Author Topic: You are unprotected! Avast background service is not running!  (Read 13763 times)

0 Members and 1 Guest are viewing this topic.

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Hi guys! I have some problems with my Avast. I've downloaded Avast Free 2015.10.2.2218 and the setup went well,but then it says that I'm not protected. If I click Start now or Resolve all,nothing happens. I also tried with other antivirus,to see where is the problem,and the same thing happens,I can't enable real time protection. Moreover,I have a program which has that shield, which means that only administrators can access it,and it won't open,although I am administrator(this is the only account on the laptop and it has admin rights).
I've read others topics here with the same issue,tried uninstalling and reinstalling several times,but nothing changed. The only security/cleaning tool I have is CCleaner.
Do you have any ideas? Thanks in advance!

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1439
Re: You are unprotected! Avast background service is not running!
« Reply #1 on: June 29, 2015, 12:04:51 PM »
1) What windows operating system do you have? What version of Service Pack has it got?
2) What is your previous antivirus software? Did you run it's uninstaller utility/removal tool after uninstalling it via add/remove?
3) What firewall do you have?
4) Did you try a repair of avast via add/remove?
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: You are unprotected! Avast background service is not running!
« Reply #2 on: June 29, 2015, 12:08:45 PM »
Quote
I am administrator(this is the only account on the laptop and it has admin rights).
That is not true.
What you have is a user account with admin rights.
There is also the true administrator account.

Since you also tried other av's, you have a messed up system.
They all need to be removed before trying to install avast again.

What application do you mean with "which has that shield" ?

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Re: You are unprotected! Avast background service is not running!
« Reply #3 on: June 29, 2015, 12:19:21 PM »
1) What windows operating system do you have? What version of Service Pack has it got?
2) What is your previous antivirus software? Did you run it's uninstaller utility/removal tool after uninstalling it via add/remove?
3) What firewall do you have?
4) Did you try a repair of avast via add/remove?

1) Windows 7/ 64 bit
2) Avira. Yes,uninstalled it,now the only AV installed is Avast.
3) Hmm,don't know exactly what to answer here. I have Windows Firewall,which is enabled for both home and public networks.
4) Yes,I have,nothing changed.

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Re: You are unprotected! Avast background service is not running!
« Reply #4 on: June 29, 2015, 12:22:20 PM »
Quote
I am administrator(this is the only account on the laptop and it has admin rights).
That is not true.
What you have is a user account with admin rights.
There is also the true administrator account.

Since you also tried other av's, you have a messed up system.
They all need to be removed before trying to install avast again.

What application do you mean with "which has that shield" ?

This is my personal laptop,at home,and when I installed the OS,this is the only account I created. Shouldn't I be the admin?
I did remove all the AV and nothing changed.
That application was Anti Malware,I installed it to scan,I thought there may be a malware which causes all this trouble. I was able to run it only in safe mode. Now I uninstalled it,but Avast still won't work.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1439
Re: You are unprotected! Avast background service is not running!
« Reply #5 on: June 29, 2015, 12:26:54 PM »
You need to use the Avira uninstaller utility/removal tool and run it in safe mode. Link is here http://www.avira.com/en/downloads#tools download the Avira Registry Cleaner.

Before you do the above, I want you to uninstall avast via add/remove and follow the instructions. After that, download the Avast uninstall utility from here https://www.avast.com/en-nz/uninstall-utility run it. It will say to you that this tool will automatically run your computer in safe mode, click yes and follow the instructions.

After that manually run your computer in safe mode and run the Avira Registry Cleaner and follow the instructions. After that download a fresh clean copy of avast and follow the instructions. After installation it will run a quick start up scan. After scan finishes, manually restart your computer and register your copy of avast.

Note: You mentioned you removed all antivirus? How many antivirus did you use prior to Avast? One is Avira! Any other antivirus? Prior to installing Avast, make sure you first use the Avira removal tool and other removal tool for other antivirus you have used?
« Last Edit: June 29, 2015, 12:44:21 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Re: You are unprotected! Avast background service is not running!
« Reply #6 on: June 29, 2015, 01:27:52 PM »
Done everything you said,still same problem.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1439
Re: You are unprotected! Avast background service is not running!
« Reply #7 on: June 29, 2015, 01:35:32 PM »
You might have malware or some other issues. Attach logs as mentioned here https://forum.avast.com/index.php?topic=53253.0 and once you have attached the logs I will ask an expert to help you out.
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: You are unprotected! Avast background service is not running!
« Reply #8 on: June 29, 2015, 01:36:28 PM »
That is what I had in mind too  :D

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Re: You are unprotected! Avast background service is not running!
« Reply #9 on: June 29, 2015, 03:05:06 PM »
The four logs mentioned in the post.
Note: I ran Anti Malware in Safe Mode,that's the only way I could open it.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: You are unprotected! Avast background service is not running!
« Reply #10 on: June 29, 2015, 04:01:11 PM »
Hi you have a new piece of malware just a day or so old, it uses mainly open source software, I would like to either take a copy of the files or ask you to upload them to Avast when we are done

If when you run this fix you get a blue screen of death then restart the computer in safe mode with networking and run the fix from there, the malware service sometimes gets uppity if I try to kill it in normal mode

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
R2 VSSS; C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [99717824 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\MAUAU2MK.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\AUIYMAUU.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6M6YEYI2.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6KAUM2M2.exe
2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCC.exe
2015-06-29 11:58 - 2015-06-29 11:58 - 01415680 _____ (wj32) C:\Program Files\UAUIYI2K.exe
2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\K4GWO4OC.exe
2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCG.exe
2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\IHO8ZEEE.exe
2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\GVEDKK4T.exe
2015-06-28 15:48 - 2015-06-28 15:48 - 01415680 _____ (wj32) C:\Program Files\5L1H5D15.exe
2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\K6UE2I6K.exe
2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\5P9TL1T9.exe
2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\VJZN7BVV.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\L5TDTHP9.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\FZFZBVFJ.exe
2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\6UEYMY2K.exe
2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\G4O4SG04.exe
2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\FR7V3RFZ.exe
2015-06-27 19:17 - 2015-06-27 19:17 - 01415680 _____ (wj32) C:\Program Files\VJZJBRJZ.exe
2015-06-27 13:52 - 2015-06-27 13:52 - 01415680 _____ (wj32) C:\Program Files\G0O4SCCC.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\ZJ3NR7RZ.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\WGOC0O8S.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\P9T5XL5H.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\N7NFVJ37.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\F3FZN7RF.exe
2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\0OCSG0KO.exe
2015-06-26 13:51 - 2015-06-26 13:51 - 01415680 _____ (wj32) C:\Program Files\WGK4O8WG.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\N3N7F3R7.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\K2IAKE2M.exe
2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\7N7VBVFJ.exe
2015-06-24 19:36 - 2015-06-24 19:36 - 01415680 _____ (wj32) C:\Program Files\AKAUE2IM.exe
2015-06-24 12:30 - 2015-06-24 12:30 - 01415680 _____ (wj32) C:\Program Files\P5LDTHX1.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\JZJBRJZJ.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\CSC4K4KO.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\AKEUAUEI.exe
2015-06-23 12:36 - 2015-06-23 12:36 - 01415680 _____ (wj32) C:\Program Files\1H9PD1LP.exe
2015-06-23 12:35 - 2015-06-23 12:35 - 01415680 _____ (wj32) C:\Program Files\M2MEUEUY.exe
2010-11-21 06:24 - 2010-11-21 06:24 - 72990720 ___SH () C:\ProgramData\msouafor.exe
C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
Tcpip\Parameters: [DhcpNameServer] 78.96.7.88 192.168.0.1
Tcpip\..\Interfaces\{8B51EB5B-ACE4-44D4-8284-63EA06051247}: [DhcpNameServer] 78.96.7.88 192.168.0.1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31305
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: You are unprotected! Avast background service is not running!
« Reply #11 on: June 29, 2015, 04:17:12 PM »
Little mistake in that fixlist.
2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe
That is the setup for Glary Utilities.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: You are unprotected! Avast background service is not running!
« Reply #12 on: June 29, 2015, 04:40:32 PM »
Aye just emptying the downloads as I do not know what the dropper was and the time frames are very close
« Last Edit: June 29, 2015, 04:47:03 PM by essexboy »

Offline flaviumanica15

  • Newbie
  • *
  • Posts: 11
Re: You are unprotected! Avast background service is not running!
« Reply #13 on: June 29, 2015, 05:40:46 PM »
This is the fixlog

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: You are unprotected! Avast background service is not running!
« Reply #14 on: June 29, 2015, 06:47:33 PM »
I see you had to run in safe mode... But, it looks to be gone, Avast and MBAM should now run in normal mode

How is the computer ?

Also could you zip the folder C:\FRST and upload to a file sharing site like Mediafire for me to collect https://www.mediafire.com/