system
1
Hi All,
First post.
I think I’ve been hit by some type of malware attack. Avast was switched off and I was getting an error message about group policy settings when I tried to start Avast.
Am on Win 7 Home.
After much web searching and scans and installing and uninstalling of programs I have got to a stage where I can run Avast again.
But, Avast will not auto-start on boot-up! Also, the context menu scan feature seems not to work. :-[ :-\
Am I still infect?
what/how can I get this fixed?
Eddy
2
What told you that avast was switched off?
If it was/is the security center from Windows, it is a known bug in the windows security center.
What programs did you remove and installed again and how?
Do you have any other security software installed and if so which one(s) ?
A group Policy blocking avast is not normal. At all Eddy. I would suspect 0Access. That might imply an IFEO blacklist blocking Avast!.
Go Here
Download and run: OTL, Malwarebytes Anti-Malware & aswMBR
Attach the following log files in your next reply.
-OTL.txt
-Extras.txt
-aswMBR.txt
-Malwarebytes.txt
After that, I can ask a remover to come help you if any problems are present.
Edit: Can you try to re-install AVAST!?
system
4
Okay it was that the Avast icon was not in my system tray. I then went to Start: all Programs and tried to start Avast there. That is when I got the Group Policy type of error saying I didn’t have permission to start Avast.
I uninstalled avast from control panel then used avastclear in safe mode, booted to normal and used Rejzors uninstall. I have done this a few times now.
I had zonealarm and spybot s&d wen this all first happened. I now have malwarebytes installed and have just run a scan which showed as clear.
system
5
Just seen post by Michael (alan1998)
Thanks, will do and then be back.
system
6
Okay, attached aswMBR, extras, otil and mbam.
AswMBR though may be wrong. It took over 12 hours before I it save log and exited. Should I run it again? Not sure why the ‘quick scan’ took sooo long?
system
7
Hi,
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Hello,
Argus has come. Please listen to him.
system
9
Hi, yes no problem, I was just getting these done when you posted.
Attached.
system
10
I see no present or active malware.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKU\S-1-5-21-3722593541-308869362-1513390712-1004\...\MountPoints2: {11947c5c-04b8-11e3-bd8a-81689a2c6413} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3722593541-308869362-1513390712-1004\...\MountPoints2: {1ff0c034-6e72-11e1-9a54-9fa5d182a443} - F:\PcOptions.exe
HKU\S-1-5-21-3722593541-308869362-1513390712-1004\...\MountPoints2: {3ea37072-b9d4-11df-9389-705ab64cd207} - F:\LaunchU3.exe -a
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
C:\Users\Mitul\AppData\Roaming\RegFree.ini
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
— > Try to uninstall Zone Alarm.
system
11
Okay, ran that and log attached.
system
12
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )
system
13
Okay so this is odd… Even though there was no Avast icon in my system tray, when I turned on comboFix - it said avast was running. So I started Avast from he Start menu and then turned it off before running combofix.
system
14
Open notepad and copy/paste the text present inside the code box below:
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
ClearJavaCache::
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
system
16
How is the situation now?
system
17
Much the same I’m afraid. Still no Avast icon in the systray on start-up.
Although avast! Antivirus does seem to be running as a Service.
system
18
Hmm, system is clean.
Maybe ZoneAlarm real problem, uninstall ZA.
Reinstall avast once again.
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
system
19
Okay so I uninstalled zonealarm, rebooted, got nothing.
Removed spybot s&d also, rebooted, got nothing.
Uninstalled Avast, used avast cleaner and avast cleaner.
Re-installed Avast from online installer.
Rebooted…
And still no icon in systray. Context menu scan also still not working, in fact it gives me an error “AvastUI is currently not running. Please run the application before starting a scan”.
Incidentally, this is the closest to other report of similar problem: http://www.spywareinfoforum.com/topic/135574-malewarebytes-avg-wont-start-this-program-is-blocked-by-group-policy/?p=786870