Avast update connects to adult site

General Topics
21

I have no Defender installed, I suppose it is included in SP3… I don’t know if I’ll be able to download it and get all the updates after that… at least I never used IE and I’ll never use it, I think I could (well, must) cope with that.

I’m downloading the Italian installer within the setup wizard, it will take a long time because I had to switch back to the dial-up connection - the proxy connection is faster but fails to download large executables… once more :-/ …hope that it will solve the main issue of this topic, at least…

I’ll let you know.

In any case I’ll try to take on any possible security check & upgrade as suggested here so far - after getting a working installation of avast to my system.

By the way, can I assume to be safe without installing any different firewall since I usually surf behind such a wonderful (awful) 80-port-only proxy?

Well, that’s a bit off topic here but anyway, that’s just an informative question, I’ll set up a firewall in any case - I’ve read something about that and I’d like to have an opinion from hands-on people.

Thank a lot once more, have a nice weekend,
Frank

22

No. Both things aren’t related. You need a firewall, but first, you need your computer clean. After that we can make firewall suggestions and help you.

23

Hi everybody,
problem solved, avast does not connect to that adult site any more during the update process, also those “.vbs” files do not appear any more in the update messages.

During the boot-time scan avast found three viruses:

07/12/2009 01:42
Controllo di tutti i drives locali

File E:\System Volume Information\_restore{4845F5C9-A05A-47D7-9371-C4CB905DB49C}\RP56\A0054917.exe e infetto da Win32:Buttons [Joke], Spostato nel Cestino
File E:\System Volume Information\_restore{4845F5C9-A05A-47D7-9371-C4CB905DB49C}\RP56\A0054957.exe e infetto da Win32:Trojan-gen {Other}, Spostato nel Cestino
File E:\System Volume Information\_restore{4845F5C9-A05A-47D7-9371-C4CB905DB49C}\RP56\A0054975.exe e infetto da Win32:Trojan-gen {Other}, Spostato nel Cestino
Numero di cartelle cercate: 16536
Numero files controllati: 216771
Numero files infetti: 3

(sorry for the Italian messages. “Spostato nel cestino” means, literally, “Moved to the basket”. Now I understand also that note about disabling system restore)

I’ve been able to update my hosts list using the dial-up connection, now I’m not so sure which step actually solved the problem… shall I edit the first post of this topic mentioning the steps I took? Which is the custom here about solved issues’ threads?

Another question: into the avast recycled basket (or quarantine basket, I ignore its name in English), there are the three files reported above and also three system libraries: kernel32.dll, winsock.dll and wsock32.dll. All of them have been transferred to the basket at the end of the boot-time scan (at least it seems so, looking at their transfer times). Is it normal for such files to appear there?

By the way, thank you Tech for your explanation about proxy/firewall. In my mind I thought that the proxy could, at least, forbid connections to an eventual backdoor that could infect my system, that was what I meant with the word “safe”. I’m going to set up a firewall asap, and I’ll try to update my OS too.

Thanks again everybody, your help has been precious.

All the best,
Frank

24

entu, you can order a SP3 update CD for a small shipping charge and will arrive fairly quickly:
https://om2.one.microsoft.com/opa/Validation.aspx?StoreID=7b7aa929-bd0a-487a-bc7e-df7631fee660&LocaleCode=en-us

I keep one handy for when I need to update a system quickly.

To get rid of the indications in the System Restore files:
How to turn off and turn on System Restore in Windows XP
http://support.microsoft.com/kb/310405

25

Thank you for your suggestions YoKenny, I think I’ll follow them.

Have fun,
Frank