Hello
I had been using AVAST for the last 4 years and never had such headaches ,as being faced since Start of using AVAST 5 Edition(FREE) about three months ago.
Since yesterday,As soon as I start any APP,there is a pop up from AVAST saying it is infected(Although these APPS have been in use for years without any problem).
Typical POP UP Message reads
Malicious URL Blocked
Avast Network Shield has blocked a threat.No further action is required
Object: tigiporon.cc/e.exe
Infector URL:Mal
Action Blocked
Process (the path of the blocked app is mentioned)
The Threat was detected and blocked just before connecting to the URL
And this has been going on for all the apps started since yesterday.
I have since done scans with AVAST(quick and boot time)Hitman pro,Spybot S&D,
Super Antispyware,Malware BYTEs.TDSS KILL etc - the usual security utilities I have
at diposal,but All scans are coming clean and the problem continues
Otherwise the PC is working fine-there are no slowdowns,no excessive CPU/Memory consumtion noticed,no suspicious process in Task Manager List and all The APPS after start are working as usual-THE ONLY IRRITATING ISSUE IS THAT ALL APPS ARE BEING FLAGGED INFECTED BY AVAST POP UPS(I have even uploaded the virus chest to AVAST-thinking maybe false positive issues but even after latest update ,AVAST still flags all apps as infected)
Iam pasting here some portions of the AVAST LOGS
avast! Antirootkit, version 1.0
Scan started: Thursday, August 19, 2010 10:48:08 PM
Scan finished: Thursday, August 19, 2010 10:48:11 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0
nshield log
15.08.2010 13:58:18 Network Shield: blocked access to malicious site tigiporon.cc/f.exe [ E:\APP LAUNCHER FOLDER NEW\PASSIVE USEFUL APPS\TEXT MAGICIAN-UTILITY FOR TEXT FILES-PORTABLE\Text Magician\uninstall.exe ( 2032 ) ]
18.08.2010 01:41:02 Network Shield: blocked access to malicious site tigiporon.cc/f.exe [ E:\META FOLDER-DOWNLOADS\DJVU Viewer\DjVuLibre\djview.exe ( 3344 ) ]
18.08.2010 06:00:42 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\PORTABLE APPS\SWEEP RAM-ram optimizer-STANDALONE\SweepRAM.exe ( 936 ) ]
18.08.2010 06:25:50 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ ??\C:\WINDOWS\system32\winlogon.exe ( 460 ) ]
18.08.2010 06:30:54 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\uTORRENT\utorrent.exe ( 1552 ) ]
18.08.2010 06:32:22 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ ??\C:\WINDOWS\system32\winlogon.exe ( 468 ) ]
18.08.2010 06:38:26 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ ??\C:\WINDOWS\system32\winlogon.exe ( 468 ) ]
18.08.2010 06:40:50 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ ??\C:\WINDOWS\system32\winlogon.exe ( 468 ) ]
18.08.2010 07:11:39 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\uTORRENT\utorrent.exe ( 720 ) ]
18.08.2010 07:29:36 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\PORTABLE APPS\FIREFOX-OLD STABLE\FirefoxPortable\App\firefox\firefox.exe ( 2036 ) ]
18.08.2010 07:31:24 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\WORD DOC PROCESSOR-JARTE-PORTABLE\Jarte.exe ( 1412 ) ]
18.08.2010 08:11:54 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\MP3 FILES MERGER-MERGEMP3-PORTABLE\MergeMP3.exe ( 2240 ) ]
18.08.2010 08:16:54 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\MP3 FILES MERGER-MERGEMP3-PORTABLE\MergeMP3.exe ( 3460 ) ]
18.08.2010 08:30:04 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\WORD DOC PROCESSOR-JARTE-PORTABLE\Jarte.exe ( 4040 ) ]
19.08.2010 15:37:42 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\7 zip-Portable\7-ZipPortable\App\7-Zip\7zFM.exe ( 2064 ) ]
19.08.2010 16:07:20 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\uTORRENT\utorrent.exe ( 360 ) ]
19.08.2010 16:13:31 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\FOOBAR MEDIA PLAYER-PORTABLE VERSION\foobar2000\foobar2000.exe ( 2256 ) ]
19.08.2010 18:29:07 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\EVERYTHING STABLE VERSION\Everything-1.2.1.371.exe ( 3804 ) ]
19.08.2010 20:35:41 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\PORTABLE APPS\FIREFOX-OLD STABLE\FirefoxPortable\App\firefox\firefox.exe ( 2576 ) ]
19.08.2010 21:40:24 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\ACTIVE DOWNLOADS\SpywareBlaster\SpywareBlaster\spywareblaster.exe ( 2988 ) ]
19.08.2010 21:50:50 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\CCLEANER-PORTABLE\CCleaner.exe ( 4068 ) ]
19.08.2010 22:42:13 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\PORTABLE APPS\FIREFOX-OLD STABLE\FirefoxPortable\App\firefox\firefox.exe ( 1632 ) ]
19.08.2010 22:43:32 Network Shield: blocked access to malicious site tigiporon.cc/e.exe [ E:\USEFUL CRUCIAL UTILITIES FOLDER\uTORRENT\utorrent.exe ( 1400 ) ]
avast! Real-time Shield Scan Report
- This file is generated automatically
- Started on: Thursday, August 19, 2010 1:26:23 AM
8/19/2010 9:41:59 PM C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\2HOZGBE1\e[1].exe [L] Win32:Malware-gen (0)
While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
During the file delete, error occurred: The process cannot access the file because it is being used by another process
8/19/2010 9:42:00 PM C:\DOCUME~1\Daksh\LOCALS~1\Temp\xxxxx [L] Win32:Malware-gen (0)
File was successfully moved to chest…
8/19/2010 9:42:49 PM C:\DOCUME~1\Daksh\LOCALS~1\Temp\lllll [L] Win32:Malware-gen (0)
File was successfully moved to chest…
8/19/2010 9:43:07 PM C:\DOCUME~1\Daksh\LOCALS~1\Temp\rrrrr [L] Win32:Malware-gen (0)
File was successfully moved to chest…
*
- avast! Real-time Shield Scan Report
- This file is generated automatically
I have done the usual ESSEX BOY protocol of downloading Combofix,TDSS killer and OTS.exe and that too,is not resolving the issue
So here it is a request for one and all to suggest ways to tackle this irritant,failing which,I guess there is no option,but to Re-Install the windows(sadly so)
Hoping for an earliest reply
Q2NA