Key avast 4 files hidden by virus/malware?

[afs]

I've had been using Avast since July. I used the free registration process, and had no problems for quite a while.

I'm suddenly having a lot of problems. The day after I individually scanned some files for viruses, Avast disappeared from my task bar. Looked in the directory, and most of the key exe files in the Program Files\Alwil Software\Avast 4 directory are gone. Even the avast graphic for the shortcut on my desktop was gone. Downloaded the program again, used the windows XP control panel uninstall program. Then tried to reinstall Avast again. Same thing happened... except this time I watched the key exe files disappear from the Alwil Software\Avast 4 directory on windows explorer leaving holes where the files were supposed to be. Rebooted. Same thing happened.

Went to this website. Found out about aswclear.exe program. Tried using the aswclear.exe. Rebooted. Reinstalled. Same thing. Watched the key avast exe files disappear again from windows explorer.

Rebooted. Used aswclear.exe to remove avast. Threw my hands up and gave up. Rebooted. Downloaded the avg antivirus software and tried to install that. That installation failed do to avgamsvr.exe file. Rebooted. Same thing.

That was a few days ago. Since then, I've tried several other types of anti-virus software. All these installations fail. I've tried several different types of full anti-virus scans. I've run symNRT.exe a couple of times. Having done all that, I came back to the avast software to try another install. Same thing. Disappearing avast exe files before my eyes on windows explorer.

The problem is with avast. Something is both hiding the key avast exe files to prevent the avast software from being usable, yet is preserving enough of the avast software on my system to prevent me from installing any other anti-virus software.

I've heard some types of virus/malware can disable anti-virus software. Is this a virus/malware, or is this a avast bug, or is this a feature of the avast software registration code?

[Lisandro]

Disappearing avast exe files before my eyes on windows explorer.

What exactly happenned? Are the files created and then deleted? Are they moved to Recycle bin?
Are you using an administrator account?

The key avast exe files

I do not understand what do you mean... 

Prevent me from installing any other anti-virus software.

Seems a deep infection... Maybe you can install and run www.ewido.net and try to get clean.

Is this a feature of the avast software registration code?

Oh... I'm begginning to understand... If you use the Trial version (or the Professional version), after installing it and using it beyond the available period (Trial is 60 days, Pro is 12 months) you will be downgraded to Home version (the *.exe files of Pro version will be deleted...). Is this what is happening?

[afs]

I continued to work on this late last night... found out about the F-Secure Blacklight rootkit scan beta. Ran that. It found wintems.exe process running.

So... I've got a beagle/bagel virus that got around the avast home version, and it's in deep. I googled up a detailed step-by step removal of the virus. Searched for the BAN_LIST.TXT. Edited the registry, etc. Within 2 reboots it was right back. It's not the system restore. That's been off for a couple of days. Just ran Blacklight again and it found the wintems process as well as 3 others that aren't supposed to be there running again. I just deleted the BAN_LIST.EXE file again, too

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.BJ&VSect=Sn

The McAfee profile says the hidr.exe file that's a part of this virus is what is deleting those avast exe files.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=139038

What next, guys?

[thedoors]

This seems to be exactly what is happening to me ... avast exe's not available ... here's my post:

http://forum.avast.com/index.php?topic=20417.0

[afs]

I installed and ran ewido. That helped, but ewido did not find everything.

I may have, though. Since I've been staring at this same set of file names for a few days now, I noticed where they popped back up on the start-up and the processes window. The file name on the start menu leading to wintems was german.exe. The start menu file leading to hidr.exe was drvsyskit. Those start menu files got left by every single anti-virus/anti-malware scan out there.

The path to the file that got that hidr.exe file started was...

C:\\Documents and Settings\Owner\Application Data\hidires\m_hook.sys

[afs]

That did it. The german.exe and the drvsyskit start up were where it was hiding.

Rebooted 5 times to make sure the wintems process was gone. No BAN_LIST.EXE file returned.

Re-installed Avast 4 Home. Rebooted. It ran fine. Got it re-registered, and rebooted one last time to make sure it was okay. Avast is running fine now.

[Lisandro]

Avast is running fine now.

Great, but be sure to run a full scanning and a boot time scanning too.
Run ewido again won't be bad either