avast! cannot even detect / remove 'enhanced protection mode' virus!

I’m running the avast! suite at my office, and this is not the first time that a virus not only got onto a PC with the latest avast! virus definitions, but that avast! could not even detect it, less remove it. Now our MD’s desktop has the avast! enhanced protection mode virus and the real avast! support wants me to download all sorts of other tools to detect and remove it >:(

I cannot get the PC to go into safe mode because it reboots as soon as I try to log on, but my main irritation is that we bought avast! to take care of virusses. I don’t want to download other tools because the tool I paid for is useless!

Instead of raging,you could explain us more the situation.What type of virus avast did/not detect?Are sure it’s a virus?
Find me an av which can detect every simple malicious byte that exists in this world,please.

Perhaps you should read the the subject again? There are already other posts where other avast! users have exactly the same issue.

I’m glad this is a forum, and I hope other avast! users will read of your infinite wisdom. This virus uses not only avast! name and logo, it messes up internet explorer and probably invites all its buddies while avast! gets all defensive and petty…

FYI:
http://forum.avast.com/index.php?topic=82001.0
http://www.spywarehelpcenter.com/how-to-remove-avast-enhanced-protection-mode-virus-virus-removal/

Some more info:
This virus actually uninstalls the actual avast! and when I tried to re-install it from the avast! Distributed Network Manager (ADNM), it failed with:
07/25/11 16:06:44: rinstInstall begin
07/25/11 16:06:44: Init 50 60 C:\WINDOWS\TEMP\asw32.tmp C:\Program Files\Alwil Software\Management Tools\InstPkgs NULL

C:\WINDOWS\TEMP\asw31.tmp 0
07/25/11 16:06:45: Store
07/25/11 16:06:45: Domains: NETWORK,
07/25/11 16:06:45: Init NETWORK\DESKTOP
07/25/11 16:06:45: DESKTOP: GetAccount
07/25/11 16:06:45: DESKTOP: Queueing
07/25/11 16:06:45: StartThread
07/25/11 16:06:45: Loop
07/25/11 16:06:45: SpawnThreads
07/25/11 16:06:45: DESKTOP: StartSetup
07/25/11 16:06:45: DESKTOP: Connecting
07/25/11 16:06:45: DESKTOP: Copying files
07/25/11 16:06:45: DESKTOP: Copying aswISvc.exe
07/25/11 16:06:45: DESKTOP: Copying Admin.ini
07/25/11 16:06:46: DESKTOP: aswResp.dat not present
07/25/11 16:06:46: DESKTOP: Copying Tasks.xml
07/25/11 16:06:46: DESKTOP: Copying setup.exe
07/25/11 16:06:50: DESKTOP: Copying setif_av_net-425.vpu
07/25/11 16:06:50: DESKTOP: Copying setup_av_net-425.vpu
07/25/11 16:06:52: DESKTOP: Copying av_net_agent-105.vpu
07/25/11 16:06:53: DESKTOP: Copying av_net_cmn-6b.vpu
07/25/11 16:06:54: DESKTOP: Copying av_net_dll409-89.vpu
07/25/11 16:06:55: DESKTOP: Copying av_pro_dll409-1a9.vpu
07/25/11 16:06:58: DESKTOP: Copying av_pro_hlp409-3ca.vpu
07/25/11 16:06:58: DESKTOP: Copying av_pro_skins-14.vpu
07/25/11 16:06:59: DESKTOP: Copying av_srv_core-3ee.vpu
07/25/11 16:07:05: DESKTOP: Copying av_srv_dll-19d.vpu
07/25/11 16:07:07: DESKTOP: Copying avscan-374.vpu
07/25/11 16:07:08: DESKTOP: Copying winsys-2.vpu
07/25/11 16:07:09: DESKTOP: Copying winsysgui-2.vpu
07/25/11 16:07:10: DESKTOP: Copying vps-11072500.vpu
07/25/11 16:08:12: DESKTOP: Copying vpsm-11072500.vpu
07/25/11 16:08:12: DESKTOP: Copying news405-32.vpu
07/25/11 16:08:12: DESKTOP: Copying news409-3d.vpu
07/25/11 16:08:12: DESKTOP: Copying jrog-2e9.vpu
07/25/11 16:08:12: DESKTOP: Copying part-prg_av_net-425.vpu
07/25/11 16:08:12: DESKTOP: Copying part-vps-11072500.vpu
07/25/11 16:08:12: DESKTOP: Copying part-news-56.vpu
07/25/11 16:08:12: DESKTOP: Copying part-setup_av_net-425.vpu
07/25/11 16:08:12: DESKTOP: Copying part-jrog-2e9.vpu
07/25/11 16:08:12: DESKTOP: Copying prod-av_net.vpu
07/25/11 16:08:12: DESKTOP: Copying jollyroger.vpu
07/25/11 16:08:13: DESKTOP: Copying servers.def
07/25/11 16:08:13: DESKTOP: Creating service
07/25/11 16:08:14: DESKTOP: Starting service
07/25/11 16:08:45: DESKTOP: ReadProgress
07/25/11 16:08:45: DESKTOP: Remote service failed, error 126 (The specified module could not be found)
07/25/11 16:08:45: DESKTOP: Finished with error in remote service
07/25/11 16:08:45: DESKTOP: ReadLog
07/25/11 16:08:45: DESKTOP: See remote log: C:\Program Files\Alwil Software\Management Tools\DATA\log\NETWORK_DESKTOP.log
07/25/11 16:08:45: DESKTOP: RemoveProgress
07/25/11 16:08:45: DESKTOP: CloseConnection
07/25/11 16:08:45: TerminateAll
07/25/11 16:08:45: rinstInstall end 0

avast is not alone about this problem, there is also a ESET and Norton version of this malware

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs HERE and not in the guide )

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when posted…

FYI,

Followed Essexboy’s guide before even posting on this forum. Used MalwareBytes antivirus and was impressed at how it removed the virus. Unfortunatly Internet Explorer is still acting up and still cannot install avast! Busy with a complete re-install to actually save time.

It’s a bit unfortunate that avast! is actually pointing their paying clients towards their competitors like MalwareBytes. I guess I shouldn’t hope for a refund when I do switch over…

It's a bit unfortunate that avast! is actually pointing their paying clients towards their competitors like MalwareBytes.
you are wrong. Malwarebytes is not a competitor, it is a tool that is made to be used alongside your AV malwarebytes have a limited signature base.. a bit over 300 000 and consentrate on detecting executable files, and they only want fresh samples, not older then 3 month`s avast have millions of malware signatures and will detect things like infected websites that MBAM will not even look for
Unfortunatly Internet Explorer is still acting up and still cannot install avast! Busy with a complete re-install to actually save time.
Essexboy would have fixed it for you if you had posted an OTS log ;)