My Desktop PC was acting strange. I am running Windows XP pro. I was running hot so I replaced the thermal paste. When I started it up Avast was shutdown I could not update or run any of the shields. I downloaded another AV program Kingsoft AV which found backdoor poison trojan/virus. The program deleted it but the PC is still not right. The mouse stops working intermittently. Any and all help would be greatly appreciated. Thank you
Follow the steps here http://forum.avast.com/index.php?topic=53253.0
@ trainerj59
Personally I would have been investigating the actual detection, e.g. file name and location, etc and run a check on virus total for confirmation it wasn’t a false positive.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send quarantine and investigate.
AdwCleaner v2.007 - Logfile created 11/09/2012 at 00:03:27
Updated 06/11/2012 by Xplode
Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
User :
Boot Mode : Normal
Running from : C:\Documents and Settings# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
***** [Internet Browsers] *****
-\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome
-\ Mozilla Firefox v16.0.2 (en-US)
AdwCleaner[R1].txt - [1352 octets] - [08/11/2012 23:55:24]
AdwCleaner[R2].txt - [1283 octets] - [09/11/2012 00:03:27]
########## EOF - C:\AdwCleaner[R2].txt - [1343 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.09.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
administrator]
11/9/2012 7:04:52 AM
mbam-log-2012-11-09 (07-04-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 437352
Time elapsed: 34 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL log
extras
Nothing showing there, have you tried a repair of Avast ?
What problems are evident at the moment ?
Avast would not let me do anything. The shields were down and I could not update. I am still having issues with slow boot time and the mouse quitting intermittently. It seems to work pretty well in Safe Mode. I initially thought it was a hardware issue because the CPU was running at 63 % just sitting there. I checked the CPU temp in it is running hot 129 F. I have used Avast for years so it was really strange for it to do what it did. Do you have any other suggestions. Any help would be greatly appreciated Thanks Jeff
Uninstall Avast using aswclear after removing via control panel
http://files.avast.com/files/eng/aswclear.exe
Then download and install the latest version
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
Also the CPU temps need looking at
Have you cleared all the dust bunnies ?
I reinstalled Avast initially I got the same error eg warning you are not protected but now Avast seems to be running all right but the Pc is still slow barely responsive
With a CPU temperature that high it is not surprising… You need to get that fixed as a priority