Author Topic: I'm confused about avast (Read 27690 times)

bexar656 · « **on:** January 19, 2010, 09:00:10 PM »

I ran avast standard last night and it said "no virus found." Then this morning I get three warnings that I have a Trojan Horse. Shouldn't running avast have picked them up. Did they just come up last night. Also I now am getting repeated messages when on the internet, "this program has been shut down to protest your computer." Any advise as to what's going on. Do I have a virus that's messing things up?

mikaelrask · « **Reply #1 on:** January 19, 2010, 09:25:30 PM »

hey and welcome to the forum.

suggestion 1: is the avast running at all on your computer? if not try to repair avast by clicking on the controlpanal> add and remove programs> scroll down to avast and hit uninstall and select the option to repair and hit ok. what was the files that was detected as trojans and what did you do with them?.

suggestion 2: only if you get the avast running do a boot scan. http://www.schmahl.net/avastbootscan.php ,otherwise move on with step 3

suggestion 3: sound like you can have that i suggest you run a scan with MBAB and/or SAS

http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/

good luck and write back if you need help or getting problems

Tarq57 · « **Reply #2 on:** January 20, 2010, 12:33:29 AM »

Quote from: bexar656

"this program has been shut down to protest your computer."

What program was the message referring to?

bexar656 · « **Reply #3 on:** January 20, 2010, 03:45:18 AM »

I followed your first suggestion and did remove, repair. It then ran and said, "The product was successfully updated." I then ran a boot scan. When it finished it said something about Trojan Horse but was off the screen before I could read it. It gave me ten keys to select from and I choose Repair all and it says. "File was not repaired." So I did, "Move all to chest." and it said, "Error, Status-Device-Data-Error." I tried both several times with the same results. My next step is to run the other two scans you suggested, MBAB and SAS. Here are the virus I now have in my Chest.

SSHNAS21.DLL C:\Windows\System2 Win32:Trojan-gen
WCX.exe C:\NOCUME\User " " "
WCX.exe Locals~\Temp Win32:Fake V-A...
Kernel32.dll C:\Windows\System32
Winst ock.dll " " "
Winstock32dll " " "

The message "This program will close is all in the Internet, e-mail and other things I'm opening. Only Internet.

Tarq57 · « **Reply #4 on:** January 20, 2010, 04:35:36 AM »

Do you have Word Converter installed?

The posted information about what is in your chest:
Is that copied and pasted by the computer, or did you type it in? It doesn't look quite right. Could "Winst ock.dll" actually be "winsock.dll"?
Are you looking in the "infected files" area of the chest, or the "all files" section? You should only be looking in the infected files section.

Quote

The message "This program will close is all in the Internet, e-mail and other things I'm opening. Only Internet.

I still do not understand this.
In the top of the dialogue window indicating the program has been closed will be an actual process name. I would like that name, please. (It will be something like "IE8.exe", or "explorer.exe".)

Can we also see the MBAM and SAS logs, please?
Post them as a text attachment in your reply. (To attach, see "Additional Options" at the lower left of the forum reply window.

bexar656 · « **Reply #5 on:** January 20, 2010, 07:04:08 PM »

No I don't have Word Converter installed. Yes I typed it in. Winst ock.dll is Winstock.dll, my error. Yes I"m only looking in the infected area. But now all but one that I listed before are gone and they have been replaced by seven different ones. I got warnings last night and kept moving them to the chest. I'll have to wait untill I get another "Program will close" to let you know what name it says. It hasn't done it today at all. I'll have to get back to you on the logs later today. Thanks

bexar656 · « **Reply #6 on:** January 20, 2010, 11:52:15 PM »

I just tried to attach MBAB and SAS logs but it said that the attachments are to large. I don't know what to do about it. But here is the log from MBAB.

Trojan.Agent File C:\Windows\msa.exe
Trojan.FakeAlert Hkey_Current_User\SoftWare\xml

The SAS has a ton of items listed as Prosessing or Remove. I am still getting Warnings and now have 15 virus in the avast chest.

Tarq57 · « **Reply #7 on:** January 21, 2010, 07:48:25 AM »

With the MBAM log, if it is too large to attach (unusual), copy and paste the log into two or more forum posts. Same with the SAS log.
What you've posted above isn't a log, it's a couple of entries, which of themselves only offer limited information.

So just in case you don't know how to, open MBAM, select the "logs" tab near the top middle of the interface, select the appropriate (normally most recent) log, double click it. It will open. And look a bit like what I've attached, an edited version just for demonstration as to how it should look.

bexar656 · « **Reply #8 on:** January 21, 2010, 10:01:55 PM »

Here is from MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 2987
Windows 5.1.2600 Service Pack 3

1/8/2010 8:08:07 PM
mbam-log-2010-01-08 (20-08-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 336821
Time elapsed: 1 hour(s), 33 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

bexar656 · « **Reply #9 on:** January 21, 2010, 10:09:23 PM »

As for SAS all that opens is Run a scan, Schedule a scan, Update, etc. No log shows anywhere.

Tarq57 · « **Reply #10 on:** January 21, 2010, 10:39:16 PM »

Try updating MBAM and run a quick scan again, please post the scan report.

bexar656 · « **Reply #11 on:** January 22, 2010, 12:47:14 AM »

By post the scan report do you mean the Log. I don't see anything that says Report. I updated MBAM and am running a full scan again. Also should I leave all the viruses that I now have in the avast chest. I haven't had the message saying "this program will close" for a couple of days and haven't had any Warnings since yesterday.

Tarq57 · « **Reply #12 on:** January 22, 2010, 01:09:31 AM »

Yes, I do mean the log. (The scan report will open at the conclusion of a scan. Once closed, it becomes part of the log. So, same same but different.)
A quick scan would probably have been adequate, but that's ok.

We'll have a look at the Avast chest after this.

bexar656 · « **Reply #13 on:** January 22, 2010, 03:56:06 AM »

Here is the latest log.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2010 8:45:43 PM
mbam-log-2010-01-21 (20-45-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 347151
Time elapsed: 2 hour(s), 50 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Tarq57 · « **Reply #14 on:** January 22, 2010, 11:44:12 AM »

The three items detected are reg keys, which means basically they are the settings for how a now cleaned up malware would have run, were it still installed.
Run a quick scan again, but this time at the conclusion, when those three entries appear again, select the entries, and in the diaplogue window select "remove selected" and allow MBAM to remove them. (They will go to the MBAM quarantine.)
They are best removed, but of themselves are no immediate threat. (Unless you encounter that particular malware again.)
Please do that, and post the report again.

How is the computer running?

Author Topic: I'm confused about avast (Read 27690 times)

bexar656

I'm confused about avast

mikaelrask

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast

bexar656

Re: I'm confused about avast

Tarq57

Re: I'm confused about avast