Hi,

I did a full viruscheck with avast (the full, paid version) and it found several threats (low and high priority), I tried to move them to the viruschest but again (as before) I keep getting the message (translated from dutch by me):
“Viruschest server not available, RPC communication failed (2147422219)”

The viruschest never workes. Why ? ??? and how can I solve this ?

If this is something that can’t be fixed quick → should I post in a different topic my high priority threat so that I can start, with your help, to solve that first ? It is “JS:Agent-ABZ(Trj)”

Thanks and regards, Saskia

follow the guide here and attach (not copy and paste) logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Hi there,

thanks in advance for your help.

Yesterday, when AVAST found that infection which it cannot remove, I also ran MBAM full-scan.
MBAM found some threaths which I told it to remove, and after that the scan from MBAM is clean. So the MBAM quickscan I did today, as you told me to, is clean but I have also attached the files from yesterday.

Please find attached the MBAM logs and OTL logs

and the Extras.log from OTL and the aswMBR-log

Hi you have an old sinowal infection, I may not be able to remove that , but it is inert and harmless
The virus chest prolem suggests a problem withiun Avast, have you tried a repair install ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Hi,

sorry for the late response (although that is more my problem ) I am always tired and cannot spend much time at a day at the pc

I ran the OTL fix and quickscan, please see the log attached

I also ran TDSSkiller, but either I did something wrong there or it did not find anything malicious. After the Scan it said it found 9 threaths, which I “skipped” as you said, and I chose “continue”, after which nothing happened :-\ Please see the report attached.
Or did you mean I have to choose cure and then continue ?

No that was good, I am checking out the most usual areas for malware

Two more to run now to analyse different ares… Are you still getting the Virus chest error ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

run farbar service scanner

https://dl.dropbox.com/u/73555776/FSS.GIF

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Hi,

Please find attached ComboFix and FFS logs.

The computer seems to be running fine after ComboFix. It has deleted only a few files, as far as i could see.

I also ran the Repair Install for Avast. However, I cannot tell if the viruschest is working now, because it only says that it’s not available when I try to move virusses to the viruschest, and at this moment Avast can’t find any virusses

The way to check that is to add a file to the chest… Any file will do as it will just take a copy and leave the original there

Open Avast and go to the virus chest
Right click the blank area and select add

http://dl.dropbox.com/u/73555776/open%20chest.jpg

Navigate to C:\WINDOWS\System32\aswBoot.exe

http://dl.dropbox.com/u/73555776/navigate.JPG

Select the file

http://dl.dropbox.com/u/73555776/select.JPG

Does it copy to the chest ?

No it does not add anything to the viruschest I have tried several files.

RPC errors have in the past been related to other AVs also installed or remnants of one remaining. Not sure if this is the problem as I’m sure essexboy would have mentioned another AV running or remnants showing up in the logs.

Essexboy asked if you had tried an avast repair, I didn’t notice an answer to that question.
Try a repair of avast:
XP - Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and select Repair, click next and follow.

OK could you go start > Run
Type in Services.msc
Press OK

Then Locate Avast service
Right click and select properties
Select the Dependencies tab
Then post a screenshot of it as below

@David: hi, thanks but I al;ready did the RepairInstall, it did not work

@Essexboy: please find attached the requested screenshot. This screenshot is from avast!Antivirus, I also have avast!Firewall but that has no Dependencies in that tab.

Download and run the AVG removal tool from here http://www.avg.com/ww-en/utilities

Download the latest version to your desktop from here
Download aswClear from here
Go to Programs and Features > add/remove and uninstall Avast
Reboot back to safe mode and run aswClear (select all versions of Avast ) once for each version, no need to reboot in between
After the last one reboot

Install the updated Avast

Hi,

I got so frustrated with my pc that I chose not to do anything with it for a few days…so here’s my response to your message of a few days ago.

I have download and ran the AVG removal tool. I do not know if it went well, because it said it would ask for a reboot but it hasn’t. So I have attached the log it made to be sure.

I have also download the latest version of Avast, but then i noticed that the link you gave me is for Avast Free, and I am using the paid verson (antivirus + internet security and all). So I think I might have to use another link. So I have searched the Avast website and came up with a page for existing users, saying download your product here → which started the download of avast-internet-security-setup.exe

Now that I have both of those in my downloads-folder, I assume I can get on with the aswclear and the removal and reinstall of avast ? Or do I need to move those avast downloads out of my downloadsfolder ?

oh, and how about those scans I ran earlier ?

I ran those and attached those logs a few messages ago, but I did not hear from you yet if those were “clean”/good.

They were clean otherwise I would have removed any bad boys

Yes now run the full uninstall and then reinstal the fresh copy

well…that went horribly wrong !!

I didn’t know why I would have to remove all versions, but I thought “better do as he says, in case more versions have been installed anyway”.
I noticed aswClear wanted me to fill in a path, so I did for the first one, and the next, but I did not notice that the Avast folder was removed by then. So I told it to remove a avast version from C:\Programs . It did…together with all other programs :o
I tried Windos System Repair, I took the latest Repairpoint and it did put back all the icons on my desktop, so I thought I was saved…but unfortunately it seems that is all it has done, put back the icons, programms won’t start.
Only the Office-files like Word, Excel etc. are working now again, after I reactivated them inserting the cd as the pc asked.

Is there a solution or do I really have to remove all those programms completely and reinstall them all one by one ??
Please don’t tell me I have just gotten myself heaps of work extra !
If that is the only solution, perhaps I should just be done with it and reinstall windows and all programs completely ? Because how will I know that indeed all reminents (how do you spell that ?) of all programs are gone before I reinstall them ?

PLEASE HELP !!

Thanks!

p.s.:
I did not reinstall avast yet. Since I don’t know how to get out of this s… now. At the moment I have just activated windows firewall, to have at least some kind of protection.

But still something of Avast is still available !! So even the removal did not work well (except for my other programs…) I was trying to find out which programms all don’t work, because it is not every programm. Then i accidentaly clicked on the avast internet security-icon, thinking “ohno, of course that one is not working”, but to my surprise it did open avast !! It just says that I am not secured, and when I try to activate/secure by pushing the repair-this-now-button, it does nothing.

OK, since no reply came, I assume Essexboy either does not have the time or is not at home. I really needed the pc, so I have tried somethings myself.

Good news is that avast dit reinstall correct and the viruschest is working again.

Now all that’s left to do is to undo the damage I have done.

Problem is that that thing I did wrong also f…ked up the uninstall-programs. Some simple programs were easy to fix and are working fine again.

At the moment I am trying to completely uninstall my printer (HP officejet 4219 all-in-one) but whatever I try it does not uninstall complete. I suppose that is why the software (which I do not have on cd anymore, but I have downloaded full software from HP website), will extract but not open the install-menu. Any ideas, anyone ?

Thanks, Saskia

Sorry about that I lost notification for some reason

Lets see if I can locate the damage and restore it if I can

Although to be honest I am not optimistic…

Could you give me a list of the programmes that you are having problems with
Then run OTL so that I can at least give you a clean shot at re-installing them

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
%ProgramFiles% /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open one notepad window.