Avast! Stopped working!!

http://i180.photobucket.com/albums/x222/Enma_Ai_00/001.jpg

One day just stopped. It began to read, insecure system, with a red cross and all. I uninstalled it in safe mode, and re-install, repair from the control panel, and all the solutions I found in this forum and I`m still having this problem.
My version is registered.
Thanks for any help you can give me.

  • Which avast!: Free
  • Which version: 7.0.1466
  • OS: Windows Vista Home Basic, 32 bits, SP 1
  • Other security related software installed: None
  • Which AV did you use before avast!: After the problem I tried: AVG, Avira, Eset, Panda. But before, none. Avast! was my first AV.

First, be sure to get rid of all remnants of your prior installed AVs.
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=574
http://singularlabs.com/uninstallers/security-software/

  1. Download avast! Free Antivirus: http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
  2. Follow instructions: http://www.avast.com/uninstall-utility (Run this tool for all prior installed avast! versions…!!)
  3. Reinstall avast! with the downloaded installer from point 1.
  4. Reboot.

Done… and still having the same problem… :cry:

Take a look here

https://forum.avast.com/index.php?topic=56896.0

also here

https://forum.avast.com/index.php?topic=90543.0

You could also do a Internet search for “avast in inconsistent state” to see if you can find other posts on this forum regarding your issue and how to possibly solve it.

Ok, done a clean reinstall, like it said on those post, and nothing changed. This´s my HijackThis log…

Shinigamisenpai.

If you ran uninstallers from here: http://singularlabs.com/uninstallers/security-software/
for all those AV that you named above.

Uninstalled Avast! with aswclear.exe in safe mode.

Reinstalled Avast! with a fresh copy downloaded from here: http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe

and still having problems.

Better to follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( Do not copy/paste ) logs for AdwCleaner, Malwarebytes’ (MBAM), OTL, and aswMBR.exe here where and specialist will review the logs.

FYI HijackThis is no longer used.

Ok, done all the stuff from the guide…

Sorry, I just posted because that´s what the guy from these post had done

Malware specialists notified. Wait please.

i see lots of files from Panda Cloud Antivirus in there… ::slight_smile:

[list]@Shinigamisenpai

Hi, :slight_smile:

[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.


Preparation …

Multiple Antivirus Programs

You are running more than 1 Antivirus program!

(AVAST Software)
(Panda Security, S.L.)

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

Then go here adn download uninstaller tool to remove antivirus remains:
http://singularlabs.com/uninstallers/security-software/


To make sure nothing left behind …

Download AppRemover (~ 6MB) on Desktop .
Run it by double-clicking

Click Next, choose the second option (Clean Up a Failed Uninstall), confirm with Continue, go to Next, wait to be finished, choose If something is listed, scan and remove it by clicking on the Next .

*************************************
Malware Removal

Step#1

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Step#2

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.


Step#3

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

This is what happened:
*AppRemover doesn´t find anything about Panda…

  • I executed TDSSKiller.exe…here´s the log
    *Combofix: downloaded the exe, Avast doesn´t let me turn off the shields, the program is still running “at my own risk.” Then Windows will not boot, 5 blue deaths later, I restored the system before ComboFix.
    *I considered throwing the notebook against the wall and set it on fire
  • I don´t have any usb stuff, just a cellphone with a memory card… I connected it anyway and the log off McShield is empty…

And… Avast is working again!!! I don´t know in what part of this disaster that happened! So is finished? I need anything else? Final advice?
Thank you so much for your help!!!

Hm hard one … Ok.

We will repet TDSSKiller scan. If you have old copy of TDSSKiller, please delete adn download fresh one:

Step#1
Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.


Step#2

[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.

[*]If an infected file is detected, the default action will be Cure, click on Continue.
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.


Step#3
Re-run OTL, click on RunScan and attach here fresh OTL.txt logreport


Step#4

Download AVZ Antiviral Toolkit from the following link:

http://support.kaspersky.com/downloads/utils/avz4.zip

[*] Extract the archive to a folder.
[*] Run AVZ (double click on
http://amf.mycity.rs/pg/images/avz.png
icon);

[*] Click on File > Scripts Standard ;

[*] In the window that opens check options 2 and click Execute Selected Scripts;

[*] Click Yes ;

[*] When scan is finished you will get a note: Script Executed ;

[*] Exit the program.

Attach file virusinfo_syscheck.zip contained in folder AVZ \ Log on the forum.

Hi again! Sorry for the delay… Here`re the files you asked me!

*virusinfo_syscheck.zip.
You cannot upload that type of file. The only allowed extensions are txt,jpg,gif,png,log.

So here´s the file on mediafire…
http://www.mediafire.com/?nnxmg9a6fpx051j

Hi,
I still see driver modules by two active antivirus that may cause real problem to your system.

DRV - [2012/08/21 06:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers[b]aswSP.sys [/b]-- (aswSP)
DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] – C:\Windows\System32\drivers[b]NNSPrv.sys[/b] – (NNSPRV))

Please, read again “Multiple Antivirus Programs” and warning.

You need to uninstall one AntiVirus. Than download uninstaller tool to remove remaining leftovers.
http://singularlabs.com/uninstallers/security-software/


Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
IE - HKU\S-1-5-21-2712004474-2089528838-1624444860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=04ec29e10000000000000015afb0ef47
IE - HKU\S-1-5-21-2712004474-2089528838-1624444860-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108976&babsrc=SP_ss&mntrId=04ec29e10000000000000015afb0ef47
IE - HKU\S-1-5-21-2712004474-2089528838-1624444860-1000\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O33 - MountPoints2\{19558f4f-9bf0-11de-a53a-0015afb0ef47}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{19558f58-9bf0-11de-a53a-0015afb0ef47}\Shell\AutoRun\command - "" = E:\em8tqm.cmd
O33 - MountPoints2\{19558f58-9bf0-11de-a53a-0015afb0ef47}\Shell\open\Command - "" = E:\em8tqm.cmd
O33 - MountPoints2\{19558f77-9bf0-11de-a53a-0015afb0ef47}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
O33 - MountPoints2\{19558f77-9bf0-11de-a53a-0015afb0ef47}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe
O33 - MountPoints2\{19558f7f-9bf0-11de-a53a-0015afb0ef47}\Shell\AutoRun\command - "" = E:\WIN\DOWS\LAX.exe
O33 - MountPoints2\{19558f7f-9bf0-11de-a53a-0015afb0ef47}\Shell\open\command - "" = E:\WIN\DOWS\LAX.exe
O33 - MountPoints2\{1ad99163-77b5-11df-b1e0-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad99163-77b5-11df-b1e0-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1ad99168-77b5-11df-b1e0-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad99168-77b5-11df-b1e0-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2bd3f48c-b11d-11e0-a278-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{2bd3f48c-b11d-11e0-a278-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4101fd19-3015-11df-b56d-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{4101fd19-3015-11df-b56d-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4101fd25-3015-11df-b56d-0090f5812f32}\Shell - "" = AutoRun
O33 - MountPoints2\{4101fd25-3015-11df-b56d-0090f5812f32}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{50808b0a-f3c2-11de-9a0a-0090f5812f32}\Shell\AutoRun\command - "" = E:\rRYEyv.Exe
O33 - MountPoints2\{50808b0a-f3c2-11de-9a0a-0090f5812f32}\Shell\opEn\coMmaNd - "" = E:\rryEyV.exE
O33 - MountPoints2\{517d9a49-9bba-11df-8ce4-0015afb0ef47}\Shell\AutoRun\command - "" = p9rs.exe
O33 - MountPoints2\{517d9a49-9bba-11df-8ce4-0015afb0ef47}\Shell\open\Command - "" = p9rs.exe
O33 - MountPoints2\{551217e2-8a6f-11df-869d-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{551217e2-8a6f-11df-869d-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{55121801-8a6f-11df-869d-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{55121801-8a6f-11df-869d-0015afb0ef47}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55d1bcd6-9be9-11de-88b9-0015afb0ef47}\Shell\AutoRun\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{55d1bcd6-9be9-11de-88b9-0015afb0ef47}\Shell\open\command - "" = RECYCLER\autorun.exe
O33 - MountPoints2\{61fff5cb-c565-11df-abeb-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{61fff5cb-c565-11df-abeb-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{61fff5ea-c565-11df-abeb-0090f5812f32}\Shell - "" = AutoRun
O33 - MountPoints2\{61fff5ea-c565-11df-abeb-0090f5812f32}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{648e2de0-ca2e-11df-92ca-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{648e2de0-ca2e-11df-92ca-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{648e2de1-ca2e-11df-92ca-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{648e2de1-ca2e-11df-92ca-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77c5a420-d067-11de-b7f8-0015afb0ef47}\Shell\AutoRun\command - "" = E:\RECYCLER\autorun.exe
O33 - MountPoints2\{77c5a420-d067-11de-b7f8-0015afb0ef47}\Shell\open\command - "" = E:\RECYCLER\autorun.exe
O33 - MountPoints2\{80bab5dd-13f5-11e0-9336-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{80bab5dd-13f5-11e0-9336-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{80bab5fc-13f5-11e0-9336-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{80bab5fc-13f5-11e0-9336-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{84da45d8-fc61-11e1-8dd7-0090f5812f32}\Shell - "" = AutoRun
O33 - MountPoints2\{84da45d8-fc61-11e1-8dd7-0090f5812f32}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{85ffa9d3-8a85-11df-ad08-0090f5812f32}\Shell - "" = AutoRun
O33 - MountPoints2\{85ffa9d3-8a85-11df-ad08-0090f5812f32}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8d2a725e-bc6a-11e1-862a-0090f5812f32}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{8dfc310f-0ba8-11e2-87f7-0015afb0ef47}\Shell\AutoRun\command - "" = autorun.exe\autorun.exe\autorun.exe
O33 - MountPoints2\{8dfc310f-0ba8-11e2-87f7-0015afb0ef47}\Shell\open\command - "" = autorun.exe\autorun.exe\autorun.exe
O33 - MountPoints2\{ab9efd5d-9c13-11e0-be6c-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{ab9efd5d-9c13-11e0-be6c-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ab9efd62-9c13-11e0-be6c-0015afb0ef47}\Shell - "" = AutoRun
O33 - MountPoints2\{ab9efd62-9c13-11e0-be6c-0015afb0ef47}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cb322842-1801-11df-8334-0090f5812f32}\Shell - "" = AutoRun
O33 - MountPoints2\{cb322842-1801-11df-8334-0090f5812f32}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{d63da928-f680-11e1-a5ee-0015afb0ef47}\Shell\AutoRun\command - "" = E:\RunClubSanDisk.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

:Files
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Users\Bangho\AppData\Local\Babylon
C:\ProgramData\Babylon
C:\Users\Bangho\AppData\Roaming\Babylon
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]



[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


Re-run OTL, click on RunScan and attach here fresh OTL.txt log

Hi, I want to thank the help and patience you gave me with this problem, but after many difficulties, I wiped my drive and installed Windows 7. Thanks anyway! You were very kind.
Kisses!! :smiley: