Author Topic: Can't "Fix"  (Read 51904 times)

0 Members and 1 Guest are viewing this topic.

rlakritz

  • Guest
Can't "Fix"
« on: April 14, 2011, 05:54:33 AM »
I just installed Avast Internet Security because I was getting a notification that there had been repeated malware attempts on my computer.  I have a warning that my system is not fully protected and the Firewall is off.  The "fix" button does nothing, and when I try to manually turn on the firewall I get a message that the firewall is unavailable.  Now what?

ANHTHU5991

  • Guest
Re: Can't "Fix"
« Reply #1 on: April 14, 2011, 05:57:20 AM »
do you install avast along with another antivirus?

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #2 on: April 14, 2011, 06:58:25 AM »
No, Avast is my only anti-virus software.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #3 on: April 14, 2011, 07:53:09 AM »
Any other AV software installed? Which?
What Windows version?
Previous AV software before Avast?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #4 on: April 14, 2011, 08:58:19 AM »
I was using the free Avast software and just upgraded.  This problem developed after the upgrade.  I don't have any other antivirus software installed.  I am using Windows Vista on my laptop and Windows XP on my desktop and have the same problem on both (the upgrade included installation on 3 computers). I have Windows firewall activated on both computers.  Could that be the problem?

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #5 on: April 14, 2011, 09:00:31 AM »
I never had any other antivirus software installed on my laptop but did use Norton's on my desktop at one time.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #6 on: April 14, 2011, 09:13:45 AM »
So you upgraded.

I'ld recommend a clean install of new pre-relase version 6.0.1044.
You can click on the "AIS" in my signature, download the installer and run it. No need to uninstall current version.

No, the Windows FW is no problem with Avast AIS. Leave that activated.

If that does not cure the problem, we'll take a little deeper look.
« Last Edit: April 14, 2011, 09:16:51 AM by Zyndstoff »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #7 on: April 14, 2011, 01:53:49 PM »
Thanks!  This worked perfectly on my laptop but I am having more difficulties on my desktop.  I keep getting "Best Malware Protection" popup windows, telling me that my computer is infected and that I should buy their product (which I have not done).  How do I get rid of that so I can proceed to upgrade Avast on my desktop?

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #8 on: April 14, 2011, 01:56:15 PM »
That PC is infected for sure.

Download MBAM (free version) from my signature.
Install it.
Start it.
Update it via it's GUI.
Run a quick scan.
Have it delete all it finds.
Post the log here.

Thx.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #9 on: April 14, 2011, 02:24:10 PM »
Away from keyboard for 40 minutes now.  ;D
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #10 on: April 14, 2011, 09:07:14 PM »
Unfortunately, I can't get on the Internet from that computer.  I use Firefox and don't have any other Internet program installed. Everytime I try to get on I get a message, something to th4e effect that the proxy server won't connect. 
The good news is that I'm not getting the Best Malware Protection pop-ups anymore, but last time I shut it down I had messages that cmd.exe and ping.exe couldn't start, and I couldn't get rid of the messages in order to properly shut down the computer.  Eventually I had to force the computer to shut down. Can you think of some way around this before I take it in to my computer guy? 

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #11 on: April 14, 2011, 09:16:58 PM »

This is a heavy infection it seems, so I recommend our Malware expert as I am not such a wizard. He will guide you through the most complicated stuff, if needed.

His nick is "essexboy", I will inform him. Be aware that he is not 24/7 available, so it may take a little while. He is on local british time, so keep on looking in here frequently.

He'll help you get rid of it.

Be patient please.

Greetz
Zyndstoff
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #12 on: April 14, 2011, 09:22:41 PM »
Can you boot the PC in Safe Mode?
Hit F8 repeatedly during boot up until menu screen appears and select "Safe Mode with networking".

Try the MBAM download and procedure from there, if possible. Just a try.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Can't "Fix"
« Reply #13 on: April 14, 2011, 09:24:14 PM »
Hi could you transfer the following two programmes to the infected system using a USB drive if Zyndstoff's suggestion does not pan out

Download RogueKiller to your desktop
 
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.


Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #14 on: April 14, 2011, 09:27:26 PM »
You're damn quick today! :)

Was my proposal using safe mode okay? I need to learn...
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear