For some reason avast wont scan at all. I removed it and reinstalled it again today to no avail. This has been going on for a couple of days. Can someone help?
What operating system and Service Pack level are you using?
Did you have another anti virus application installed before?
I have XP Pro V 2002 SP 3. I had Avast & Spybot S&D installed when I first started having trouble last week. They were both working fine up until that point. I believe I may have a virus or Trojan from random surfing (stupid I know). Both programs would not scan afterwards.
I then added a-squared free and did a scan and checked jotti. I quarented a major fault a.exe which was found by a-squared in documents & settings/~ Temp.
Jotti’s malware scan
Filename: a.exe
Status: Scan finished. 8 out of 21 scanners reported malware.
Scan taken on: Sat 26 Sep 2009 19:27:21 (CET) Permalink
Additional info
File size: 146432 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 73e61abd5ecc49d2cb005696a15a3d19
SHA1: 07b975235c22c730598aa14ff0db7ce3d56cdf08
ArcaVir 2009-09-26 Found nothing
G Data 2009-09-26 Win32:Trojan-gen
A-Squared 2009-09-26 Trojan-Downloader.Win32.Renos!IK
Ikarus 2009-09-26 Trojan-Downloader.Win32.Renos
Avast 2009-09-26 Win32:Trojan-gen {Other}
Kapersky 2009-09-26 Found nothing
AVG 2009-09-26 Agent2.TEE
NOD32 2009-09-26 Win32/TrojanDownloader.FakeAlert.AIN
AntiVir 2009-09-25 Found nothing
NORMAN 2009-09-26 W32/Renos.AFCF
bit defender 2009-09-26 Found nothing
PANDA 2009-09-26 Found nothing
Clam AV 2009-09-26 Found nothing
Quick Heal 2009-09-26 Found nothing
CP 2009-09-26 Found nothing
SOPHOS 2009-09-26 Found nothing
Dr.WEB 2009-09-26 Found nothing
VBA32 2009-09-25 Found nothing
I then removed all 3 programs and added Microsoft Security Essentials. MSE would not scan either. It said the program service stopped and gave an Error Code of 0x80070005. Microsoft advised me to run services.msc and then sfc /scannow.
I still have MSE installed but it is still disabled. All I’m doing is running around in circles. I would greatly appreciate any help you can provide.
Try downloading MBAM (an antimalware scanner recommended often here.)
(You may need to download it using another computer, if yours is unable to.)
Rename the installer file to something random/meaningless.exe , (but remember the name.)
Install it on the sick computer.
Once installed, navigate to the installation folder (normally C:\Program Files\Malwarebytes’ Anti-Malware) and rename the main executable (mbam.exe) to something random/meaningless.exe, run it, update it, run a quick scan and have it remove everything found.
If it won’t update, run it anyway. After a scan/removal, keep trying to update it.
It may be necessary to do this in safe mode.
Repeat scans may be required, and after nothing further is found, at least one full scan.
Please post the scan report, and let us know how it’s going.
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.
After that, I suggest an installation from the scratch:
- Download the latest version of avast! Uninstall Utility and save it.
- Download the latest avast! version and save it.
- Uninstall avast from Control Panel (if possible). If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after that.
- Run the avast! Uninstall Utility saved on 1. If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after you’ve run it.
- Install avast! using the setup saved on 2. It will be good to accept the boot time scanning. Boot.
- Check and post the results.
I used all of you’re suggestions and MBAM would not run.
I had better luck with all of your suggestions. However I still cannot start, or schedule, avast from windows.
I remove all virus and spyware software.
I also ran sfc /scannow under the command prompt to check all protected system files and replace incorrect versions with correct Microsoft versions.
Results of the scan show no virus.
10/03/2009 08:56
Scan of all local drives
Number of searched folders: 18390
Number of tested files: 188855
Number of infected files: 0
avast! Antirootkit, version 1.0
Scan started: Saturday, October 03, 2009 10:01:29 AM
Process [0]
Process [4]
Process E:\WINDOWS\system32\smss.exe [1532]
Process E:\WINDOWS\system32\csrss.exe [776]
Process E:\WINDOWS\system32\winlogon.exe [804]
Process E:\WINDOWS\system32\services.exe [848]
Process E:\WINDOWS\system32\lsass.exe [860]
Process E:\WINDOWS\system32\svchost.exe [1096]
Process E:\WINDOWS\system32\svchost.exe [1168]
Process E:\WINDOWS\system32\svchost.exe [1688]
Process E:\Program Files\Ahead\InCD\InCDsrv.exe [1720]
Process E:\WINDOWS\system32\svchost.exe [244]
Process E:\WINDOWS\system32\svchost.exe [632]
Process E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [824]
Process E:\Program Files\Alwil Software\Avast4\ashServ.exe [1372]
Process E:\WINDOWS\explorer.exe [1804]
Process E:\Program Files\Microsoft IntelliType Pro\itype.exe [200]
Process E:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [232]
Process E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [320]
Process E:\WINDOWS\system32\ctfmon.exe [1876]
Process E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [344]
Process E:\WINDOWS\system32\spoolsv.exe [1288]
Process E:\Program Files\RegCure\RegCure.exe [1456]
Process E:\WINDOWS\system32\svchost.exe [1232]
Process E:\WINDOWS\system32\svchost.exe [1608]
Process E:\Program Files\Java\jre6\bin\jqs.exe [1996]
Process E:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2068]
Process E:\WINDOWS\system32\nvsvc32.exe [2120]
Process E:\WINDOWS\system32\java.exe [2148]
Process E:\WINDOWS\system32\svchost.exe [2192]
Process E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2412]
Process E:\WINDOWS\system32\searchindexer.exe [2524]
Process E:\Program Files\Canon\CAL\CALMAIN.exe [2568]
Process E:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2588]
Process E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [2680]
Process E:\WINDOWS\system32\wuauclt.exe [140]
Process E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2748]
Process E:\Program Files\Alwil Software\Avast4\ashWebSv.exe [3124]
Process E:\WINDOWS\system32\wuauclt.exe [4068]
Process E:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe [428]
Process E:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE [1052]
Process E:\Program Files\Microsoft Office\Office10\WINWORD.EXE [524]
Process E:\WINDOWS\system32\searchprotocolhost.exe [2768]
Process E:\WINDOWS\system32\searchfilterhost.exe [3212]
Process E:\WINDOWS\system32\searchprotocolhost.exe [340]
Scan finished: Saturday, October 03, 2009 10:01:31 AM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
For some reason Windows Update won’t install the Windows malicious Software removal Tool - September 2009 (KB890830)
Let’s hope essexboy drops by or you can ask the assistance of the Malwarebytes experts:
Procedures to help resolve issues preventing MBAM from running
I’m infected - What do I do now?
NOTE: If Malwarebytes won’t run or HijackThis won’t run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens.