Author Topic: Antivirus Pro 2010 not detected by Avast Home  (Read 51792 times)

0 Members and 1 Guest are viewing this topic.

Dch48

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #75 on: October 15, 2009, 10:14:20 AM »
In IE8, I don't think you can block scripts, but the Smart Screen filter is pretty good at detecting bad sites. You have to install an addon for Firefox to do it, but by blocking scripts you may lose parts of pages or the pages may not load at all.
« Last Edit: October 15, 2009, 10:16:12 AM by Dch48 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #76 on: October 16, 2009, 06:59:38 PM »
I am just about to go on holiday but do the following it should clear the majority

Please save this file to your desktop

THEN

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. 

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.  Please open it with notepad and post the contents here.


FINALLY

Download Combofix from any of the links below. You must rename it before saving  rename it to Gotcha before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Sorry, I was busy these past days.

I was able to do the first thing, however when I did the second thing, renaming that before downloading it, whenever I double click it, it opens up for like a millisecond then shuts down.

Anyway the Win32Diag report won't fit on here. It's too long. Should I email it to you?

Hi I am back from my holiday now - if you could upload the win32diag to mediafire, I may have to kill a file another way once I see which one it is

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #77 on: October 16, 2009, 07:16:50 PM »
Ok, I'll upload it somehow and see if it helps...by the way do you think you know why I can't do the second thing? When I rename it and save it as something else, and then I go to it's location and double click it, it opens up of a millisecond then shuts. Tried it several times and same thing.

By the way for anyone, I looked into my AOL Explorer settings and the option to "block ActiveX and Javascript" was there. Is this the same as script blocking? Also, I'm not exactly sure why Firefox with no script has to disable "parts" of websites and not load them. In fact I don't think I quite know what scripting as per the internet is...

I thought when there was a bad site, Firefox, with or without no-script, will say "this is a malicious site! Enter at your own risk" etc.

Also, what is the setting on IE that displays a text bar above asking if you want to download whatever it is you want to download? (when you click yes, it reloads the page and lets you download your file).

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #78 on: October 16, 2009, 07:39:54 PM »
Aye one of the system files is infected and blocking Combofix from running

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #79 on: October 18, 2009, 03:44:41 AM »
Won't go past 1% on mediafire, tried even 3 computers with wired and wireless connections.

Can I have your email (or you can make any old one just to see the file) and let me send it to you? Or maybe something other than mediafire.

Also if it's possible can you tell me where to check on an antivirus program, such as symantec antivirus, if it has script blocking? I can't tell if my symantec has this feature. If an AV has script blocking how would I find out and where does it usually say?

Thanks.
« Last Edit: October 18, 2009, 08:41:07 AM by Meteora »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #80 on: October 18, 2009, 01:16:11 PM »
Ok I will get another programme for you that should show the data I require, and I will PM you my E-Mail

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll
%systemroot%\*. /s /r

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #81 on: October 23, 2009, 12:00:50 PM »
Dear All,

I am sorry if not in details,

But as for your information that our clients have infected with Antivirus Pro 2010 event our clients already have ADNM with NetClient and NetServer for paid licenses.

Is there any other solution from avast team for this issues?
 :'( :'( :'(

Regards,
Yanto Chiang
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #82 on: October 28, 2009, 02:06:43 AM »
Ok I will get another programme for you that should show the data I require, and I will PM you my E-Mail

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll
%systemroot%\*. /s /r

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Yeah man...the damn virus shut it down. It was doing it for like 15 seconds and then all of a sudden.............bam.

I re-double clicked it but gave the usual error message, that I'm not allowed to access the file or something. You see the virus did something apparently in the registry or some high level of system in my computer that prevents these kinds of things from running. Come to think of it I'm not so sure how my mom's friend is going to deal with this virus, that is irremovable if you try to remove it on it's own territory, this Windows.

I read I could just edit some particular things in the registry and get rid of it, but heard it was risky so I'm going to rely on the guy this time. Going to send it to him in less than a week.

By the way I sent you the only thing I was able to do, the win32kdiag file.
« Last Edit: October 28, 2009, 02:13:10 AM by Meteora »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #83 on: October 28, 2009, 08:28:39 PM »
OK lets start to kill, please follow these steps in order.  Delete the copy of combofix that you have as I will need you to use the latest version.


THEN

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. 

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.  Please open it with notepad and post the contents here.


NEXT

Download Combofix from any of the links below. You must rename it before saving  rename it to Gotcha before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #84 on: October 31, 2009, 06:48:07 AM »
Yeah again...it didn't let me do the second part. I'm starting to lose hope now, I'm supposed to send it to the guy tomorrow but I'm not sure if he'll be able to remove it. my CD drive can't even work to boot from a CD with and OS and AV on the CD. Heard I could boot from a USB drive but anyway I will give it to the guy and see what he can do...definitely transerfering all my valuable data to my laptop though, in case anything goes wrong.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #85 on: October 31, 2009, 04:29:14 PM »
You appear to have the new variant - I am currently working one similar to this on another forum

I had more success on that one using AVZ - that allowed me to clear some of the problem areas.  This one appears to attack the IFEO area of the registry and invokes a malware SVCHOST process from windows

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window:
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.

  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.
When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.

  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
If you could upload both zip files to meadiafire if you wish to continue

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #86 on: October 31, 2009, 08:14:42 PM »
Well it's over at his house now, I was kinda losing patience and went and did it. Oh well, that's a lack of patience for you. If he couldn't fix it I will do what you suggested...or I can do it over at his house, whichever one. Damn viruses to hell.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #87 on: October 31, 2009, 10:40:21 PM »
These malware variants are becoming harder to kill in one sweep, as we find a way to kill it they come up with a different variant.  So we have to start all over again searching for the weak points.  It is a never ending battle

Meteora

  • Guest
Re: Antivirus Pro 2010 not detected by Avast Home
« Reply #88 on: November 02, 2009, 01:20:28 PM »
Hey, thanks for all your help man. ;D I'll definitely come back here in the future, as you seem very insistent in helping people. Some people just like to shove links with articles and other links in them; thanks god you're not one of them.

I was wanting to do that last thing you have up there, but that was posted after I sent it to the guy and, while I was there today, I tried doing it but it turns out, the damn virus, disabled connecting with a wired connection and only enables wireless, and I didn't have my wireless adapter while I was there, so I couldn't connect with my computer. I could have probably created a "new" wired connection on the connected pc, but I never really did that before. Your last post seemed like something that wouldn't removed it, or it may not have been successful.

It was also possible, I guess, to download whatever it is I needed to download from you from his computer, put it on a usb then transfer it to the computer with problems. However the ideas weren't too appealing to him and I kinda let me computer go...either way I have all my personal valuable data transferred to my laptop, so I have to make a copy of that back on the desktop PC as well as get drivers on the Dell site for my Windows xp.
« Last Edit: November 02, 2009, 01:25:24 PM by Meteora »