Avast doesn't start, Error 126, Can't uninstall - Help, please!

Hi ya,

I left my computer on overnight to upload a video, but when I got up this morning the avast! (home edition) icons were missing from the tray.

When I tried to start avast! manually, I got the following error message:

“Error basInitLibrary - initialization of basic library failed! Check out INI file or install program, please. Error: 126”

I downloaded avast! again, but couldn’t uninstall the existing version,I just got, “Uninstall failed”.

avast! automatically updates itself so I’m pretty sure I’ve got the latest of everything.

I also tried 2 system restores (I got Windows XP Home) and now I’m stuck.

Any help would be appreciated - as you may well imagine! :slight_smile:

John Latter / Jorolat

-= You may try to Repair avast installation via Add or Remove Programs → Avast! Antivirus → Change/Remove → Scroll down and select Repair…

-= If it fails, Avast! Removal Tool can be used…

-= Please notify us if all the steps failed so we can continue to try our best to help solve the problem…

Thank you for your reply, Fenrir, I have to go offline soon so I’ll let you know how I got on later.

John Latter

That’s strange… sounds like some avast! files were removed, avast! itself teminated… I’d suspect some malware maybe?

Hi Again, Fenrir. I tried the repair tool, but ended up having to use the Avast! Removal Tool.

Everything went OK with the installation although it was very slow (or seemed so to me).

After I re-booted there was a VB Generator (I’m not sure if that’s the right name) icon in the tray, but nothing else.

I clicked on the merge icons option and nothing happened except the first icon disappeared.

When I tried to start Avast! using the desk-top short-cut, I got the same error message as before :frowning:

John

I do hope not, igor!

John

-= Seems like we have to follow Igor’s response…

-= Download Malwarebytes Antimalware, install, update & run a scan… It would be nice if the result would be posted…

-= You may also consider downloading TrendMicro Hijack This & post a log file [attaching it in your post would be better]…

-= Do you have any other antivirus(es) before/alongside avast…?

Okey-doke, Fenrir, thank you very much for the links and help :slight_smile:

I’ll download them now, but may not be able to post until tomorrow.

John

Er, despite good intentions, I did click on remove and all but one were deleted immediately.

I had to reboot in order to remove last one, but no pop-up or anything has said whether it was successful or not.

Here’s the 2nd report from before reboot:

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) → Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command(default) (Broken.OpenCommand) → Bad: (C:\Program Files\ScriptSentry\ScriptSentry.exe “%1” %*) Good: (regedit.exe “%1”) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) → Quarantined and deleted successfully.
c:\program files\BtHook.dll (Spyware.OnlineGames) → Quarantined and deleted successfully.


I’ll now try Hijack-this

John

Wow, Hijack-this was really fast!

Anyway, I’ve attached the logfile (‘fingers crossed’ that these and the earlier results will fix the problem!).

John

Looks fairly standard routine you’ve gone through, John.
Your computer should be clean again for now. All things going well.

However, the following suggests that you have some weaknesses in your security, which should really be sorted out once your up and running, so that this kind of thing doesn’t happen again.

I left my computer on overnight to upload a video, but when I got up this morning the avast! (home edition) icons were missing from the tray.

Don’t hesitate to ask, and the forum will help you put together an airtight defense.

Edit - sorry I posted same time as your HjT came through. Someone will attend to it before long.

Thanks, mkis, I’m really pushed for time at the moment, but is there anything I ought to do about the Hijack-this report?

During its scan, a pop-up said I had loads of entries beginning with “O1” and I should consider deleting my Hosts file.

Presumably it is safe to do that, only I’ve forgotten where its hidden (I’m sure I’ll find it somehow).

The offer on help in putting together an airtight defense sounds pretty good :slight_smile:

I just tried the shortcut to Avast! and I’m still getting the original error. I didn’t really expect to work - I suppose I have to uninstall and reinstall again?

John

This is strange as I wasn’t aware of any such HJT function to alert in this way, I though it just gathered data and ‘you or others’ analysed that data.

The O1 entries redirect liveadvert.com to livetechnology.com (that is where the IP addresses are.
I would fix ‘all the O1 Hosts entries in HJT,’ I don’t know if that also clears the entries within the hosts file.

HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.

Once open you are looking for those entries that are listed in the HJT log and delete those lines. Also look for other entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file

Dont delete your hosts file.

There are some things you need to do. But I would prefer that someone advised on your HjT log first. I’m not an expert on these logs, but at first glance looked like a fairly heavy infestation of spyware type malware but maybe something a bit deeper not helping things.

Edit - okay you got some help. If you look at my profile below, you will see that I protect my hosts file from intrusions.

Thank you for the replies, chaps :slight_smile:

I’ve just about had time to read them, but now I have to go. I’ll be back tomorrow.

John

[PS: My hosts file is too long to post in one go so I’ve split it into two (correctly, I hope)]

Hi ya,

I used HJT to delete the liveadvert.com entries and then a whole new lot of O1 entries appeared when I re-ran HJT.

I started to delete these, but when I looked at the Hosts file itself, it said they had been inserted by Spybot which I last ran 18 months ago (I had forgotten about this program).

I could put back the Spybot entries I’ve deleted, but I don’t know if I should or not. I’m guessing that the reason all the entries have the same date is because Spybot put them there.

Er, I’m not sure what to do about the Hosts file (which I’ll attach) - and should I try uninstalling/re-installing Avast! yet?

John

Here’s the 2nd half of my hosts file (‘phew’).

John

John I think you need to clear your hosts file anyway and let it reset from default.

I havent come across this kind of thing before so I’m going to run a temporary plan of attack to you and I think you should perhaps wait for a second opinion as there may be different ways to sort out the problem. My way is a basic fix-it by starting your hosts protection off all over again with mvps. I’m not going to bother looking at whats in there or what may be trying to take over if that is the case. Seems was doing an okay job back when you were also using Spybot.

This how you set up again with mvps.

Go to site –

http://www.mvps.org/winhelp2002/hosts.htm

This is the text you’re looking for – (where the blue color denotes hyperlinks)

To view the HOSTS file in plain text form. (597 kb) (opens in browser) Note: The text version also makes a terrific reference for determining possible unwanted sites Download: hosts.zip [right-click - Select: Save Target As] [Updated May-11-2009]

This download includes a simple batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP then copy the included updated HOSTS file to the proper location. For more information please see the readme.txt included in the download.

You will want to download hosts.zip from the page. Extract files from the zip package and and follow directions on the readme text document closely.

You might also look at using Hostman, which should return your hosts file to the state it was in back in the days when you also had Spybot.

Here is the logic behind protecting against intrusion of your hosts file

http://forum.avast.com/index.php?topic=43658.msg365399#msg365399

But for now, just hold on a moment and see if we have another opinion because I 'm not sure whether the hosts file issue is the cause of your problem or just another effect. In the event you run with mvps for hosts file protectoin then you can run another HjT scan and see what is brought up this time.

I recommend HostsMan and its browser speedup proxy HostsServer:
http://www.abelhadigital.com <== I use 3.2.70 Beta6 release and it works fine

I do not use Spybot S&D’s HOSTS file as it does not go through the rigorous maintenance that hpHosts and MVPS HOSTS file do.

Sun Java is downlevel and has security exposures so go to Add/Remove Programs and uninstall all Sun Java installs.

Download and install Java Runtime Environment 1.6.0.14:
http://filehippo.com/download_java_runtime

Install User Profile Hive Cleanup Service to help with slow log off and unreconciled profile problems:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Run Secunia Online Software Inspector to find other vulnerable applications:
http://secunia.com/vulnerability_scanning/online

I’ve downloaded and installed HostsMan, but when I tried re-installing Avast! I still get the same error :frowning:

John