About 2 hours ago I was using AVG free for many years with Firefox.
Started having a problem with either Firefox, avg free or something else when clicking on a link after doing a search and coming up with first seeing link in address bar and before page loaded it switch to another link though it was an advertsing link. to go to my choice link I had to click back button.
I did a AVG full scan yesterday and it only turned up 4 cookies which I deleted.
So I tried Malwarebytes and it turned these which I deleted.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) → Quarantined and deleted successfully.
then got to thinking after looking at Mozilla forum to switch to Avast.
I ran avast and after about 40 minutes no viruses nothing.
Prior to Avast I completly removed everything to do with AVG.
So I go to my windows firewall and see AVG files about 7 are all there and checked. So I delete all of them.
Question is do I add all *.exe Avast files to Windows firewall with a check mark for each or which ones?
Oh and to get to this forum I was first redirected to some advertising site then had to hit back button to get here.
same thing with Yahoo search.
I click link that looks authentic another advertising site pops up and then hitting back button either takes be to what I want or I can’t exit out of site without closing it.
The windows (XP) firewall doesn’t monitor outbound connections so you probably don’t have to add any.
However the only files that require internet access are avast.setup (the avast update process), the ashWebSv.exe (web shield) and ashMaiSv.exe (the Internet Mail provider POP3/SMTP email scanner).
Based on those file references not being removed there may be other remnants - AVG8 Remover, download tool from here, http://www.grisoft.com/ww.download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one.
I would have though that MABM would have found this search hijack, but you could also try SAS - SUPERantispyware On-Demand only in free version.
Try running MBAM and SAS from safe mode with your browsers closed.
Check this out, if the above don’t resolve it.
Firefox popping up ads and or google search redirects.
Please download GooredFix and save it to your Desktop. - Double-click Goored.exe to run it. - Select 1. Find Goored (no fix) by typing 1 and pressing Enter. - A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). - Note: Do not run Option #2 yet.
The avast.setup file used to be a temporary file created when the update proceeded, but it should be in the C:\Program Files\Alwil Software\Avast4\Setup folder.
OK, hopefully that has cleared any avg remnants, if any.
The Goored is clear as no suspect entries, so that is another down.
I would say just what it says some part of the update process is broken, this could be a partial install failure, which could be due to remnants of avg.
Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
If that doesn’t work try, uninstall, reboot, install, reboot.
I found avast.setup where you said it would be and where it was had I opened all file extensions in setup dll. It along with 3 other AV files are checked in windows firewall.
I uninstalled, restarted, installed, restarted using same Reg # and it appears as I have to once again do a scan. However I thought let me see if I can update and tried and got same package broken report. I put some * in one location to hide my name.
Below is from log.
05.04.2009 16:54:13 general: Started: 05.04.2009, 16:54:13
05.04.2009 16:54:13 general: Running setup_av_pro-537 (1335)
05.04.2009 16:54:13 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
05.04.2009 16:54:13 system: Memory: 26% load. Phys:1545268/2096360K free, Page:3611660/4038308K free, Virt:2069356/2097024K free
05.04.2009 16:54:13 system: Computer WinName: INSPIRON
05.04.2009 16:54:13 system: Windows Net User: INSPIRON\jaisen
05.04.2009 16:54:13 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
05.04.2009 16:54:13 general: DldSrc set to inet
05.04.2009 16:54:13 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
05.04.2009 16:54:13 general: Old version: 537 (1335)
05.04.2009 16:54:13 registry: Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
05.04.2009 16:54:14 system: Using temp: C:\DOCUME~1*~1\LOCALS~1\Temp_av_proI.tm~a01748 (28474M free)
05.04.2009 16:54:14 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
05.04.2009 16:54:14 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;p)
05.04.2009 16:54:14 system: Computer DnsName: INSPIRON
05.04.2009 16:54:14 system: Computer Ip Addr: 75.213.117.185
05.04.2009 16:54:14 system: Installed in: C:\Program Files\Alwil Software\Avast4 (28474M free)
05.04.2009 16:54:14 internet: SYNCER: Type: use IE settings
05.04.2009 16:54:14 internet: SYNCER: Auth: another authentication, use WinInet
05.04.2009 16:54:14 package: Part prg_av_pro-537 is installed
05.04.2009 16:54:14 package: Part vps-9031900 is installed
05.04.2009 16:54:14 package: Part news-4e is installed
05.04.2009 16:54:14 package: Part setup_av_pro-537 is installed
05.04.2009 16:54:14 package: Part jrog-e0 is installed
05.04.2009 16:54:14 general: Old version: 537 (1335)
05.04.2009 16:54:14 general: GUID: 3f90d82e-dfd9-47d8-942f-f5c585aa60d7
05.04.2009 16:54:14 general: Server definition(s) loaded for ‘main’: 229 (maintenance:0)
05.04.2009 16:54:14 general: SelectCurrent: selected server ‘Download730 AVAST Server’ from ‘main’
05.04.2009 16:54:14 internet: SYNCER: Type: use IE settings
05.04.2009 16:54:14 internet: SYNCER: Auth: another authentication, use WinInet
05.04.2009 16:54:14 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
05.04.2009 16:54:14 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
05.04.2009 16:54:14 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
05.04.2009 16:54:14 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
05.04.2009 16:54:14 general: progress thread start
05.04.2009 16:54:14 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;f)
05.04.2009 16:54:36 internet: Used server: http://download730.avast.com/iavs4x
05.04.2009 16:54:36 package: Download servers.def, servers.def.vpu failed with error 0x20000011.
05.04.2009 16:54:51 internet: Used server: http://download730.avast.com/iavs4x
05.04.2009 16:55:12 internet: Used server: http://download730.avast.com/iavs4x
05.04.2009 16:55:12 file: GetFileWithRetry: servers.def downloaded .
05.04.2009 16:55:12 file: GetNewerStampedFile:DSA_FileVerify(C:\DOCUME~1*~1\LOCALS~1\Temp_av_proI.tm~a01748\onefile), error: 0x2000000B
05.04.2009 16:55:12 package: Tried to download servers.def but failed with error 0x20000011.
05.04.2009 16:55:12 package: LoadAllDefs failed 0x20000011
05.04.2009 16:55:12 general: Err:The package is broken
I’m on UM175 VZ broadband did below tried to update and got package broken.
Oh, I typed into yahoo search bar broken avast package and was taken to an advertising site and I had to click back to get to below Avast form question and answer.
Had the same problem Package broken etc. etc… , found in settings > update connections> a tick box that said “My Computer is permanently connected to the Internet” since I am on dsl I figure to click that … and lo and behold no more Broken packages
“Had the same problem Package broken etc. etc… , found in settings > update connections> a tick box that said “My Computer is permanently connected to the Internet” since I am on dsl I figure to click that … and lo and behold no more Broken packages”
above is from some one else in this form and I tried it. Did not work.
“Had the same problem Package broken etc. etc… , found in settings > update connections> a tick box that said “My Computer is permanently connected to the Internet” since I am on dsl I figure to click that … and lo and behold no more Broken packages”
There is more to above than what it says. This is from another forum user.
What is missing is
yes click on update connections,and click computer is permanently connected to internet.
I am using a UM175 VZ modem which I guess is permanently connected to internet when I turn my computer on
However, You have to click on proxy box
and click direct connection option.
This allowed me to update not only virus but Avast program too. Oh so easy.
You never did say if you ran the avg8 uninstall tool I gave the link for ?
What your modem if isn’t an issue it is the type of connection, broadband, DSL or Cable are all permanent connections, Dial-up is blatantly obvious so if you aren’t using that then you are permanently connected.
Your proxy setting is by default set to ‘Auto Detect (use Internet Explorer settings),’ this for the most part is fine foe the greatest majority, but for some it doesn’t (why I don’t know). You seem to have been one of the unfortunate few and Changing it to no proxy has worked.
I used avgremove you suggested to me. AVG is gone.
As for being sorted and being a user of Avast for less than 24 hours I have a suggestion or two.
So last night, it is now Monday morning, I thought why not do a VRDB thing. So I click start and you i ball went around, around, around and kept going for about 35 minutes when it got to be like really late so I stopped it.
Suggestion 1 would be some sort of moving bar showing progress in percent or numbers or something with time remaining or something or an automatic shutdown of my computer.
Suggestion 2 are skins. They could better in colors, boxes, white spaces.
and lastly I still have problem with google and yahoo search bars being a new term for me Hijacked. There are others with this problem and no real answer other than doing a Hijack test, copying log and posting it for someone else to look at.
There has to be another way.
I’m using firefox 3.08.
I type in say Mozillazine into Firefox search bar, click enter, see a top link to Mozillazine web site and then I click to get to Mozillazine,
then in address bar I see firefox URL and then like moments, split moments late I am taken to an advertising site like Stopzilla or something like it and have to hit back button to get to Mozillzine web site.
Question is it my fault for using Firefox or a Firefox responsibility to keep "hijacking software out of Firefox search bar?
It would be like if I bought a Pizza and someone having to do with providing Pizza was adding peanuts to it and I’m allergic to peanuts.
Whose job is it to find out where those peanuts were added to my pizza?
Like am I suppose to take my Pizza to another store for it to be analyzed before I eat it?
Something or someone is Hijacking Firefox’s search bar.
I would think Firefox would like to know why someone or something is messing with Firefox’s search bar.
Avast
I’m going to help you fix this hijacking problem when using search bar in Mozilla Firefox and I know nothing about hijacking, virus or malware.
You can type
about:cache?device=disk
into address bar of Firefox and it will bring up firefox Cache.
I did it in my recent cache and found these files.
I see something though it might be nothing.
some of these expiration dates are 1969 and if I am not mistaken 1969 was a while ago and those are sites I have been directed to from where I wanted to go.
Couldn’t there be some way to find where in registry they dates are coming from or at least block site links with expiration dates that have come and gone a long time ago?
Firefox is less prone to these search hijackings than IE by a long way. There is however no way to establish who is responsible as for it to get established the use would normally have to have accepted the addition of something.
The problem being there are some toolbars that the user might feel helps them when in fact they only help the originator, you might well get some other unknown gifts that pay for your free toolbar. Personally I don’t allow any toolbars to install and I take care of what add-ons I install, usually sourced at the Mozilla site.
If you haven’t already got the NoScript add-on for firefox I suggest you do.
The safebrowsing is a security tool that blocks access to known malicious sites.
As for trialpay.com (this you can google if you can get past any redirects) is often used by software manufactures as a means of getting something for free, so there may be some payment involved, could be marketing information gathered or targeted adverts based on browsing, etc. http://www.trialpay.com/about/.
Typing about:cache?device=disk into firefox address basr gives a blank page on my system.
One other thing I noticed
I can’t open my regedit file by going to
start
run and typing in
regedit
nothing happens.
I found a site suggesting I could possibly make some changes. And yes I have gone into registry before this time trying this from another forum
It is VERY IMPORTANT that you learn how to examine your system for potential
problems as well as using ‘fixit’ programme such as AdAware or Spybot.
Check your startup folder and MSCONFIG (startup tab). You can also check
the following registry keys and edit as appropriate (if you have experience
with same).
This and other areas are commonly blocked to prevent easy removal of malware.
You may find that regedit.exe has been intercepted and there is a way round that find regedit.exe, in my XP Pro it is in the Windows folder, copy it and paste it into another temporary folder, rename it to regedit.com, you will get a warning, it is OK.
Now if there are two files one with a file type of .exe and another .com the .com one takes precedence so by running the regedit.com that should allow you to open the registry for editing. This is a temporary measure to allow you to edit the registry if needs be and not a permanent solution.
