Author Topic: enhanced protection mode  (Read 31995 times)

0 Members and 1 Guest are viewing this topic.

eustace flynn

  • Guest
enhanced protection mode
« on: July 21, 2011, 12:22:12 PM »
Does Avast have something called "Enhanced Protection Mode"?
I can't access the user interface on my avast free edition. I keep getting a popup window that tells me avast is in "Enhanced Protection Mode" because of a recent virus threat and that I should do nothing.
« Last Edit: July 21, 2011, 12:35:58 PM by eustace flynn »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11249
  • No support PM's thanks
Re: enhanced protection mode
« Reply #1 on: July 21, 2011, 01:28:25 PM »
Never heard of enhanced protection mode, where did you download you copy of avast from ?
I would suggest to you to get yourself a copy of malwarebytes and superantispyware and run the scans with them and see what they turn up.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: enhanced protection mode
« Reply #2 on: July 21, 2011, 01:31:10 PM »
Quote
I keep getting a popup window that tells me avast is in "Enhanced Protection Mode" because of a recent virus threat and that I should do nothing.
can you take a screenshot and post here


lower left corner > Additional options > attach

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: enhanced protection mode
« Reply #3 on: July 21, 2011, 01:35:39 PM »
As far as i remember, AVIRA was using such terminology for some of their functionality. Which was called exactly like that. Are you sure that you have avast! ?
Visit my webpage Angry Sheep Blog

eustace flynn

  • Guest
Re: enhanced protection mode
« Reply #4 on: July 22, 2011, 01:04:08 AM »
I most assuredly have Avast! and I downloaded it from Avast's website.
I can't take a screenshot because that pop-up is no longer there!

The problem began with a chat message on facebook inviting me to see a video that I was in. As the message was apparently from  my sister I opened the link and was instructed to download the latest version of Flashplayer on the link provided.
Almost immediately a window opened telling me a threat has been detected (incurable)and my computer shutdown, restarted in safe mode, shutdown again, and restarted normally. When I clicked on the Avast! system tray icon to see what had happened the "Enhanced Protection Mode" window opened!
I couldn't open the Avast user interface so I tried re-installing Avast. The computer wouldn't let me("Access Denied" was the message) so I downloaded Malwarebytes, disconnected from the 'net,deleted Avast, installed Malwarebytes and ran a full system scan. A trojan was detected and quarantined. I then reconnected to the 'net, downloaded Avast from the home site and re-installed it successfully.
Now everything appears to be normal.
EXCEPT!! I can connect to any website---BUT NOT FACEBOOK!
« Last Edit: July 22, 2011, 01:41:59 AM by eustace flynn »

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3741
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: enhanced protection mode
« Reply #5 on: July 22, 2011, 01:25:38 AM »
Hi eustace flynn :)

Most likely you were/are infected. Maybe almost everything seems to be normal, but you can't be sure. I will ask our malware removal specialist Essexboy to help you. In the mean time can you post the MBAM log in your next reply ?

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 6
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: enhanced protection mode
« Reply #6 on: July 22, 2011, 01:58:29 AM »
Getting that feeling of having been here before, see this topic http://forum.avast.com/index.php?topic=81972.0 and my post on page 2 http://forum.avast.com/index.php?topic=81972.msg669522#msg669522.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3741
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: enhanced protection mode
« Reply #7 on: July 22, 2011, 02:26:25 AM »
Yes, I noticed too that the OP is not the only one with this problem. Maybe the MBAM log can provide some information what we are dealing with.

Greetz, Red.

OS: Win 10 / iOS 17 / Debian 12 / Tails 6
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

eustace flynn

  • Guest
Re: enhanced protection mode
« Reply #8 on: July 22, 2011, 02:34:20 AM »
Hi Rednose

I also, um, deleted malwarebytes after I ran the scan. Will try all this again so I can post the mbam log.

Wish me luck

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3741
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: enhanced protection mode
« Reply #9 on: July 22, 2011, 02:43:19 AM »
Can you remember the name of the trojan in the MBAM log ?

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 6
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

eustace flynn

  • Guest
Re: enhanced protection mode
« Reply #10 on: July 22, 2011, 11:14:39 AM »
Okay folks. I retrieved the mbam log.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7221

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2011 6:18:44 PM
mbam-log-2011-07-21 (18-18-44).txt

Scan type: Full scan (A:\|C:\|E:\|)
Objects scanned: 285482
Time elapsed: 1 hour(s), 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790474B6765C5531AD97 (Malware.Trace) -> Value: SRS_IT_E8790474B6765C5531AD97 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\autotelic\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204337.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204338.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204339.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204340.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204341.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\253454858.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.




Any good to you?

eustace flynn

  • Guest
Re: enhanced protection mode
« Reply #11 on: July 22, 2011, 11:31:08 AM »
PS

I ran another M-Bytes scan and it came up with nothing. Clean.

moti shimoni

  • Guest
Re: enhanced protection mode
« Reply #12 on: July 22, 2011, 12:00:37 PM »
hi...  i have a photi of this shit!!! i have it to

Sparxx

  • Guest
Re: enhanced protection mode
« Reply #13 on: July 22, 2011, 12:36:39 PM »
hi...  i have a photi of this s**t!!! i have it to

This sh*t isn't an avast! shield, it seems you got an fake antivirus, you'd better get rid of him as fast as you can, and install avast only from the off. site .

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: enhanced protection mode
« Reply #14 on: July 22, 2011, 06:58:54 PM »
Is that shield still present ?

As I am sure that Avast would like some of those files

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in

%USERPROFILE%\..|smtmp;true;true;true /FP
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.