My current version of Avast has been rendered helpless. Laptop is being attacked by a virus identifying itself as one that goes after passwords. An unidentified antivirus software package pops up on screen for me to “buy” to eliminate the virus/worm/trojan. . . whatever.
Laptop is overrun with antivirus software “out of date” popups approximately every 3-5 seconds.
I ran the most current avast 4.8 for home edition three times, but the problem is not eliminated. One other symptom is a popup: “Application can’t be executed. wscntfy.exe is infected”
Can anyone tell me what I need to do. I can’t manually update avast either, though I know for a fact that 5-15 minutes prior to my crash, avast automatically updated. When I attempted a manual update, avast said it’s box is broken.
There was no Mfg name of the AV software. It was a scammer and I didn’t download. I actually tried an immediate closure of any attempt to interrupt my avast AV from running its program.
After some further attempts, I gained access to the avast log.
Avast version 4.8.1368, [VPS 100 129-0] updated automatically.
WARNING queue
Application 3640
Function setifaceUpdatePackages() has failed.
Return Code: 0x20000011,
dwRes is 20000011
newmann, can you give the name of the fake AV Scanner?
IM gonna go out on a limb and post this link.
try this link for removal instruction, be sure to pay attention to the proxy settting instructions if you having problems with IE8 not connection. (and if you dont know, safe mode networking can found by hitting the F8 key repeatively after shutoff/turn on)
I was hit with this already, a very dangerous virus. syssvc.exe-- win32:FakeAV-ALD[trj] was caught and put into the chest, what was not caught was the other one that slipped by it and rendered my desktop and most of my programs into a non-working agents of doom. I went into the application data file to see what was wrong and noticed this folder… enlkdawyu which had only this file in it… omublmhtssd.exe
In the temp file there was a video file that could not be deleted, cause it was in use, Perflib_Perfdata_770 and ~DF478D.tmp, whatever that was. The “antivirus” that popped up was called Antispyware Soft. Most of my hard drive has suffered greatly, my chkdsk doesn’t work properly now. Along with many other vital programs. I have isolated an unreadable and corrupted file and I have destroyed a decompression bomb, though they were implanted into files that were already on my computer. The unreadable one, I cannot delete. I am still working on trying to get it back to normal, although I did noticed that most of the programs that have the “$” in it is missing and this is the major problem. Hopefully some of this info will help, if not, then I understand your aggressions.
If anyone could tell me on how to get rid of an unreadable, corrupted, file that the system keeps calling a directory, and that has 0 bytes in it, please let me know.
If anyone could tell me on how to get rid of an unreadable, corrupted, file that the system keeps calling a directory, and that has 0 bytes in it, please let me know.
do you have Malwarebytes installed ? It has a tool called FileASSASSIN,
top right corner > more tools
I’m with you Mach my sisters computer has the same problem and I don’t know where or how to start to remove or clean. Does Avast monitor this board r just leave it here for us to beat around…I have always liked this product but the lack of immidate support for such a danger is to say the least left one with a very serious bitter taste intheir mouth.
Please post back if you find a cure and I will do the same
I found this file attached to this Fake AV virus. It renders any anti virus unusable and if previously infected prior to installing Avast it will crash your system catastrophically. The file is “xhetomy.sys” . I have searched every where for a reference to this file only to come up empty. I currently am working on 7 machines that acquired this within the past 3 days from supposedly E-Cards. Those stupid little things you get in your Email like “someone has a crush on you” ect. Whet you open the attached link you are prompted to download a Microsoft Access file to view the content and BAM you get the FAKEAV. I am not positive this is related to your infection. If it is you would be able to run a Scan under SAFE Mode and you will find the above mentioned file. No matter what option you choose, quarantine, delete ect. You will get a respone from Avast saying that a device connected to the system is not functioning properly and then your computer will promply restart. I have tried several Rootkit tools and Malware/Antispyware progs only to end up with an unaccessible OS. Anyone out there come across this??? Besides me?
Use system restore (from boot is better), is the fastest & easiest way to solve this problem. Then scan the computer for posible infections or traces. DONT FORGET TO CLEAN TEMP FILES.
System restore has been corrupted. System message comes up saying that there are no more endpoints for this end point then promptly reboots. Have to do a full format and reinstall From factory recovery disk. Hopfully this "NEW variant is fixed soon.
Seems that I was attacked by the same thing late last night, when it slipped past the Avast online scanner. Most of the symptoms are the same, at least. The main clue is the Antispyware Soft screen that pops up.
After trashing about a bit trying to figure out what to do, since it wouldn’t allow most programs to run, including the Taskmanager, I rebooted and managed to start the Taskmanager before the virus took over. Then I stopped some unfamiliar processes first - I think asam.exe may have been the real culprit. Then I ran Spybot Search & Destroy which found some evidence of it. But then, after a little more research on it, I decided I had better use Malwarebytes’ Anti-Malware to get rid of more of it.
At least for the moment it seems to be gone. I got the step-by-step instructions for for removing it using Anti-Malware at the Geeks to Go! site, under Forums, Security, Malware Removal Guides and Tutorials, Removal instructions for Antispyware Soft. Note: there are instructions for similar sounding malware - take care to choose the exact same name, if you try this.
I sure hope Avast! figures out how to catch it pretty soon - it was nasty.
“Note: there are instructions for similar sounding malware - take care to choose the exact same name, if you try this”
yes and no wrack, Ive found that generally, most rogue av’s are killed with the same set of directions. with the exception of the proxy issue.
Antispyware soft is of the antivirus soft family, so the antivirus soft removal instructions would have worked. The bleeping computer link was posted earlier in this thread for this.
Im glad you were able to get rid of it.
Most AV’s, not only avast are having problems stopping these rogues. You may want to use a layered security aproach, as most here do. Have a look at peoples signatures to see what they are using.
Im sure MBAM and SAS pro will stop these, but they are the paid version, meaning r/t resident. I believe Spyware Terminator will also stop this, and is offered as a free pro version r/t resident(others will correct me if im wrong) Also, pc tools threatfire is said to stop these rogues as well.
any one of these will run fine alongside of avast.
I spoke too soon. I thought I was clean, but no, I still have problems that MBAM didn’t solve. Avast scans are still finding infections, even thought MBAM says everything is fine. Firefox is popping up new tabs occasionally for no reason I can see and my modem seems busier than it should be. And I couldn’t start a new topic to ask for help over at Geeks to Go because every time I tried I got a server reset connection error.