6d6a26930f7b82b4d1b40be619ea7b85],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iCinema,  Cuarentena, [af288336c2c8d85e04b4d32657ac956b],

Valores del Registro: 7
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities,  Cuarentena, [6572843578121d19fbc2cbb99b6a847c]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe,  Cuarentena, [d40361582466ed499eec4bcfc3419f61]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000,  Cuarentena, [5b7c71481278ff3748aae50b26ddf20e]
PUP.Optional.CrossBrowse.C, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|Crossbrowse, Software\Clients\StartMenuInternet\Crossbrowse\Capabilities,  Cuarentena, [c80f0eab8efc04323a831470c1449d63]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\jipuxyzu|ImagePath, C:\Users\Antonio\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\nsmEC11.tmpfs,  Cuarentena, [8a4d9425f595b77f2ddfc0c0f11413ed]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zedepory|ImagePath, C:\Users\Antonio\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\hnsc5151.tmp,  Cuarentena, [60779128ef9bd066ee1faad616ef0ef2]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1083906515-1535575734-3129244981-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox,  Cuarentena, [6d6a26930f7b82b4d1b40be619ea7b85]

Datos del Registro: 0
(Sin elementos maliciosos detectados)

Carpetas: 1
PUP.Optional.MultiPlug.Gen, C:\Users\Antonio\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC, Se eliminará al Reiniciar, [07d06455f59530062b5b3c45867fcf31],

Archivo: 32
PUP.Optional.Crossbrowse.C, C:\Windows\System32\Tasks\Crossbrowse,  Cuarentena, [eee97f3a91f9db5b107f1bd6b54e7b85],
PUP.Optional.Crossbrowse.C, C:\Windows\Tasks\Crossbrowse.job,  Cuarentena, [20b7a01947436accade38f62d52e41bf],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP1.job,  Cuarentena, [c71085345634aa8c87b4e80a16edae52],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP2.job,  Cuarentena, [0acdc3f66d1d58de53e807eb6b9832ce],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP3.job,  Cuarentena, [3b9cd1e84545bf778bb0767cb44f916f],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP1,  Cuarentena, [b720378261292b0b79c3d51d61a2748c],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP2,  Cuarentena, [9146f1c8c3c73204d76516dc60a30ef2],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP3,  Cuarentena, [d70064551d6d999d2d0fe40e41c26799],
PUP.Optional.BoBrowser.A, C:\Windows\System32\Tasks\Run_Bobby_Browser,  Cuarentena, [47904d6c1773c670ace2fa050300d32d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-1-6,  Cuarentena, [def9dfda0d7d9a9c11743bdfee16a35d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-1-7,  Cuarentena, [00d7cced06842b0b75100812bb49d927],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-10_user,  Cuarentena, [84533f7a5535eb4bf392ad6d798b827e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-11,  Cuarentena, [62753782e2a83afc463f36e4cf356e92],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-4,  Cuarentena, [77603a7fcfbb270fbdc8b367768e4ab6],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-5,  Cuarentena, [7b5c13a6107a181e2a5b0317ea1a9967],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-5_user,  Cuarentena, [57805f5aeaa0dc5aacd97c9e9c680000],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-1-6.job,  Cuarentena, [d9fe22977a101d19fe6fafc380856997],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-1-7.job,  Cuarentena, [35a24673b9d12313df8e77fb24e1d52b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-10_user.job,  Cuarentena, [f1e61e9bf79370c65716650d11f4c937],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-11.job,  Cuarentena, [ebecd5e44e3c34023439e78b58ad38c8],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-4.job,  Cuarentena, [d403f6c397f3c0762b42dd953fc6f50b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-5.job,  Cuarentena, [01d67643701a5dd996d7541e867f2bd5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\4057785f-d913-4d78-a0ef-1719bcd27f50-5_user.job,  Cuarentena, [b1267346454558de7eef0c664abb847c],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job,  Cuarentena, [7b5cbbfea3e7d75f1468561c31d4f709],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore,  Cuarentena, [f4e35e5babdfd165e29bda98b352758b],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job,  Cuarentena, [bc1b655417732d09443a700258ad3ac6],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA,  Cuarentena, [eee956638703290d106f383a62a37f81],
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\nsmEC11.tmpfs, Se eliminará al Reiniciar, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\hnsc5151.tmp, Se eliminará al Reiniciar, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\rnsc1AC1.exe,  Cuarentena, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\Uninstall.exe,  Cuarentena, [07d06455f59530062b5b3c45867fcf31],
PUP.Optional.MultiPlug.Gen, C:\Users\x\AppData\Roaming\1E005D20-1434170721-4700-B238-C86000770EAC\vnsmE528.tmp,  Cuarentena, [07d06455f59530062b5b3c45867fcf31],

Sectores Físicos: 0
(Sin elementos maliciosos detectados)


(end)

Also, if you are set on using Admin account change your UAC to "Always Notify Me"......default is below that.

I'm gonna double check that right now.

Well regarding the future i really think i'm gonna have to move to Windows 10 as soon as it gets available, i found windows 7 Ultimate 64 bits last night pretty vulnerable too..

I'd really love a premium version of malwarebytes too...

I do accept my fault i executed a dangerous file accidentally, however i never bypassed any warning messages or installed something on purpose, pretty aggressive malware here...I've never seen something like that before to be sincere...

I'm not sure about this but i  think remembering that even when i tried to uninstall some of those PUPs apparently the uninstall process installed more of them...just my impression.
« Last Edit: June 13, 2015, 03:35:34 PM by psikofunkster »

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast your protection is a Joke by Crossbrowser
« Reply #13 on: June 13, 2015, 03:32:23 PM »
Hi psikofunkster :)

It is still not clear to me how you became infected.
Did you download - and run a software installer, were you browsing the internet or ...
As you are using AIS it is a pitty you only use it by default, because you can do so much more.


For example :

- Avast - Settings - General - Check for potentially unwanted programs ( PUPs )
- Avast - Settings - Active Protection - Webshield - Customise - Main settings - Warn when downloading files with poor reputation

You can tighten your security even more :

- Avast - Settings - General - Enable Hardened Mode

Sandbox your Browser(s) :

- Avast - Settings - Tools - Sandbox - Customise - Virtualised processses - Add - ...

And as your are using the Sandbox under an Admin account :

- Avast - Settings - Tools - Sandbox - Customise - Parameters - Drop administrative rights and run virtualised applications as a limited user


Ofcource you can change a lot more, depending on your demands. But this would be a good start.
But before you are going to change your settings, backup your current first :

- Avast - Settings - General - Back up setings

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast your protection is a Joke by Crossbrowser
« Reply #14 on: June 13, 2015, 03:38:38 PM »
MBAM suggests it is the ASK toolbar and browser hijacker.  This is usually bundled with other software and hidden in the installer package.   As Rednose states setting PUP's on is a good first step

There may be additional element that MBAM failed to get so you could use AdwCleaner to kill those

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.