Virus Blocking Avast

[YoKenny]

So Objects scanned: 410993 seems like an awful lot of objects and with only a P4 CPU 2.40GHz explains the slowness of the scan and the hard drive specifications are probably slow as well.

Did you let MBAM get rid of the infections like?
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

[Sirconversation]

YoKenny@  Yea thanks...

I allowed MBAM to quarantine and delete those files.... Same issue with the Avast ashe screen to launch as well as IE 7/8 to complete Reinstall   ....

Yea Running a 2.40 GHz Plenty Of ram added The  Pc isn't set for High Performance more day to day convenience  and Moderate Applications ...  From what I've been reading and browsing... seems like Microsoft is letting a few more things affect XP to help promote upgrades to vista or windows 7 ... More like Promoting Mac's

Should i Uninstall Avast Completely or run a repair install from the main site? 
Or what Options are left to Get Avast to run correctly and without the "Access Denied" aspect and to Regain IE 7/8 to properly Install ??

Thanks

[Lisandro]

Should i Uninstall Avast Completely or run a repair install from the main site? 

Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
If this does not help, can you uninstall / boot / install / boot again?

Or what Options are left to Get Avast to run correctly and without the "Access Denied" aspect and to Regain IE 7/8 to properly Install ??

Some access denied errors could be avoided running avast at boot time (schedule it).

[Sirconversation]

@DeliriousGA... Thanks.. Glad to hear u got that partially Resolved... But Formatting at this point wouldn't be a Option for me at this point... Be free to let me know if you come across any Nuggets of info that  resolved or corrected your issue  thanks.

[Sirconversation]

@Tech........ Thanks alot

I've attempted a Repair using that method when i initially came across the issue... But i have not Tried that since i used MRAM so i will try that as soon as i complete this other scanner i was referred and with the 2.40GHz processing i should be finishing sooner then later hopefully since i'm not running a Light Speed Pc at this time lol...  After its complete i shall restart after the repair has initiated it.

As for the boot scan.... I am unable to launch the display which schedules the Boot scan after the memory test.... after the intial memory test the " Access Denied " pops up and then advises to press ok and closes the Display.... After a few restarts i am able to get in and schedule a boot scan... which takes about 2-3 hrs with my current configuration


So after posting the results of the next scan .... i shall restart after the "Repair option"
then try the  " Uninstall /boot / install /boot again "

I greatly appreciate the Help ...

[Lisandro]

As for the boot scan.... I am unable to launch the display which schedules the Boot scan after the memory test.... after the intial memory test the " Access Denied " pops up and then advises to press ok and closes the Display.... After a few restarts i am able to get in and schedule a boot scan... which takes about 2-3 hrs with my current configuration

Just run (with admin rights): C:\Program Files\ALWIL Software\Avast4\sched.exe /A:"*" /archives

[micky77]

Regarding IE, does it install, but fails to browse ? Or fail to install.?There are several more scanners/tools you could try

Run this in safe mode http://www.freedrweb.com/cureit/

This runs in safe mode by default  http://www.bleepingcomputer.com/forums/topic131299.html

Online scanners http://housecall.trendmicro.com/uk/

http://www.eset.com/onlinescan/

http://www.kaspersky.co.uk/virusscanner

I could not see anything obvious in the HJT log, see if anything is found by the scanners

[Sirconversation]

Recently Ran the Avast Cleaner and here are the Results


avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Downloads\aswclnr.log

7/15/2009, 2:21:48 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (32.2s).
----------
Files scanning started...
C:\Documents and Settings\ Work.Hm.Pc\Application Data\Mozilla\Firefox\Profiles\x928iapl.default\places.sqlite-journal... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\etilqs_DErOJ8WFIZT0PkQpYXrt... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\Perflib_Perfdata_b80.dat... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\Perflib_Perfdata_bbc.dat... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished  (323698 files, 0 infected, 7308.6s).
Drives scanned: C:
----------

[Sirconversation]

@micky77.......

IE Fails to Install Completely .....Advises Unable to install... Restart Pc and right Click trouble shoot from the IE shortcut on my Desk Top... Which is no longer there Due to me deleting IE8 to install IE7.... in an attempt to Run Onecare Online scanner to resolve the Issue .... I will Attempt the Online scanners first... I'm currently Running active scan 2.0 from pandasecurity  . I didn't want to down load too many anti virus programs back to back  and have them trip over each other... So i would run in sequential order and track the results from there

I did try housecall.trendmicro.com/uk/  since that was one of the first and most familiar  scanners i came across and that was also how i was able to recognize Koobface quicker

So i will retry and appreciated

[micky77]

I have seen Koobface removed successfully with the programs you have used ( mbam and sas ) Possibly your problem lies deeper. I think its worth trying the Drweb, (safe mode ) SDfix  and Avira rescue disc ( even if not from a clean pc ) All three have some degree in rootkit exposure. ( not that I am saying you have a rootkit )

[YoKenny]

Running AOHell bloatware is another way to slow down a system.

BroadJump Client Foundation is a big bloated application that is part of AOhell I believe: 
http://www.auditmypc.com/process/cdf.asp
http://forums.techarena.in/networking-security/1195648.htm

[Sirconversation]

@micky77

i did have a Rootkit ... i thought i had gotten them all in some prior scans prior to this issue

After my restart and bootscan avast located & advised was infected
C:Documents and Setting\ Guest \Local\Setting\Temp\TFR8.tmp
Infected By win32:Rootkit - Gen [rtx]

i wrote that down from the boot scan options and advised it to delete.

I will try Drweb  & post the results .... finished up a few of the other scans after a few hrs and boot scans and all so came back clear for a bit .... but my avast  latent sensor did go off right before i wrote this reply for 3 diff tmp files

Here is a recent avast log list
Task 'Resident protection' used
* Started on Wednesday, July 08, 2009 2:41:40 PM
* VPS: 090708-0, 07/08/2009
*

C:\WINDOWS\system32\iehelper.dll [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest...
C:\DOCUME~1\TARRIC~1.WAL\LOCALS~1\Temp\installb[1].exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\wfcdqr[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\flvjj[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\fcdzd[1].htm [L] Win32:Tiny-II [Trj] (0)
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...

*
* Task stopped: Saturday, July 11, 2009 6:18:20 PM
* Run-time was 3 day(s), 3 hour(s), 36 minute(s), 40 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 6:41:08 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:07:29 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:12:26 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:16:00 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:21:16 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:28:29 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:33:42 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:40:18 PM
* VPS: 090710-0, 07/10/2009
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:56:10 PM
* VPS: 090710-0, 07/10/2009
*

C:\WINDOWS\SYSTEM32\WBEM\proquota.exe [L] Win32:Trojan-gen {Other} (0)
File was successfully deleted...
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MXYS876U\be.15[1].exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...
C:\DOCUME~1\Guest\LOCALS~1\Temp\vcru_1247360817.exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...

*
* Task stopped: Sunday, July 12, 2009 10:01:13 PM
* Run-time was 1 day(s), 2 hour(s), 5 minute(s), 3 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:54:49 AM
* VPS: 090712-0, 07/12/2009
*


*
* Task stopped: Monday, July 13, 2009 2:10:26 AM
* Run-time was 15 minute(s), 37 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:12:03 AM
* VPS: 090712-0, 07/12/2009
*


*
* Task stopped: Monday, July 13, 2009 2:12:24 AM
* Run-time was 21 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:06:06 PM
* VPS: 090712-0, 07/12/2009
*


*
* Task stopped: Monday, July 13, 2009 1:23:23 PM
* Run-time was 17 minute(s), 17 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:24:46 PM
* VPS: 090712-0, 07/12/2009
*


*
* Task stopped: Monday, July 13, 2009 2:13:13 PM
* Run-time was 48 minute(s), 27 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:14:35 PM
* VPS: 090713-0, 07/13/2009
*


*
* Task stopped: Monday, July 13, 2009 2:31:42 PM
* Run-time was 17 minute(s), 7 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:33:18 PM
* VPS: 090713-0, 07/13/2009
*

C:\WINDOWS\nbron_1247513665.exe [L] Win32:LdPinch-CYW [Trj] (0)
File was successfully deleted...

*
* Task stopped: Monday, July 13, 2009 4:48:49 PM
* Run-time was 2 hour(s), 15 minute(s), 31 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 4:50:26 PM
* VPS: 090713-0, 07/13/2009
*


*
* Task stopped: Monday, July 13, 2009 5:01:34 PM
* Run-time was 11 minute(s), 8 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 5:02:57 PM
* VPS: 090713-0, 07/13/2009
*


*
* Task stopped: Tuesday, July 14, 2009 3:53:55 PM
* Run-time was 22 hour(s), 50 minute(s), 58 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 3:55:23 PM
* VPS: 090714-0, 07/14/2009
*


*
* Task stopped: Tuesday, July 14, 2009 5:14:34 PM
* Run-time was 1 hour(s), 19 minute(s), 11 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 5:16:04 PM
* VPS: 090714-0, 07/14/2009
*


*
* Task stopped: Tuesday, July 14, 2009 5:22:26 PM
* Run-time was 6 minute(s), 22 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 9:01:12 PM
* VPS: 090714-0, 07/14/2009
*


*
* Task stopped: Wednesday, July 15, 2009 5:54:05 AM
* Run-time was 8 hour(s), 52 minute(s), 53 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 5:55:35 AM
* VPS: 090714-0, 07/14/2009
*


*
* Task stopped: Wednesday, July 15, 2009 7:03:58 PM
* Run-time was 13 hour(s), 8 minute(s), 23 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 10:47:05 PM
* VPS: 090715-0, 07/15/2009

[Sirconversation]

@YoKenny.....  Yea i got rid of AOHell bloatwar   i didnt see much use in it but didnt see any harm in it either but gone now  Thanks