Author Topic: Avast! Pro Antivirus shuts off when virus attacks it.  (Read 16679 times)

0 Members and 1 Guest are viewing this topic.

Offline Mike9812

  • Newbie
  • *
  • Posts: 7
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #15 on: May 24, 2010, 01:28:01 AM »
The free version I mean..update it fully and do a full scan with it and post the log here for people to help u!
Here is the log with the rogue (Mysecurityengine)
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4091

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

5/22/2010 3:12:06 PM
mbam-log-2010-05-22 (15-12-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 14987
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my security engine (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #16 on: May 24, 2010, 02:27:07 AM »
Just a question, are you using the 5.0 version of avast? Because avast is supposed to be resistant to malwares that tried to shut it down...

Maybe you got a window like this: http://help.artaro.eu/images/general/avastfree70.jpg and you clciked "Yes", not knowing what it was otherwise if you're using v5.0 and didn't get thhe window then I think it should be checked out as something went wrong in the process...

Al968

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1436
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #17 on: May 24, 2010, 02:49:18 AM »
The free version I mean..update it fully and do a full scan with it and post the log here for people to help u!
Here is the log with the rogue (Mysecurityengine)
--------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4091

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

5/22/2010 3:12:06 PM
mbam-log-2010-05-22 (15-12-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 14987
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my security engine (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Any changes after removing these?

Offline superhumanbean

  • Poster
  • *
  • Posts: 414
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #18 on: May 24, 2010, 03:23:08 AM »
Did you enable the avast! Self-defense module in Settings?
Windows 10 Pro 64-bit / Intel Core i7-7700HQ CPU / 16 GB RAM / Avast Ultimate / MBAM Free

Offline Mike9812

  • Newbie
  • *
  • Posts: 7
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #19 on: May 24, 2010, 03:31:28 AM »
Did you enable the avast! Self-defense module in Settings?
Umm not sure.

Offline Billj324

  • Newbie
  • *
  • Posts: 1
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #20 on: June 10, 2010, 04:19:34 PM »
Ok, I'm first time user of this forum, and I have been reading this thread.
My background:
computer tech for last 15 years.
I just got infected for the first time since Nov 2005
I browsed to a site w firefox, nothing popped up, but the computers CPU use hit 100% then bam: the dreaded "anti-spyware" MSG.  No, I did not click on anything.  This gentalman here got this somehow, but to sway from judgement, he may be correct.  As with all my clients.  Out of the last 5 infections I've cleaned, 4 claim not to have clicked on anything but a link.

I have all my clients on Avast.  I have stuck by them, but now I'm looking into other antivirus providers.  These attacks make me good money, but I can't in good conscience keep allowing this to happen.
I'm also moving to chrome on all browser based on the pwn2own results.  Even if it a new browser and we haven't seen it for long enough, it still has the fewest exploits. Especially from this distructive and easy attack.


 Avast: I and my associates here in Tucson Az have sold hundreds of licenses for you, for over 5 years.  Find a resolution to this "grayware" issue ( this wasn't grayware). As of today, my loyalty changes - if you want to keep my business, act now; in one year all of my clients will be switched.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #21 on: June 10, 2010, 06:34:41 PM »
Quote
As with all my clients.  Out of the last 5 infections I've cleaned, 4 claim not to have clicked on anything but a link.

Yeah, but that's not "I didn't do anything".  They clicked the link.  A script ran on access to the site, and malware installed.

Please, I'm not starting a flame war here, I totally agree with you that the A/V or whatever else you have installed to stop these threads should have done so before it got installed on the machine.

I'm more or less directing this towards the OP.  He stated that he didn't do anything with the computer for a long time, and when he started it up, it had malware.  Obviously, something was done to get the virus in the first place, be it visiting a website, plugging in an infected flash drive, or whatever else.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline superhumanbean

  • Poster
  • *
  • Posts: 414
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #22 on: June 11, 2010, 02:03:18 AM »
Ok, I'm first time user of this forum, and I have been reading this thread.
My background:
computer tech for last 15 years.
I just got infected for the first time since Nov 2005
I browsed to a site w firefox, nothing popped up, but the computers CPU use hit 100% then bam: the dreaded "anti-spyware" MSG.  No, I did not click on anything.  This gentalman here got this somehow, but to sway from judgement, he may be correct.  As with all my clients.  Out of the last 5 infections I've cleaned, 4 claim not to have clicked on anything but a link.

I have all my clients on Avast.  I have stuck by them, but now I'm looking into other antivirus providers.  These attacks make me good money, but I can't in good conscience keep allowing this to happen.
I'm also moving to chrome on all browser based on the pwn2own results.  Even if it a new browser and we haven't seen it for long enough, it still has the fewest exploits. Especially from this distructive and easy attack.


 Avast: I and my associates here in Tucson Az have sold hundreds of licenses for you, for over 5 years.  Find a resolution to this "grayware" issue ( this wasn't grayware). As of today, my loyalty changes - if you want to keep my business, act now; in one year all of my clients will be switched.

No Antivirus product will offer 100% detection. That's a fact. But that's why avast introduced the sandbox/process virtualization in their paid versions. It contains all threats, so only the virtual 'computer' will be infected. Then when you close the browser you wipe out all the contents so your real system doesn't get infected. Were you browsing in a sandboxed browser?
Windows 10 Pro 64-bit / Intel Core i7-7700HQ CPU / 16 GB RAM / Avast Ultimate / MBAM Free

Offline bo.elam

  • Jr. Member
  • **
  • Posts: 96
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #23 on: June 11, 2010, 04:53:47 AM »
Its easy to prevent this type of infection. If you use AIS then use the Sandbox
like GloobyGoob suggested and if you are using the free version then use Sbxie
and you ll never have to worry about this type of infections. All AV are terrible
against Rogues, and I mean all of them so do yourself a favor and start using
one or the other.
Bo

Offline bluscarab

  • Newbie
  • *
  • Posts: 1
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #24 on: October 11, 2010, 01:09:50 AM »
I know this is old thread but after fixing 25+ PCs with these variants I have found a way to fix. All of the above threads only work partially. In fact, new variants as of September auto shut down malwarebytes, superantispyware full and portable, removefakeav 1.69, mcafee stinger, and pretty much bypasses or disables all commercial AV products like Trendmicro, AVG Pro, AVastPro, Panda, Norton and Nod32. The signs of infection are clicking a link from a normal google search and ending up in a web page of another search engine showing additional links or ending in a web page of an irrelevant topic. Secondary signs are running superantispyware portable and having it shut down automatically during scan or trying to launch malwarebytes and nothing happens.

Fix: uninstall current antivirus software (which doesnt work anyway) and download AVG free, superantispyare free and portable and malwarebytes. if possible, download the ***manual updates*** for each of these. it'll take a few attempts to get to these web pages as the rogueware will try to divert your searches. after downloading these files, install them but do not start or update the programs. instead, reboot into safe mode without network connection and then run a full sweep starting with superantispyware installed version, then malwareybtes. if software says needs to reboot to remove and you havent finished the sweep with the other software, reboot but go straight back into safe mode.

After both software sweeps are finished, reboot normally and run the superantispyware portable. if the portable shuts down automatically during its scan, you are still infected. also, malwarebytes will not start. most of the rogueware will have been removed however, so run AVG full clean and then test with portable again. system should be free of rogueware.

EDIT*: this rogueware appears to be able to jump computers on the same network if there are loose permissions - even computers that are governed by domain controllers. before purging these nasties, unplug the network cable or wireless antenna. hope this helps someone.
« Last Edit: October 11, 2010, 01:17:00 AM by bluscarab »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11143
  • No support PM's thanks
Re: Avast! Pro Antivirus shuts off when virus attacks it.
« Reply #25 on: October 11, 2010, 08:12:43 AM »
Fix: uninstall current antivirus software (which doesnt work anyway) and download AVG free. Why in the world should the op install avg? if this rogue was able to bypass avast im pretty sure that it would probably do the same with avg, plus the op  had originally said in the first post that he removed the rogue with malwarebytes anyway. No av is 100% safe and that's why a layered approach to security is best so to have malwarebytes pro running in realtime with avast would be a much better soloution imo and a decent firewall.