Virus can Disable Avast!

[stanrich]

I have been working all afternoon on a virus that can (1) disable Avast, (2) Disable AVG and (3) disable Norton installs!!

Never seen anything like this!  It appears to delete the ashAvast.exe file!  I have even tried copying the executable from another machine using a jump drive but the virus spotted that one and deleted it also before I could move it to the Program Files Folder!

It appears to be a variant of the W32.Lodear but I am unable to actually scan the system to determine if that is it or something else!  The Avast Cleaner toll does not find anything but something is killing Avast!  Help would be appreciated!

[mauserme]

Hi stanrich,

What identified this as W32.Lodear? 

Have you had avast!, AVG, and Norton all running on your computer?  What is your operating system?

See if you can do a Trend Micro House Call on line scan:

http://housecall.trendmicro.com/

[stanrich]

OS is Windows XP Pro SP2.
Norton was running but disabled by virus.

I caught a brief glimpse of the virus the first time AVAST loaded and found it before it crashed AVAST, looked it up and found the hloader_exe.exe file, hleader_dll.dll and the exefld folder all present on the PC.

I will try running housecall next.  I have to isolate this unit on the network because I KNOW it can spread itself via IP, it has already infected another system and disabled Norton there also...

[DavidR]

The problem with still having NAV installed (even disabled by virus), is when avast finds the presence of NAV it doesn't fully install to avoid conflict. So that could have had the effect of avast not being fully installed and less able to defend your sustem and itself.

The avast cleaner is only for a limited number of viruses and worms as indicated on the page where you downloaded it.

[Lisandro]

You can never have Norton and avast working at the same time. Disabling does not help.
AVG could be 'disabled' in earlier versions and be used with avast. I doubt you can do it now without messing Windows Security Center, AVG updates, etc.

But something is killing Avast!

Norton or AVG 

[mauserme]

If you've had a chance to run House Call and nothing was cleaned, then try this.

Download/save to your desktop the following files but don't install or run them yet:

SymNRT from

http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

avast! uninstall utility from

http://www.avast.com/eng/avast_uninstall_util.html

avast! installation file from

http://www.avast.com/eng/download-avast-home.html

avast! update file from

http://www.avast.com/eng/update_avast_4_vps.html

CCleaner from

http://www.ccleaner.com/download/

Take your computer off line.

Open Add/Remove Programs in the Control Panel and uninstall AVG.  Reboot.

Run SymNRT from your desktop.  Reboot (please be aware that this step will remove all Symantec products from your computer.  If there are some you want later you will have to reinstall them).

Run the avast! uninstall tool.  Reboot.

Install CCleaner without the Yahoo Tool Bar option and run it when asked.  Uncheck the option to clean old prefetch files.  Click Analyze and then click Run Cleaner.  Click the Issues Icon at the top left, Click Scan for Issues, then Click Fix Selected Issues.  Make a back up when prompted to do so.  Reboot.

Install avast! from the desktop and, assuming it installs OK, run the avast! update file.  Open the program, schedule a boot scan, and reboot.

Post again with the results.

[Spiritsongs]

   Hi all :

      Many HJT Experts on antiSPYWARE forums recommend
      NOT using CCleaner's "Issues" Section because of its
      unreliability as a "registry cleaner" .
      Should consider using antiSPYWARE Expert "Atribune"s
     "ATF Cleaner" available at :
      www.atribune.org/content/view/19/2 .

[donisaurus]

you may use regcleaner freeware by jouni viuorio, only 540kb and it's effective i think.. try to define what's run on your system start up.. it may content path of application that disabling any antivirus..

[mauserme]

Hi Spiritsongs,

Thanks for the reference to ATF Cleaner.

Unless I've done something wrong with the installation I don't see that ATF does any registry cleaning.  Just temp files and the like.

I really think stanrich could benefit from clearing the registry of some of this multiple AV mess.  True, CCleaner is just on the verge of being a registry cleaner but its a safe, simple step that has little potential to cause additional problems.

M