Author Topic: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!  (Read 12011 times)

0 Members and 1 Guest are viewing this topic.

puter illit

  • Guest
WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« on: April 28, 2009, 08:34:56 PM »
I have been using Avast Home version for several years and have always been confident that I was protected. For the last 6 months or so this has not been the case. I have posted several time's but am still having bugs with Avast. Please read entire post before responding as I will give some history as to what the problem problems are.

1st. I have to mention I have uninstalled avast & reinstalled it 4 times, always cleaning any remainder before a fresh install. With each new install either going directly to avast web site and linking to cnet or cnet directly upon initiating download of program I get a windows notification that Yahoo is trying to install Cookies :o  >:(. This should not be happening ??? I only use 2 browsers
1. IE 7 for windows live
2. Google via Firefox
Never Use Yahoo browser only via Yahoo messenger to yahoo mail center.

6 months ago Avast VRDB was behaving erratic and when I ran a manual scan all files showed as unscanable. NOTHING APPEARED TO BE SCANNED. - This has continued with each new install. Showed one indication of a virus which I moved to chest and deleted eventually

Than When I initiated a manual scan, it would run a system memory check and dissappear until I closed Yahoo messenger window and than reappear to continue with scan.

OK so Now I uninstalled Yahoo messinger completely from my computer and any traces of yahoo, ie. tool bar etc. 2 months ago and only access my mail via IE 7 to yahoo mail page.

Yesterday while suffing Google via firefox I hit on a rough software and get redirected as well as software downloaded. Avast did not detect this nor block it.  :( Immediately I did a sear for the download with no results. I ran Microfofts Malious removal tool - Nothing found, Ran Microsoft Windows live Care One - Nothing found. Ran a Boot scan from Avast same results - unable to scan files. But my memory is running higher than normal, so I just shut down until today.

Ok so today I ran Symantic, Trend all same result Nothing found. I installed Malwarebytes ran it same results- Nothing! Finally Out of complete confusion I ran HJthis. Come up with 1 item That totally baffaled me as BHO (no Name) so I did a google seach
{02478D38-C3F9-4efb-9B51-7695ECA05670}

Google results was a Yahoo companion  ??? So I deleted it using HJ this. Immediately  Avast stopped functioning or running !!!!!! I went to control panel tried to repair- said all program files were not found and could not repair.

OK so today I again uninstalled Avast and just reinstalled it. Same thing happens I get redirected to Cnet for the download via IE and as soon as I click to download Yahoo is trying to install cookies??????? What does Yahoo have to do with the install of Avast?????? Why is this happening?????? If I cannot find the problem I will be foreced to use McAfee that came with my puter which I never installed. I do not at this point believe Avast is working properly. Help

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #1 on: April 28, 2009, 11:58:50 PM »
You can download avast from CNET if you want, but  you can also download the language version you like directly from avast. Visiting avast.com homepage leads me to this link for english version:

http://files.avast.com/iavs4pro/setupengpro.exe

or here (for the Home Edition)

http://files.avast.com/iavs4pro/setupeng.exe

There is no connection between avast and Yahoo or any other 3rd party search bar or browser plugin.
« Last Edit: April 29, 2009, 12:00:31 AM by lukor »

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #2 on: April 29, 2009, 12:35:31 AM »
You can download avast from CNET if you want, but  you can also download the language version you like directly from avast. Visiting avast.com homepage leads me to this link for english version:

http://files.avast.com/iavs4pro/setupengpro.exe

or here (for the Home Edition)

http://files.avast.com/iavs4pro/setupeng.exe

There is no connection between avast and Yahoo or any other 3rd party search bar or browser plugin.

I know that, so why is it happening! If you read my post carefully I said I downloaded it both from avast home page which takes you to cnet for the download or from cnet directly. Either one Yahoo tries to set cookies before the download is allowed.  And why did my removing that YAHOO Companion file Kill Avast!! I know there should be no connection between Avast & Yahoo Which is why I posted looking for a resolution.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #3 on: April 29, 2009, 12:39:55 AM »
Hi puter illit,

This sounds like a browser hijack, or some BHO you got somehow, can you give us a HJT logfile txt attached to your next posting.
Download HJT from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #4 on: April 29, 2009, 02:32:34 AM »
Hi puter illit,

This sounds like a browser hijack, or some BHO you got somehow, can you give us a HJT logfile txt attached to your next posting.
Download HJT from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus

AS I stated in my post the only item I found that looked amiss was the :
02-BHO:(no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no file) That I deleted and killed Avast.  
I clicked to save the file but do not know where to find it?? looked in notepad and it's empty and the only item saved in Hjackthis is the one I deleted (same as above).  Ok so I just ran a new scan looks the same without the one I  deleted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:33 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219121036078
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231178231512&h=8294e464e69f3d3b5519dd68d4854bf1/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6483 bytes

Had to delete 2nd half of file was to large to send, but looked like duplicate anyway

bobo1

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #5 on: April 29, 2009, 09:32:20 AM »
Hi
Install spybot search and destroy and update it and do a scan. You must have a browser hijacker and other malware on it and use malware bytes program also to clean your computer!

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #6 on: April 29, 2009, 11:30:54 AM »
-= We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows XP's own one.

-= It seems like there wasn't any problem in the rest of the log..
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #7 on: April 29, 2009, 01:12:10 PM »
Hi
Install spybot search and destroy and update it and do a scan. You must have a browser hijacker and other malware on it and use malware bytes program also to clean your computer!
right, it may help you, I think maybe there are something wrong, such as Hijacked network operator or....

Download Spybot S&D, download update pack for it too, also you may download SAS and/or MBAM too, using a safe/clean computer, burn them to a NOT RE-WRITABLE disc, install them in your computer, scan your computer using those.
also since you are not able to install AV, another good tool for you is a bootable AntiVirus disc, there are one very good named "Avira Rescue System", you can download it Here. burn to a blank disc, boot your computer using that, do a full scan and let it to remove everything that find. hope your problem go away! ;)
Twitter: OmidFarhangEn - OS: Manjaro KDE

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #8 on: April 29, 2009, 02:35:44 PM »
-= We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows XP's own one.

-= It seems like there wasn't any problem in the rest of the log..

Strange? Microsoft's firewall is on and working, as a matter of fact during the time I uninstalled Avast it notified me I wasn't protected until I reinstalled Avast. And I also use a high end router with a built in firewall that is also encrypted with 128 bt encryption for wireless.

onlysomeone

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #9 on: April 29, 2009, 02:39:57 PM »
please post the full log - you wrote that you deleted one half...

you can separate it into two posts or you can attach it to your post via clicking the "Additional Options" which are under the textbox where you write a reply...

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #10 on: April 29, 2009, 02:51:48 PM »
Hi
Install spybot search and destroy and update it and do a scan. You must have a browser hijacker and other malware on it and use malware bytes program also to clean your computer!

As I said in my post this has been going on for the past 6 months, over that time I have installed both Spybot S&D found nothing uninstalled it as it was giving me problems, Used to use it with on demand years back and had conflicts with avast than. Also used Malwarebytes before and just downloaded it again yesterday both times nothing showed. That is why I am going nut's with this thing, all anti-virus & Malware programs aren't finding it but I know it's must be there or I wouldn't have been able to be hi jacked to the rouge website nor have it download their program. I don't want to keep installing & uninstalling programs, I am using 2 OS and it might be causing even more problems. All of this began when I installed a new HP all-in-one that my browser's went haywire, uninstalled it thoughly and opted for a different one but puter has not been the same since.

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #11 on: April 29, 2009, 03:03:10 PM »
please post the full log - you wrote that you deleted one half...

you can separate it into two posts or you can attach it to your post via clicking the "Additional Options" which are under the textbox where you write a reply...

Sorry :-[ It was the whole log, It mustt have coppied it 2x when I tried to paste. Just ran it again and checked it's what it the same as posted already.

bobo1

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #12 on: April 29, 2009, 03:30:50 PM »
If spybot isnt getting anything. You must have a virus on your computer. Looks like Yahoo virus to me i had this and it was hard to get rid off ended up reformatting. I think it will be best to reformat your computer!! with XP!

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #13 on: April 29, 2009, 03:42:01 PM »
Did you try to do a full scan using Avira AntiVir Rescue System?

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here.
Boot your computer using this disc, do a full scan and let it to remove everything that it find, if it did not anything and you still had problem, it would be mean that you are not infected with anything and your computer need to fix for other problems...
Twitter: OmidFarhangEn - OS: Manjaro KDE

puter illit

  • Guest
Re: WHY IS AVEST LINKED TO YAHOO!!!! HELP!!!!!
« Reply #14 on: April 29, 2009, 04:30:26 PM »
Did you try to do a full scan using Avira AntiVir Rescue System?

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here.
Boot your computer using this disc, do a full scan and let it to remove everything that it find, if it did not anything and you still had problem, it would be mean that you are not infected with anything and your computer need to fix for other problems...

Before I download anything else a Quick Question?
If it's a corrupted IE7 causing the problem, I just got notification from windows to install IE 8 haven't wanted to because it's still in Beta and can more problems than it's worth, BUT do you think it will overwrite any corruption related to Yahoo?????