Author Topic: Virus blocking updates to Avast & access to other antivirus sites  (Read 5818 times)

0 Members and 1 Guest are viewing this topic.

Offline risachantag

  • Newbie
  • *
  • Posts: 6
Hi, I'm having trouble with a virus that affects my internet access by blocking access to some antivirus websites and updates to Avast. It also sometimes redirects ordinary websites to advertising pages.

I've tried running the following programs as well:
Malwarebytes
Spybot
StopZilla
Spyware Terminator
McAfee

...but no luck in finding the problem, so I'm rather at a loss. I've also tried deleting my hosts file and turning off dns caching.

Does anyone know how to deal with this kind of virus? I'd very much appreciate any help with this.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 38422
  • Dragons by Sasha
    • Malware fixes
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #1 on: June 20, 2010, 03:33:52 PM »
Hi lets see wht you have

GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"  
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

Offline itsthemommy

  • Newbie
  • *
  • Posts: 7
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #2 on: June 20, 2010, 06:16:39 PM »
This is what I found

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 38422
  • Dragons by Sasha
    • Malware fixes
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #3 on: June 20, 2010, 06:49:25 PM »
Hi I notice that Norton is still running on your system, this is not the cause of the problem but it may be contributing to it

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]
:OTL
O4 - HKU\S-1-5-21-1869406785-3620054844-2564089581-1000..\Run: [20423314] C:\ProgramData\20423314\20423314.exe File not found
[2010/04/06 15:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\20423314

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Offline itsthemommy

  • Newbie
  • *
  • Posts: 7
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #4 on: June 20, 2010, 09:03:07 PM »
Ok...ran both...Combo fix has frozen while preparing log report.  Atttached the OTL log.  Norton was removed, 4 months ago due to a renewal issue and was causing a similar issue.  It resolved when removed.  Surprised there are still bits present.  I am replying from my computer the nfg one is beside me.  Will post the Combo fix log as soon as I am able to.  Thanks for your help....hopefully this will resolve the issue.  BTW, was able to install Microsoft Essentials and it was allowed internet access to update but any browser was not able to connect.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 27784
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #5 on: June 20, 2010, 09:15:16 PM »
You will find the Norton removal tool here. Nr.24a  http://uninstallers.blogspot.com/
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 38422
  • Dragons by Sasha
    • Malware fixes
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #6 on: June 20, 2010, 09:49:58 PM »
Could you run combofix from safe mode please

Offline itsthemommy

  • Newbie
  • *
  • Posts: 7
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #7 on: June 21, 2010, 12:14:42 AM »
SUCCESS....now able to browse.  Shut down for about a 1/2 hr  after running norton removal tool and she went. Combo fix ran, but was unable to create log.  Thanks for all your help.  Will keep you posted if anything else fails, but for now, looking good

Offline risachantag

  • Newbie
  • *
  • Posts: 6
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #8 on: June 21, 2010, 04:33:15 PM »
Okay, I've now got logs for ComboFix and Gmer, but the Gmer one appears to be too large to attach so I've just included the ComboFix one with this post.

Thanks for the help so far! Please let me know if you guys find anything.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 38422
  • Dragons by Sasha
    • Malware fixes
Re: Virus blocking updates to Avast & access to other antivirus sites
« Reply #9 on: June 21, 2010, 09:06:24 PM »
The CF log looks good -and from the deletions that I have done it seems that Norton was your problem

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done


    Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall

    Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

    We will now confirm that your hidden files are set to that, as some of the tools I use will change that
    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Do not show hidden files and folders.
    • Click Yes to confirm.
    • Click OK.

    SPRING CLEAN
     
    Download and run Puran Disc Defragmenter

    Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
    Keep safe  :wave:

    Offline itsthemommy

    • Newbie
    • *
    • Posts: 7
    Re: Virus blocking updates to Avast & access to other antivirus sites
    « Reply #10 on: June 22, 2010, 02:16:03 AM »
    Thanks so much....all squeaky clean! ;D

    Offline risachantag

    • Newbie
    • *
    • Posts: 6
    Re: Virus blocking updates to Avast & access to other antivirus sites
    « Reply #11 on: June 22, 2010, 11:49:21 AM »
    Essexboy, was your last post in response to itsthemommy? Unfortunately, I'm still having the same problems (URLs redirected) and Avast isn't updating.

    I've uploaded the Gmer.log to my website, as it appears to be too large to attach here. The address is: http://www.lisa-rye.com/DA/Gmer.log

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 38422
    • Dragons by Sasha
      • Malware fixes
    Re: Virus blocking updates to Avast & access to other antivirus sites
    « Reply #12 on: June 22, 2010, 09:20:12 PM »
    Could you download and run this programme please so that I can get a better look

    Download OTL  to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Check the box that says Scan All Users
    • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Post both logs

    Offline risachantag

    • Newbie
    • *
    • Posts: 6
    Re: Virus blocking updates to Avast & access to other antivirus sites
    « Reply #13 on: June 23, 2010, 05:20:01 PM »
    Okay, I've attached the logs.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 38422
    • Dragons by Sasha
      • Malware fixes
    Re: Virus blocking updates to Avast & access to other antivirus sites
    « Reply #14 on: June 23, 2010, 09:26:52 PM »
    On completion of this can you let me know what problems remain

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: [Select]
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2485
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2485
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1060284298-926492609-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    .
    THEN

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.