Author Topic: "Privacy Protection" scam and disabling of avast,etc.  (Read 15995 times)

0 Members and 1 Guest are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37591
  • Not a avast user
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #15 on: November 27, 2011, 03:08:33 AM »
Essexboy (UK time) is usually in here around 08:00pm - 11:59pm in weekdays..
so sunday tomorrow (now   ;D ) around miday...maybe

Oldman i dont know

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #16 on: November 27, 2011, 03:54:50 AM »
Thank you so much. I'll check back periodically  :)

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #17 on: November 27, 2011, 11:43:55 AM »
Hi choirgirl1,

You can do a couple of things to try to get OTL to run.

First ignore the messages from the rogue that OTL is infected. That is don't acknowledge or close the popup.

If that doesn't work, right click OTL and click rename. On the keyboard type explorer.exe and hit enter.

Try running it again by double clicking the renamed file.


Lastly you can try safe mode. To start your computer in Safe Mode :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #18 on: November 27, 2011, 08:48:11 PM »
Hi Oldman  :)
PP ("Privacy Protection") allowed me to rename the OTL program, but wouldn't let me open the text. I tried to rename it too, but it wasn't fooled I guess  :P So I manually typed in the code and ran the scan. I'm savimg it to travel drive now and will proceed to post it here...I hope you're still there!

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #19 on: November 27, 2011, 09:01:26 PM »
The text files are VERY long and I'm not really comfortable "posting" them in public. How do I attach them? Is there a securer way to send them to you?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37591
  • Not a avast user
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #20 on: November 27, 2011, 09:04:20 PM »
lower left corner > additional options > attach

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #21 on: November 27, 2011, 09:13:44 PM »
Attachments
« Last Edit: November 28, 2011, 12:55:06 AM by choirgirl1 »

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #22 on: November 27, 2011, 11:08:23 PM »
    Hi choirgirl1,

    I see signs of a very nasty infection that we may not be able to clean. Is the option to reformat and reinstall the operating system a possibilty. We can clean up as much as possible and see how deep this goes.

    If you are transfering files to the infected computer we will do this fix differently. It should be easier for you.

    There are signs of an autorun infection on E:\ drive which is most likely a usb storage device such as a flashdrive. Is the flashdrive you are using recognized as E:\? Leave the flash drive connected to the infected computer when you run the fix.

    To protect your clean computer do this first:

    On the clean computer with the flashdrive attached:

    Download
Flash_Disinfector.exe by sUBs(and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive anl/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Additional info: there is no user interface for this tool. You may see a black window briefly flash on the screen.

Next

Download the attached file, scan.txt, and transfer it to the desktop of the infected computer.

Next,

On the infected computer:

Please rename the copy of OTL that you renamed to svchost.exe.

 Double click on svchost.exe
  • Under the Custom Scans/Fixes box at the bottom, double click on the white window
  • You will get a window asking if you want to load a custon scan, click ok
  • Set the look in  box at the top to your desktop and click open
  • the box should now fill with text
  • Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the  OTL fix log.

How is the computer?

[/list]
« Last Edit: November 27, 2011, 11:21:34 PM by oldman »

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #23 on: November 27, 2011, 11:18:55 PM »
Hi - I'm here. Give me a couple of minutes to read your post and make sure I understand. Yes, reloading the OS is an option - I fairly recently backed up all my files to an external harddrive and my most recent work to a flash when this problem popped up, just to be safe - I didn't want to infect the external. But I'd really rather not start fresh if it can be avoided - I have SO much work to do as soon as possible. Be right back...

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #24 on: November 27, 2011, 11:25:02 PM »
Hi choirgirl1,

Take your time. If the one infection that I think may be there you may be looking at a reformat as there isn't a manual removal for it at the present. But let's take it one step at a time.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #25 on: November 27, 2011, 11:55:33 PM »
Question: I still have OTL open (I didn't want to close it in case I needed it again) should I close it and reopen as the new name? Or can we use it as is?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #26 on: November 28, 2011, 12:01:56 AM »
Hi choirgirl1,

Give it a try as it is. Just make sure the white field at the bottom is empty before you import the file.

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #27 on: November 28, 2011, 12:03:41 AM »
Never mind...I did the rename anyway and it's scanning...

Offline choirgirl1

  • Jr. Member
  • **
  • Posts: 24
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #28 on: November 28, 2011, 12:19:17 AM »
 :D Yay! Computer rebooted with no recurrence of PP popup, I'm able to open the programs I couldn't before, and my Avast tray icon is back! I haven't reconnected to the internet yet - I'll wait to see what you think. I'm scared to be too happy, but !!!!!
I've attached the fix log.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: "Privacy Protection" scam and disabling of avast,etc.
« Reply #29 on: November 28, 2011, 12:36:40 AM »
Hi

Before you connect to the internet please run this custom scan.


Rename OTL back to OTL.exe

Delete scan.txt from your desktop.

Download the attached file and transfer it to your infected computer's desktop.

Use the same steps as before to import the file to OTL but this time click the Run Scan button.