Hy guys im having weird issue, i have avast free version on PC and laptop. Yesterday Avast background services stopped working on PC and today in my laptop Avast background services stopped. I scanned with malwarebyte aswell but there is no virus/malware. I tried Repairing avast but doesnt helped me. Please tell me whats going on because it is so strange. If im trying to install other antivirus i cant somehow.
Please help.
thanks.
Please follow the instructions in the “viruses and worms” forum.
Here are the logs which i followed the " Logs to assist in cleaning malware" Post. Please check it
Thanks
Do you use thirdy party Firewall with Avast? Check uninstalling Firewall.
I have Comodo Firewall. I installed Avast & after installation was successful got Avast background services were not running. Restarted the system but keyboard/mouse was not working i.e was not able to move the mouse to the Windows logon password field. Hard shutdown & started the system again but same keyboard prob.
I have Rollback Home installed. So I restored to previous snapshot. Uninstalled Comodo Firewall & installed Avast & no probs.
Start with removing Chrome.
Unless you installed it yourself, malware has changed it into a developer version which allows other malware to be installed without the users noticing it.
No, Im not using any third party Firewall.
You also have Avira running
16:46:18.549 Service avipbb C:\Windows\system32\DRIVERS\avipbb.sys **LOCKED** 16:46:18.564 Service avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys **LOCKED**
Please uninstall that and chrome first then run a fresh FRST scan please
There are no such files exists in system32 i checked. here is the latest FRST file in the attachment, please check
Could you let me know what error Avast gives when you try to start it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Startup: C:\Users\Waqas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u.lnk [2015-05-26] ShortcutTarget: u.lnk -> C:\Users\Waqas\AppData\Roaming\obcmjtmyfi.exe (Citigroup) Startup: C:\Users\Waqas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-06-09] ShortcutTarget: v.lnk -> C:\Users\Waqas\AppData\Roaming\obtexhelsv.exe (Kareo) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-03] () 2015-06-24 16:26 - 2015-06-24 16:26 - 01415680 _____ (wj32) C:\Program Files\H1J1J3LD.exe 2015-06-24 16:26 - 2015-06-24 16:26 - 01415680 _____ (wj32) C:\Program Files\4HS2DR1O.exe 2015-06-24 15:50 - 2015-06-24 15:50 - 01415680 _____ (wj32) C:\Program Files\KU5GT4EB.exe 2015-06-24 11:31 - 2015-06-24 11:31 - 01415680 _____ (wj32) C:\Program Files\BDT87MM4.exe 2015-06-23 22:47 - 2015-06-23 22:47 - 01415680 _____ (wj32) C:\Program Files\NU9TIUON.exe 2015-06-09 14:54 - 2015-06-09 14:54 - 81518592 __RSH (Kareo) C:\Users\Waqas\AppData\Roaming\obtexhelsv.exe 2015-05-26 10:18 - 2015-05-26 10:18 - 73986048 __RSH (Citigroup) C:\Users\Waqas\AppData\Roaming\obcmjtmyfi.exe AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Ok so when i click on AVAST, first it does not open on first click, i had to click many times when it opens if i click on OVERVIEW it says " YOU ARE UNPROTECTED " Avast background service is not running. If i click Resolve ALL/ Start now it does nothing.
Here is the latest log. Please Check.
thanks.
You can now re-install chrome
Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel
[]Run the uninstall tool and accept the reboot to safe mode
[]Once complete reboot your system
[*]Reinstall Avast