I’ve been a happy Avast user for years without issue. The other night my avast was turned off by something, and it will not allow me to restart. In the summary tab, it just says “Unsecured” with a red X. When I click “FIX NOW”, it says “The following components could not be started: Mail Shield, IM Shield, P2P Shield, File System Shield, Web Shield, Script Shield, Behavior Shield, Network Shield”. If I click the link that says “Start program”, it has no response at all.
I uninstalled Avast in safe mode using the Avast uninstaller as mentioned by another post on this forum. I then downloaded the latest Avast and re-installed. Avast worked properly for 5 minutes and then stopped and shows the same symptoms listed above.
I uninstalled-reinstalled and tried to run a full system check, but after 35 hours, it still says 0% checked, and once again Avast has been turned off.
I am running Windows 7 and using Firefox.
I also seem to have an issue with Firefox where all my google search results direct me to a page called “CC Search”. Not sure if that is a related symptom, or if its a virus I got because my Avast was down.
It feels like I have some sort of virus which is designed to attack Avast and make it turn off. Is that possible?
Can you try to visit some of the common websites like yahoo.com, espn.com ot nasa.gov and please update us with the results. This is just to make sure that whether your browzser is being hijacked or not.
Browzer works fine. Any site I try to visit directly will work. However, if I google ‘antivirus’, and google gives me a page of 10 results, if I click on any of those 10 results (lets say one is www.avast.com), it will take me to a page called “CC Search” where it lists THEIR results for my original search of ‘antivirus’ in hopes that I’ll click the links and they’ll get the pay-per-click ad revenue. However, the address in the nav bar would still read ‘www.avast.com’, so by highlighting and clicking it will take me to the site I originally intended to go to. So I can still use FF, but with a work-around.
I am not familiar with malwarebytes. I will try that and post results.
Downloaded and ran Malwarebytes and it seems to have a similar response to Avast. It installed fine and began to run a check and then shut down after 0:00:04. When I try to re-start it from the start menu, it says: “Windows cannot access the specified device, path or file.”. However, I still see it in my systems tray with checkboxes checked for “Enable protection, Website Blocking and Start with Windows”, but I can not bring up any sort of control panel by clicking on the icon. When I try to select “Start Scanner”, it does nothing. No reaction.
This seems to be a rootkit infection in the computer.
We need a few more info regarding the infection. So can you open the Task Manager by pressing Ctrl+Alt+Delete buttons and go for Process tab. Please check for an entry with
“random set of numbers”:“random set of numbers” for example “456896:45689512xxxxx”. And please update us back.
OK, I downloaded aswMBR and clicked scan. It showed some activity for 5-10 seconds and then shut down. When I tried to restart, it said “Windows cannot access the specified device, path or file”. Then it asked me which program I’d like to use to open aswMBR.
So I downloaded a second copy “aswMBR(1)” and had the same effect.
When you download Combofix save the file as svchost on your c drive root i.e. C:\svchost
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your C Drive as Svchost
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
thanks for the reply essexboy, i would be greatful if you can share the workaround coz i m having trouble removing the same from my friends computer. not allowing me to run any tools/scanners.
