I had upgraded to Avast 8 in April without any problems. It seemed clunky but usable. In mid April there were several updates all at once.(Java, Windows, Firefox, Avast, etc) and one day Avast died on me. The tray icon couldn’t be accessed and neither could the desktop icon. Windows said I was “still protected”. ( I had been watching a YouTube video and when I minimized it the Avast tray icon was gone)
I disconnected my router and managed to do file scans by right clicking on folders. Nothing was detected so I rebooted. Avast started but didn’t work right so I did a repair. After the repair I could scan from the UI if I deselected the choices in the settings > performance. I began to notice stuff like: SVC: WmdmPmSN > C:\WINDOWS\System32\svchost.exe
I downloaded and ran msert.exe (with Avast disabled) and found nothing. I reinstalled Avast and had the same problems. I downloaded Malwarebytes and found these problems:
Mallwarebytes fixed these and there have been no more infections detected…
Before upgrading to Avast 8.0.89 I used aswclear.exe in safe mode and reinstalled in safemode. Avast works fine but I still get the SVC messages and quick scan works best if I deselect choices in settings/performance.
My ISP didn’t notice any unusual actvity on my connection.
I tried AdwCleaner and got these results:
***** [Registry] *****
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
I checked again but had to update the program. I got the following result:
***** [Registry] *****
Key Found : HKCU\Software\YahooPartnerToolbar
My latest scans are clean.
Avast hasn’t detected any viruses or problems and works but I still get the SVC messages in the GUI and scan logs. The boot scan log doesn’t show the same problem.
I will attach AdwCleaner log, Malwarebytes log, both OTL logs, and the aswMBR log.
I also have a farbar service scanner log and a TDSSKILLER log.
Thanks DavidR. To clarify I have avast! free 8.0.1489.
I have a TDSSKILLER question for whoever helps me (this may save time). When i first used the program I checked the verify fit signatures and got a hit on FlipShareServer ( UnsignedFile.Multi.Generic ) and quarantined the file. Elsewhere I read that that setting shouldn’t be used. The scan without that box checked came up:
13:04:02.0250 3476 Detected object count: 0
13:04:02.0250 3476 Actual detected object count: 0
– if a TDSSKILLER log is requested should I rescan? And what do I do with the quarantined item?
Portable Media Serial Number Service WmdmPmSN svchost.exe
Retrieves the serial number of any portable media player connected to this computer.
Manual
Disable if you never use DRM music devices.
That service is legitimate and to date has never been compromised
How is the computer behaving as the logs look good
Thanks Essexboy. I try to keep tabs on what’s happening on my computer and when Avast “broke” I got a little paranoid and started doing checks of Event viewer, and other tools. I just don’t have the experience to interpret some things.
I haven’t had a virus alert on a website for over a month and readings like these looked odd:
Service .NET CLR Data [???]
Service inetaccs [???]
The only google links related to them lead to virus forums.
Avast does seem to be working properly and today’s full scan showed no infections. Today’s mbam full scan was clean too.
I have the odd crash when playing an mmo but that seems to be a memory issue in the game. I get the odd Thunderbird crash on exit ever since I upgraded to the latest build. The computer seems to be running fine overall.
My main concern was that something may have corrupted Avast or was hiding so well it couldn’t be detected.
Questions:
There are some empty McAfee folders in Documents/Settings.Should I use the Mcafee equivalent of aswclear?
2, Sqlserver was installed with the system and I never removed it because i didn’t want to fix what wasn’t broken. .Net was used by an mmo interface but is no longer. Is there a program to check dependencies to see if these are safe to remove? Should they be?
Update: After I wrote this I went for breakfast and turned on my comp when I came back. AvastUI.exe failed to start and I couldn’t right click/scan. Security center said I was protected. Both AvastSVC.exe and AvastUI.exe showed up in taskmanager and the latter had a smaller VM. I did a quick mbam scan (clean) and tried adwcleaner (clean). I had to press the reset button to reboot. Avast loaded normally with the UI and a quickscan was clean. Things seem back to normal now.
Reference dotnet framework, there are quite a few programmes that use that now. You can uninstall it but you may need to re-install if a programme requires it
I think I ran a chkdisk and it was okay but I could always do more maintenance if needed. I’ll remove the McAfee and leave the dot net.
Once I’m satisfied things are okay should OTL and the temp cleaners be removed. I saw a reference to that in a forum post somewhere. I will of course keep Malwarebytes.
I’ll clean up the McAfee later today when i return. A cold boot will let me see if the UI glitch returns. I’ll have a look, and do some scans and may start on the temp cleaners.
I cleaned up the McAfee, and ran the computer for a session or two and then removed the AdwCleaner and OTL. They both uninstalled nicely and I like how OTL takes care of the other temp cleaners.
I have run several sessions over the last two days and the computer is running fine. Email and net access seem normal. Avast is updating properly, running properly, and the GUI issue hasn’t come back. After reading some of the posts here I’m glad my “security refresher” was so painless.
Thanks Essexboy. You guys do great work here and I’ld email you a milkshake but Avast would treat it as a weight gain virus.