Hi Avast Team

I am helping a friend of mine with Avast who has Win XP,Avast 5.0.594 update current version 100712-0 with release date 7/12/2010 06:53:32.
Everytime I try to update it stucks at Downloading file: servers.def.vpx and then it gives “Error: Cannot connect to server”

Automatic updates also not working.

Steps that I have done:

1. Ran MBAM & removed infected files
2. Ran CCleaner & temp file cleaner
3. Scanned using Spyware Doctor & removed infected files.
4. Uninstalled(Add/remove) restarted & re-installed in normal mode.
5. Did try to repair avast during the process of uninstallation
6. Also tried update component during uninstalled
7. Uninstalled using aswClear5.exe in safe mode restarted in normal mode downloaded new file from avast site & installed.
   After doing all the above steps I get the same error while trying to update virus definations Downloading file: servers.def.vpx and then it gives "Error: Cannot connect to server

It has gone more worse now Firewall & AntiSpam not working.

I am not able to attach screenshots, if you require it I can do that but you need to tell me how to do that.

Reason for the above problem along with the resolution would be highly appreciable.

Follow this guide from Essexboy and post the log`s here
http://forum.avast.com/index.php?topic=53253.0

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

Hi Pondus pls find the attached files.

On completion of this run try the updates again

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 IE - HKU\S-1-5-21-429705476-915702366-3214017248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-429705476-915702366-3214017248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local IE - HKU\S-1-5-21-429705476-915702366-3214017248-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-429705476-915702366-3214017248-1006\..\Toolbar\WebBrowser: (no name) - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - No CLSID value found. O3 - HKU\S-1-5-21-429705476-915702366-3214017248-1006\..\Toolbar\WebBrowser: (no name) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - No CLSID value found. O4 - HKLM..\RunServices: [0.5429704596585395] C:\DOCUME~1\Walt\LOCALS~1\Temp\0.5429704596585395.exe File not found O4 - HKLM..\RunServices: [pdfupd] c:\docume~1\walt\locals~1\temp\pdfupd.exe File not found O4 - HKLM..\RunServices: [QuickTimeRecursosQuickTime] C:\program files\quicktime\qtsystem\quicktimeinternetextras.resources\pt.lproj\recursosquicktimequicktime7.6.6.exe File not found O4 - HKLM..\RunServices: [update[2] c:\documents and settings\walt\local settings\temporary internet files\content.ie5\4ii4ix9y\update[2].exe File not found

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“8085:TCP”=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Do I need to do just quick scan or do I need to enter the following as per your other post.

netsvcs
%SYSTEMDRIVE%*.*
%systemroot%\Fonts*.com
%systemroot%\Fonts*.dll
%systemroot%\Fonts*.ini
%systemroot%\Fonts*.ini2
%systemroot%\Fonts*.exe
%systemroot%\system32\spool\prtprocs\w32x86*.*
%systemroot%\REPAIR*.bak1
%systemroot%\REPAIR*.ini
%systemroot%\system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%\Adobe\Update*.*
%ALLUSERSPROFILE%\Favorites*.*
%APPDATA%\Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%\Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu*.lnk /x
%systemroot%\system32\config\systemprofile*.dat /x
%systemroot%*.config
%systemroot%\system32*.db
%PROGRAMFILES%\Internet Explorer*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch*.lnk /x
%USERPROFILE%\Desktop*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Jusat a quick scan will do - it will show me whether OTL was strong enough or I need to ramp up a gear

Can you update after running the fix ?

Hi Essexboy thanks for helping me out.

The fix has not helped at all … everything is the same.
Not able to update or enable firewall/antispam.

Attaching the fix log file & quick scan log file

I think you might need to gear up

OK one of the elements I tried to remove has re-instated it self - time to up the stakes

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

No progress after running combofix

PFA for Combofix log

Next we will need to uninstall McAfee also what firewall are you using ?

Details and removal tool here http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Earlier the system had Spyhunter I already uninstalled however its present in the foloowing location.

c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
→ c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

Can I simply delete them??

Sorry I never noticed McaFee since it was not showing as a installed software … I need to take care of it.

If after removing McaFee it does not work then what could be the next step??

**Note: After running combofix I uninstalled/reinstalled Avast & now the Pro features are missing & even after inserting the license file it not showing there neither the expiration date.

Uninstalled McaFee & restarted
Now its showing the registration details + pro features(but disabled)
Avast Firewall/Antispam not working when tried to update got a new error message
Error:cannot connect to a955sl.avast.com(74.86.125.46:80)

Uninstalled Avast in safe mode using the aswclear utility.
Installed in normal mode.

Back to square one and got the same error as posted in the 1st post.

OK lets make sure that it has all gone. I also see PCTools as well - do you use that one ?

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) O4 - HKLM..\RunServices: [update[2] c:\documents and settings\walt\local settings\temporary internet files\content.ie5\4ii4ix9y\update[2].exe File not found [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2008/09/28 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jebcdena [2009/02/27 09:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\.wyzo

:Files
ipconfig /flushdns /c
C:\Program Files\Enigma Software Group

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

EDIT : Do you use a router and do any other systems that use it have the same problem ?

Yes I did use PCTools spyware doctor(as mentioned in the first post) to remove infected files & that was after Avast was causing problem but it has been removed now.

Yes its connected wirelessly hence using a router.

Should I use Dial-a-fix to check for any policies??

Lets have a look see first

Please download SINO by Artellos.

[*]Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
[*]Then please check the following checkboxes:

System Info
Services
Boot Check
Tasklist
Startup Items
Event Log
Ipconfig
Ping
Netstat
Hosts file
Shares
Routing Table

[*]Once checked, hit the Run Scan! button and wait for the program to finish the scan.

[*]A notepad window will pop up. Please copy all of the content into your next reply.

Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

Hi Martin

Thanks for all the help however my customer does not want to perform any more troubleshooting.
He would take the online backup of all the data & perform the OS reinstall.

If even that does not help then he would ask for a refund from Avast.

Siddhartha

No probls - a nice little ride though

Sino is a handy diagnostic tool

Hi Martin

I provide remote technical support but ofcourse I don’t know everything.
Would appreciate if you can educate me about the usage of OTL & Sino or if you can provide me any documentation for the same.

Regards
Sid

Would appreciate if you can educate me about the usage of OTL & Sino or if you can provide me any documentation for the same.

OTL tutorial is here http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/

For Sino there is no tutorial as such - however this is the generated output - as taken from my 64bit windows 7 - I will need to attach it as it is to long to post on the forum ;D

If you wish I can ask Olrik for a copy of the help file