Author Topic: i cant update avast anymore (because of a virus?)  (Read 3785 times)

0 Members and 1 Guest are viewing this topic.

Offline neophite

  • Newbie
  • *
  • Posts: 5
i cant update avast anymore (because of a virus?)
« on: January 23, 2009, 11:39:02 PM »
I had a pb with the following stuff, that were detected by avast but as Avast adviced me to 'ignore' them instead of to delete them, I did so, until I got bored with the pop up windows each time I opened my computer.

Today I managed to find them and I deleted them:
- 6fnlpetp.exe ; (It might be the mail pb I think)
- 2u.com ;
- gy.com ;
- w98.com.

PROBLEM: My main problem is that Avast cant be updated. My last version is Avast 4.8 with the virus database of 081204-0, 04/12.
I just tried to install a newly downloaded version, but it failed at the 'spawning' step. (I did not get that)

I'm using Windows XP. If it helps...

What can I do?

thanks for ur help


Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1434
Re: i cant update avast anymore (because of a virus?)
« Reply #1 on: January 24, 2009, 12:12:04 AM »
this problem is known for Kavo family of malware.. one generation of it patched our setup to make it non-functional... try the avast uninstall utility and then the fresh new installation of current avast... after doing that schedule the boot-time scan and clean the rest of the infection (klif.sys driver etc)..

Offline neophite

  • Newbie
  • *
  • Posts: 5
Re: i cant update avast anymore (because of a virus?)
« Reply #2 on: January 24, 2009, 12:37:12 PM »
Thanks a lot.
I unistalled Avast and re install the version of today (23/01/09). I also boot (?) scan the whole computer.
Some pbs have been detected, but in the C:windows\system32\ part, so I don't know what to do now. At the moment, I put all of them in "quarantine", but can I delete the following stuff?

C:windows\system32\404fix.exe => infected by win32:Trojan-gen {ot her{
C:windows\system32\IEDFix.exe => infected by win32:Trojan-gen {ot her{

C:windows\system32\kamsoft.exe => infected by win32:Kavos [trj]
C:windows\system32\gasretyw0.dll => infected by win32:Kavos [trj]
C:windows\system32\gasretyw1.dll => infected by win32:Kavos [trj]
C:windows\system32\vamsoft.exe => infected by win32:Kavos [trj]
C:windows\system32\vbsdfe0.dll => infected by win32:Kavos [trj]
C:windows\system32\vbsdfe1.dll => infected by win32:Kavos [trj]


And after the computer has been restarted, a pop up window from Avast told me that : C:windows\system32\nmdfgds0.dll is also infected by win32:Kavos [trj] (and I chose the quarantine too)

What do I do now :-s ?



Offline chabbo

  • Full Member
  • ***
  • Posts: 175
Re: i cant update avast anymore (because of a virus?)
« Reply #3 on: January 24, 2009, 12:41:30 PM »
test Superantispyware its will help you.. if its no work i  recomennd a malware cleaner

Offline neophite

  • Newbie
  • *
  • Posts: 5
Re: i cant update avast anymore (because of a virus?)
« Reply #4 on: January 24, 2009, 01:25:49 PM »
Hi Chabbo.

Thanks for this piece od advice.
But may I ask to a Moderator if it is ok for me to trust another "newbie" like me?
Is this advice ok and the software good with your Avast antivirus?

I hope u Chabbo won't be too annoyed of me asking. It's very nice of u to have answered back to what can look like a very simple pb perhaps, compared to others... I don't know about that...

cheers

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71444
  • No support PMs thanks
Re: i cant update avast anymore (because of a virus?)
« Reply #5 on: January 24, 2009, 04:13:02 PM »
First you could enable an avast boot time scan again as it did a good job last time, but for some reason didn't get that one it caught on reboot.

http://www.digitalred.com/avast-boot-time.php.

SuperAntiSpyware is one of a few tools that we also suggest to run (just check my signature below my post).

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1434
Re: i cant update avast anymore (because of a virus?)
« Reply #6 on: January 24, 2009, 05:51:03 PM »
superantispyware can't help in case of Kavo infection afaik... you can delete everything related to Win32:Kavos.. btw: no warnings about klif.sys were there?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71444
  • No support PMs thanks
Re: i cant update avast anymore (because of a virus?)
« Reply #7 on: January 24, 2009, 06:10:04 PM »
Doesn't that depend on if one of the Win32:Kavos files was hiding other malware or anything avast isn't specifically looking for.

Quote
Downloads/requests other files from Internet.   
Modifies some system settings that may have negative impact on overall system security state.
Creates a startup registry entry.

It certainly won't hurt.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline neophite

  • Newbie
  • *
  • Posts: 5
Re: i cant update avast anymore (because of a virus?)
« Reply #8 on: January 25, 2009, 10:27:01 AM »
Thanks DavidR and Maax orginal!

Then I will just delete the fills that r at the moment in quarantine. They are all in the system32 part? Is it ok? someone told me never ever to touch anything there?
waiting for last advice.

I will certainely reshedule a boot scan, DavidR, ur right.

And for the last thing u ask me, Maaxx, the "klif.sys"... well... I'm a bit ashamed to tell u that I didnt pay attention to that because I had no idea what it is... :-s I just checked if i can find something on it, and It seems that I don't have any problem with that (it seems to provoke a blue screen to appear, is that it?)

cheers
« Last Edit: January 25, 2009, 10:43:19 AM by neophite »

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1434
Re: i cant update avast anymore (because of a virus?)
« Reply #9 on: January 25, 2009, 11:15:47 AM »
klif.sys is the rootkit protecting the Kavo files.. when it is present on your system it should be found by the antirootkit module, so it's possible that it has been removed already.. anyway, you can safely remove the Kavo related files from chest ;)

Offline neophite

  • Newbie
  • *
  • Posts: 5
Re: i cant update avast anymore (because of a virus?)
« Reply #10 on: January 25, 2009, 11:39:38 AM »
that's done. Thanks a lot for your help. I hope everything will be alright!