« previous next »
Pages: [1]   Go Down

Author Topic: Problem with a stubborn virus!  (Read 3510 times)

0 Members and 1 Guest are viewing this topic.

virus_go_away

  • Guest
Problem with a stubborn virus!
« on: July 10, 2009, 12:07:34 PM »
Okay, here we go...
I write this from IE as I can no longer be sure of Mozilla Firefox. I think I have a Trojan or a virus called W32.Firefox(or something like that). The thing is that I have an automatic installation of AVG on my drivers CD and unfortunately all I can do when reinstalling is un-install AVG. This time I've been lazy and let AVG handle to see what it can do. I was terribly wrong as the virus disabled AVG, so then I turned again to avast!. trying to install avast! Pro again I noticed that I actually can't... I get and error at install. I will post a log so if anyone can help, please, it seems to completely control my computer...

Log:
Logged

virus_go_away

  • Guest
Re: Problem with a stubborn virus!
« Reply #1 on: July 10, 2009, 12:09:11 PM »
10.07.2009 12:57:04 general: Started: 10.07.2009, 12:57:04
10.07.2009 12:57:04 general: Running setup_av_pro-537 (1335)
10.07.2009 12:57:04 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
10.07.2009 12:57:04 system: Memory: 58% load. Phys:376516/916976K free, Page:1509808/2220224K free, Virt:2069064/2097024K free
10.07.2009 12:57:04 system: Computer WinName: DEVILMAYCRY
10.07.2009 12:57:04 system: Windows Net User: DEVILMAYCRY\Dante
10.07.2009 12:57:05 general: Cmdline: /sfx /sfxstorage "C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068"  /srcpath "C:\Users\Dante\Desktop" /sfxname "setuprompro"
10.07.2009 12:57:05 general: DldSrc set to sfx
10.07.2009 12:57:05 general: Old version: ffffffff (-1)
10.07.2009 12:57:05 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
10.07.2009 12:57:05 general: Install check: SetupVersion does NOT exist
10.07.2009 12:57:05 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
10.07.2009 12:57:05 registry: Get registry: Software\Microsoft\Internet Explorer\Version=7.0.5730.13
10.07.2009 12:57:05 general: Operation set to INST_OP_INSTALL
10.07.2009 12:57:05 general: GUID: dcde7bfd-a258-4493-af3f-0765a8893cf8
10.07.2009 12:57:05 general: SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
10.07.2009 12:57:05 internet: SYNCER: Type: use IE settings
10.07.2009 12:57:05 internet: SYNCER: Auth: another authentication, use WinInet
10.07.2009 12:57:05 general: Entered SetupProcessPro::Do( INST_OP_INSTALL )
10.07.2009 12:57:05 general: Entered SetupProcessWin32Avast::Do( INST_OP_INSTALL )
10.07.2009 12:57:05 general: Entered SetupProcessWin32::Do( INST_OP_INSTALL )
10.07.2009 12:57:05 general: Entered SetupProcess::Do( INST_OP_INSTALL )
10.07.2009 12:57:19 file: Destination folder: D:\Alwil Software\Avast4
10.07.2009 12:57:19 package: LoadProductVpu: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068\prod-av_pro.vpu
10.07.2009 12:57:19 package: LoadPartInfo: jrog = jrog-14f returned 00000000
10.07.2009 12:57:19 package: LoadPartInfo: news = news-50 returned 00000000
10.07.2009 12:57:19 package: LoadPartInfo: program = prg_av_pro-537 returned 00000000
10.07.2009 12:57:19 package: LoadPartInfo: setup = setup_av_pro-537 returned 00000000
10.07.2009 12:57:19 package: LoadPartInfo: vps = vps-9070700 returned 00000000
10.07.2009 12:57:19 package: LoadProductVpu: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068\prod-av_pro.vpu ended with 00000000
10.07.2009 12:57:19 package: Part prg_av_pro-537 was set to be installed
10.07.2009 12:57:19 package: Part vps-9070700 was set to be installed
10.07.2009 12:57:19 package: Part news-50 was set to be installed
10.07.2009 12:57:19 package: Part setup_av_pro-537 was set to be installed
10.07.2009 12:57:19 package: Part jrog-14f was set to be installed
10.07.2009 12:57:19 package: FilterOutExistingFiles: 160 & 0 = 160
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setif_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setup_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_core set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_dll418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_hlp418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_skins set to 1
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package avscan set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsys set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsysgui set to 1
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vps set to 1
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vpsm set to 1
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package news409 set to 1
Logged

virus_go_away

  • Guest
Re: Problem with a stubborn virus!
« Reply #2 on: July 10, 2009, 12:10:16 PM »
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package jrog set to 1
10.07.2009 12:57:19 package: FilterOutExistingFiles: 160 & 0 = 160
10.07.2009 12:57:19 package: FilterOutExistingFiles: 159 & 0 = 159
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setif_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setup_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_core set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_dll418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_hlp418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_skins set to 1
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package avscan set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsys set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsysgui set to 1
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vps set to 1
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vpsm set to 1
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package news409 set to 1
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package jrog set to 1
10.07.2009 12:57:19 package: FilterOutExistingFiles: 159 & 0 = 159
10.07.2009 12:57:19 package: FilterOutExistingFiles: 160 & 0 = 160
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setif_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setup_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package setup_av_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_core-4d6.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_core set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_dll418-64.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_dll418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_hlp418-219.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_hlp418 set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_pro-348.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_pro set to 1
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: av_pro_skins-14.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package av_pro_skins set to 1
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: avscan-360.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package avscan set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsys-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsys set to 1
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: winsysgui-2.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package winsysgui set to 1
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vps-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vps set to 1
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: vpsm-9070700.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package vpsm set to 1
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: news409-37.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package news409 set to 1
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: jrog-14f.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: SetFullAsMarked: Package jrog set to 1
10.07.2009 12:57:19 package: FilterOutExistingFiles: 160 & 0 = 160
10.07.2009 12:57:19 general: Operation set to INST_OP_INSTALL
10.07.2009 12:57:19 package: FilterOutExistingFiles: 160 & 0 = 160
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
10.07.2009 12:57:19 package: IsFullOkay: setif_av_pro-537.vpu - not okay (doesn't exist)
Logged

virus_go_away

  • Guest
Re: Problem with a stubborn virus!
« Reply #3 on: July 10, 2009, 12:13:16 PM »
It's hell long so I will post the end...

10.07.2009 12:57:21 package: Packages before download
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: av_pro_core-4d6.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\av_pro_core-4d6.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: av_pro_dll418-64.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\av_pro_dll418-64.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: av_pro_hlp418-219.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\av_pro_hlp418-219.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: av_pro_pro-348.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\av_pro_pro-348.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: av_pro_skins-14.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\av_pro_skins-14.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: avscan-360.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\avscan-360.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: winsys-2.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\winsys-2.vpu, returned 0x00000000
10.07.2009 12:57:21 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:21 file: GetFileWithRetry: winsysgui-2.vpu downloaded  and verified
10.07.2009 12:57:21 package: DldPackage: D:\Alwil Software\Avast4\Setup\winsysgui-2.vpu, returned 0x00000000
10.07.2009 12:57:22 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:23 file: GetFileWithRetry: vps-9070700.vpu downloaded  and verified
10.07.2009 12:57:23 package: DldPackage: D:\Alwil Software\Avast4\Setup\vps-9070700.vpu, returned 0x00000000
10.07.2009 12:57:23 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:23 file: GetFileWithRetry: vpsm-9070700.vpu downloaded  and verified
10.07.2009 12:57:23 package: DldPackage: D:\Alwil Software\Avast4\Setup\vpsm-9070700.vpu, returned 0x00000000
10.07.2009 12:57:23 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:23 file: GetFileWithRetry: news409-37.vpu downloaded  and verified
10.07.2009 12:57:23 package: DldPackage: D:\Alwil Software\Avast4\Setup\news409-37.vpu, returned 0x00000000
10.07.2009 12:57:23 internet: Used server: C:\Users\Dante\LOCALS~1\Temp\_av_sfx.tm~a04068
10.07.2009 12:57:23 file: GetFileWithRetry: jrog-14f.vpu downloaded  and verified
10.07.2009 12:57:23 package: DldPackage: D:\Alwil Software\Avast4\Setup\jrog-14f.vpu, returned 0x00000000
10.07.2009 12:57:23 general: setup: updated
10.07.2009 12:57:23 general: setif: updated
10.07.2009 12:57:23 file: SetExistingFilesBitmap: Setting group av_pro_sysx because of existing file C:\WINDOWS\system32\OleAcc.dll
10.07.2009 12:57:23 file: SetExistingFilesBitmap: 1055->7->7
10.07.2009 12:57:23 package: FilterOutExistingFiles: 160 & 7 = 154
10.07.2009 12:57:23 package: Extracting from av_pro_core-4d6.vpu
10.07.2009 12:57:23 file: Direct move of file: D:\Alwil Software\Avast4\images\background.bmp
10.07.2009 12:57:23 file: Installed file:D:\Alwil Software\Avast4\images\background.bmp
10.07.2009 12:57:23 file: Extract: tried to extract 'Aavm4h.dll' from pkg 'av_pro_core' but failed miserably. Error code 0x00000070
10.07.2009 12:57:23 system: Reboot set by changed resident C:\WINDOWS\system32\drivers\aswmon.sys
10.07.2009 12:57:23 system: Error copying driver file C:\WINDOWS\system32\drivers\aswmon.sys (0x00000003)
10.07.2009 12:57:23 system: Reboot set by changed resident C:\WINDOWS\system32\drivers\aswmon2.sys
10.07.2009 12:57:23 system: Error copying driver file C:\WINDOWS\system32\drivers\aswmon2.sys (0x00000003)
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\DisplayName=avast! Standard Shield Support
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\ErrorControl=1
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Type=2
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Start=2
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Parameters\ProgramFolder=\Device\HarddiskVolume2\Alwil Software\Avast4
10.07.2009 12:57:23 system: Reboot set by changed resident C:\WINDOWS\system32\drivers\aswSP.sys
10.07.2009 12:57:23 system: Error copying driver file C:\WINDOWS\system32\drivers\aswSP.sys (0x00000003)
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\DisplayName=avast! Self Protection
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\ErrorControl=1
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\Type=1
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\Start=1
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\Parameters\ProgramFolder=\Device\HarddiskVolume2\Alwil Software\Avast4
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswSP\Parameters\ProgramFolder2=\DosDevices\D:\Alwil Software\Avast4
10.07.2009 12:57:23 system: Reboot set by changed resident C:\WINDOWS\system32\drivers\aswFsBlk.sys
10.07.2009 12:57:23 system: Error copying driver file C:\WINDOWS\system32\drivers\aswFsBlk.sys (0x00000003)
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\DisplayName=aswFsBlk
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\ErrorControl=1
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\ImagePath=system32\DRIVERS\aswFsBlk.sys
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Type=2
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Start=2
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Group=FSFilter Activity Monitor
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\DefaultInstance=aswFsBlk Instance
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance\Altitude=388400
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance\Flags=0
10.07.2009 12:57:23 registry: Set registry: SYSTEM\CurrentControlSet\Services\aswFsBlk\Description=avast! mini-filter driver (aswFsBlk)
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Problem with a stubborn virus!
« Reply #4 on: July 10, 2009, 01:43:54 PM »
You're posting the setup log. The important are the last lines, not the first ones.
AVG Remover can be downloaded here: http://www.avg.com/download-tools

I suggest then an installation from the scratch:

1. Uninstall avast from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall and use it for complete uninstallation. If, for any reason, you can't run it, try booting in Safe Mode and doing it from there.
4. Boot.
5. Download, save and install the latest avast! version. It will be good to accept the boot time scanning on next boot.
6. Boot.
7. Check and post the results.
Logged
The best things in life are free.

virus_go_away

  • Guest
Re: Problem with a stubborn virus!
« Reply #5 on: July 10, 2009, 03:38:14 PM »
Okay, I didn't see so many trojans since my last encounter with Vundo... It was all over the place...
Here's the log:

CmdLine - quick
aswBoot.exe /A:"*" /L:"Romanian" /KBD:2
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=D:\Program Files\Alwil Software\Avast4\DATA
PROG=D:\Program Files\Alwil Software\Avast4
BUILD=1335
Microsoft Windows XP Service Pack 3
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
cmnbInit
SetFolders
SetFolders end
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"Romanian" /KBD:2
CmdLine end
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,52,00,6F,00,6D,00,61,00,6E,00,
69,00,61,00,6E,00,22,00,20,00,2F,00,4B,00,42,00,
44,00,3A,00,32,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 2
s_dwKbdClassCnt: 2
InitKeyboard end
FreeMemory: 713060352
avworkInitialize
NtSetEvent(g_hInitEvent) - 2
GetKey
FreeMemory: 635953152
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *RAW:C:\  [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:D:\  [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:E:\  [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0

I don't know how it will help since I don't get a thing but it resolved almost all my problems, except one... A file in Temp called "5t34my.bat" that tries to start everytime I start Windows. And also at start-up I noticed that Calculator starts 3 times, but I don't start it...
EDIT: The 5t34my.bat was tested for about 4 times, no virus...
« Last Edit: July 10, 2009, 05:18:12 PM by virus_go_away »
Logged
Pages: [1]   Go Up
« previous next »