Avast firewall started yesterday blocking outgoing in every second

i did quick scan with malwarebytes, avast and system scan with spybot search and destroy. nothing found.

so i runned after that:

  1. OTL (created only 1 txt file, i add and choose everything like it was in post “Logs to assist in cleaning malware”)
  2. ComboFix (downloaded from bleeping computer)
  3. aswMBR

also opera (running in sandbox) stopped answerin and craches when i wrote this in first time, but that can be just random windows bugs :smiley:

in avast firewall program rules:

this is the one it likes to block like there isint going to be next day.

System
Palvelu- ja ohjainohjelma… well 10 min ago it was rundll32?
Microsoft Windows
and red text, something like “no singned”

log experts are notified, it may take some hours before they are online…

Let me know if the problem still occurs after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1135656722-3350861968-764399882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1135656722-3350861968-764399882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

there you have.
avast firewall is still blocking that system thing in every second.

while waiting fore essexboy to be back, can you attach a screenshot of the avast popup…

i just noticed something. when i open avast firewall program rules list after starting windows it will show 2 and 3 line empty in that system.
if i click, resident evil 6 rule and then click that system rule it will copy 2 and 3 line from it, it show now

System
RESIDENT EVIL 6 -copyed from resident evil 6 rule
QLOC S.A. -copyed from resident evil 6 rule
“not signed”, with red colour)

:o

and its not a pop up, i just noticet that every second block when i was unable to play team fortress in steam, i can play it now but it will still ad new line to block list in every second.

E: jep, that first picture was wrong sorry
and there is opera too, well, if avast is blocking something in opera when it is on sandbox, it could perhaps explain why it crashes just 3 times more, 1 crach after 1 pic was attached :smiley:

and here is that system with 2 and 3 line copied from resident evil 6 :slight_smile:
was too big to put earlier post

Nothing is showing so lets look a little deeper

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please attach its contents on your next reply.

i wasent so sure what “beside” mean so loaded modules was only option i didint choose.
only 1 suspicious found

Does this only happen when you are running opera ?

well, opera is the only thing have been craching, avast will start adding that same line at the second when i activate internet connection, by turnin router on. but it dosent seems to do anything else than that, everything else is still working normally.

OK the file that it is blocking, is the resident evil one as it is not signed, have you patched that file at all ?

im sorry, but i dont understand the question :-[

is this 1 big question or is just the last part of it question “is the resident evil one as it is not signed, have you patched that file at all”

No problem…

Avast is stating that a resident evil file is not signed
This may be the updating element of the game
So disabling auto update on the game may stop the alerts
Have you added any patches to the resident evil game ?

… ???
well, maby i wasent clear enough in previous post i attached that picture…
Avast dont have any idea what it is blocking and where that file is.
so, im trying to explain more—> there isint anything in 2 and 3 line of that “System”, no file name or location can be found in there.
if i click first windows media player rule and then system rule, 1 and 4 line changed to system and that red text but 2 and 3 from windows media player stays there. so it think it,s blocking media player. if i click avast service rule and then system, same thing will happen, now the system file second line is avast! Service and third line is AVAST Software a.s.

do you understand now?
avast dosent have any idea what it is blocking and where it is… ;D

Open the firewall and go to logs
Move it to the right until it shows application
That will show what is being blocked
Could you screenshot it

okay, here you have.

just in case, i add here finnish words what you have in your pic so you can compare them, or something :slight_smile:

Local Port - Paikallinen portti
Protocol - Protokolla
Direction - Suunta
Application - Ohjelma
Rule - Sääntö

All those blocks are directed at the router, so they are internal system communications. Are you on a network ?

sorry, im not sure what that mean, im just normal people using this computer in my home, its not part of any big company network, if that was what you mean?
can i then just ingore that system blocking?

Yes you can ignore that, by network I mean do you have other computers in the house using the same router