Author Topic: Help - Could Avast be infected???  (Read 6892 times)

0 Members and 1 Guest are viewing this topic.

MARGO

  • Guest
Help - Could Avast be infected???
« on: December 01, 2005, 10:21:50 PM »
I have gotten a message from avast that says serious message too many emails...
and proceeds to show me alot of e-mails that are being sent by my machine.  I delete all of them, but within a few minutes they are back. 

So I run a virus scan - catches to viruses.  Then I scan with Pest Patrol and it catches spyware.Realspy.  I quaranteen the file.

Then when I try to run Avast again I get the error messge
Unknown Error - some missing skin file.  When I click on the link to see what this means, I'm sent to the avast site and it is saying to loan the exact file that is in the quaranteened file under the spyware.real spy folder. 

If I un-quaranteed the file avast needs - the tons of e-mails starts up again!


I'm at witts end!  Any help!!!!!!!    Thanks Margo

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89442
  • No support PMs thanks
Re: Help - Could Avast be infected???
« Reply #1 on: December 01, 2005, 10:33:42 PM »
1. avast effectively stopped some form of email spambot sending emails from your system, unless of course you sent out the multiple emails at the time of the warning.

2. Pest Patrol has on occasion had a number of false positive detections and some feel that it is aptly named PEST. It could be possible that it has incorectly detected an avast file and by removing it has caused this error about the skining interface (which hasn't been a virus problem.

Try a repair of avast and see if that restores the missing file. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this.

What is the file name and location that you feel when restored kicks off the emails?

Check the fixes/deletions/guarantines that pest has made and look for any from the avast folder and restore it. To be sure it isn't a problem you can (assuming you can find it) check it against one of the multi engine scanners.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2
« Last Edit: December 01, 2005, 10:35:44 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MARGO

  • Guest
Re: Help - Could Avast be infected???
« Reply #2 on: December 01, 2005, 11:14:43 PM »
Thanks

I've tried the first thing you suggested.  But then I have to reboot and when I do the Spyware re-installs itself. And I'm back where I was at 8:00 this morning!

Here is the error rerport from Pest patrol:

eTrust PestPatrol Quarantined Pests Report
This report was generated on: 12/1/2005-5:09:35 PM

=== Begin Session 12/1/2005 3:48:21 PM  <<20051201204821>> (ID 2) ===
(1) Spyware.RealSpy
     c:\windows\system32\actskin4.ocx

=== End Session 12/1/2005 3:48:21 PM  <<20051201204821>> (ID 2) ===
=== Begin Session 12/1/2005 12:22:17 PM  <<20051201172217>> (ID 1) ===
(1) Spyware.RealSpy
     c:\windows\system32\actskin4.ocx

=== End Session 12/1/2005 12:22:17 PM  <<20051201172217>> (ID 1) ===
***End Report***


If this is a virus or pest why doesn't avast catch it and clear it out?

Margot

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89442
  • No support PMs thanks
Re: Help - Could Avast be infected???
« Reply #3 on: December 02, 2005, 01:07:44 AM »
Have you done as I suggested and test the file using one of the multi engined on-line scanners. This is as I said one way to confirm one way or the other.

Does your actskin4.ocx details match this, see image, if not it could be infected. Perhaps when the file is removed try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this. Hopfully it will download the actskin4.ocx again.

This may not be classified as a true virus more a trojan spambot emailer. When you restore are any other files also being restored, e.g. can you select one file to restore or are you restoring a particular run of pest patrol?
« Last Edit: December 02, 2005, 05:02:26 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Help - Could Avast be infected???
« Reply #4 on: December 02, 2005, 01:08:18 AM »
It's a Pest Patrol false positive again  :P
In fact, this software is the champion in false positives detection...  :(
And, as far I know, it does not have a 'white' list.
You must ignore this dectection. If you delete the file already, repair avast installation or, at least, register ACTSKIN4.OCX again, following:

Select START > RUN...
Enter the following command:

If you have Windows NT or 2000:
C:\WINNT\SYSTEM32\REGSVR32.EXE ACTSKIN4.OCX

If you have Windows 95, 98 or ME:
C:\WINDOWS\SYSTEM\REGSVR32.EXE ACTSKIN4.OCX

If you have Windows XP:
C:\WINDOWS\SYSTEM32\REGSVR32.EXE ACTSKIN4.OCX

If you have Windows x64:
C:\WINDOWS\SysWOW64\REGSVR32.EXE ACTSKIN4.OCX

Press OK (or Enter).
A message saying that the file was successfully registered should appear...

Can you post if this solve the problem?
The best things in life are free.

MARGO

  • Guest
Re: Help - Could Avast be infected???
« Reply #5 on: December 02, 2005, 04:23:04 PM »
OK, forgive me for I am not a tech, but here is what I did.

My machines were all turned off last night.  Turned on this AM and the 500 e-mails a minute started.  Scanned with Pest Patrol and they stopped.  As all the other times it (PP) caught the Spyware.Realspy  spyware program and under it was the actskin4.ocx file.  And as ususal I could not run a visus check as Avast was mising the file.

So I unquaranteened it and went to the jotti.org site and selected the file

C;\windows\system32\actskin4.ocx to scan and it found nothing and said that file was OK. 

So now my question is this - what is going on?  I obviously have something in my computer but Avast is not catching it.  The only way to stop it is with Pest Patrol.  I understand about the concept of a false positive, but what do you suggest I do! 

I need to get this sypware OFF my computer.   thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89442
  • No support PMs thanks
Re: Help - Could Avast be infected???
« Reply #6 on: December 02, 2005, 05:08:08 PM »
Check the image in my post above (It went missing from the post I have just put it in again), does the file you have match that?

Have you tried an avast repair as I suggested above.
Quote
Perhaps when the file is removed try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this. Hopfully it will download the actskin4.ocx again.

Have you tried hijackthis as I suggested two posts ago?

We ask questions to try and identify the problem, we offer suggestions to try and resolve the problem, but if you aren't going to answer questions or try suggestions then we are all wasting our time.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security