Avast got owned! Shame shame

Ok, now this is really freaking me out. I think avast got itself infected.

Here’s the story, I opened an .exe file (containing virus) and sudently, my avast stopped running. The tray icon disappeared as well. I rebooted. At windows start up avast runs, but closes instantly. I decided to start windows in safe mode, but I ouldn’t do it, because computer rebooted itself automatically while loading components.

When I try to run avast, an error occurs and an window pops up asking me to send the error to the avast team.

I tried to uninstall avast in the add/remove programs, but although it appears in the list, it seems like it’s already uninstalled, because when I click on it, it starts the installation setup (!).

So now I ran Panda ActiveScan, it found some spywares and 1 file with a virus. It’s the .exe file I opened and that started all this issues. Virus name is Mitglieder.LX. Panda detected what avast didn’t. File is deleted now, but problems remain present of course. I don’t know what this virus did to me, but I’m guessing it deleted some useful system files.

Needless to say I won’t trust avast anymore after this one.

Try here

http://www.google.ca/search?q=Mitglieder.LX&hl=en&lr=&filter=0

more info here http://www.symantec.com/security_response/writeup.jsp?docid=2004-060716-2359-99

What you have or had may be a new variant but if Panda caught it then thats less likely.
If your system is now compromised then disable /turn off when your not using it as its probably generating spam remotely.

If you need help beyond the removal instructions recommended then post back.
good luck :slight_smile:

Thanks Cloussau.

Unfortunately I don’t think that’s the same one. The one Panda caught was named Trj/Mitglieder.LX and I really don’t know exactly what it does. http://antivirus.hispavista.com/virus_143029_mitglieder-lx

What I can tell is that I’m going to format my computer. Damn! I already repaired windows, but it didn’t work.

What’s happening is at least this: Windows won’t allow me to install Anti-virus of any kind. Even SP2 security center doesn’t show the “anti-virus” tab, seems like it was removed. My computer is now an open door.

Safe mode doesn’t work in any way. I already tried to disable some sys files from booting that could be responsible for a conflict, but it didn’t work either. It’ll start only in normal mode, and the welcome message takes ages to load. Finally when I logon, a handful of kernel error start to show up.

First detected by Panda on 29 Dec 06 so yes, pretty new. Additional info can be found here

http://www.pandasoftware.com/com/virus_info/encyclopedia/overview.aspx?lst=vis&idvirus=143029&sitepanda=particulares

Cruzadas, according to Panda one of the symptoms is a rather non-specific “displays false error messages when it runs”, so don’t rush into a reformat.

You could try this to boot into safe mode:

Click Start, Run and type MSCONFIG in the box and click OK
The System Configuration Utility appears, On the BOOT.INI tab, Check the “/SAFEBOOT” option, and then click OK and Restart your computer when prompted.
When you’re finished open MSCONFIG again, on the BOOT.INI tab, uncheck “/SAFEBOOT” and click OK to restart your computer

Regarding the Security Center, you could check in HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Security Center to make sure AntiVirusDisableNotify is set to 0. A value other than blank or 0 will disable this option (if you make any changes to the registry be sure to first make a backup, of course).

Also, if you don’t already have a third party firewall this would be a very good time to install one.

There is a chance additonal malware has been downloaded so you will want to scan with AVG Anispyware, A-Squared, SuperAntispyware, etc. Post again if you need any additional help with this.

Oh and, btw, you probably already know that no antivirus, antispyware, anti-whatever is 100%. There will be times that Panda misses something another tool catches. Work on layered protection and safe practices rather than seeking perfection.

do u have the file with this trojan to send it to virus@avast.com?if u have the file,create a password-protected rar/zip achieve with this file,and send it by email at virus@avast.com …dont forget to write the password so they can open the achieve and any further info u think its important about this virus…