This problem has been partly solved in the course of today, but there’s a whinge at the end.

What seems to have happened:

1. I got infected with Banker. Removed it (4 instances in Windows snapshot etl files) using Avast boot-time scan;

2. lost all access to any bank;

3. uninstalled and removed all references to all Internet-banking related security, so as to try to reinstall and regain access;

4. no luck; lost all Internet access, except using the Avast SafeZone browser, but anything that did not run in that environment was dead (e-mail client, bank security installations etc.);

5. the problem was affecting both computers in a home cabled network.

6. provider support-person suggested I reconfigure the network from ‘automatic DNS server’ to a fixed DNS (Google - 8.8.8.8 and 8.8.4.4). Did that on both computers, worked a treat and I now have access again.

However, I would like to restore the original (automatic DNS server) configuration (and understand what got broke).

The fact that only the Avast SafeZone browser - but no other browser (IE, Chrome, Firefox) - was able to access the Internet should mean something specifically helpful in solving the problem, but what?

Thanks in advance for all and any help.

Follow the instructions and attach the log files to your next post.
http://forum.avast.com/index.php?topic=53253.0

Malwarebytes Anti-Malware found no malware and did not write a ScanLog, just a ProtectionLog.

Frst logs are attached.

ASWMBR got stopped twice with ‘A problem has stopped this program from working. Windows is looking for a solution to the problem’. First, I thought it was because I had installed in ProgramFiles, which the program couldn’t write to, but even when I installed on Desktop and then rebooted, the result was the same. It didn’t finish scanning, so I didn’t get to ask for a log and there’s nothing in the folder.

Ok, now have some patience.
One of the malware removers will soon have a look at the logs.

The bank plugins you are using can cause problems. It may be advisable to remove them and then re-install

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Don’t know if this signifies, but coincidentally - after I sent in the log - VLC updated. Should I rescan and resubmit or does the fix still stand? Thank you for your time and help.
I have cleaned up and updated the bank security installations.

Nope it should have no affect

Thank you for your help, Essexboy-probably-bot.

‘Fixlog.txt’ attached.

How is the internet now ?

Access is hunky-dory, providing I use a (borrowed) fixed DNS server address.

I had managed to restore access by resetting
{at ‘Network and Sharing Center’ / ‘Change Adapter Settings’ / ‘Local Area Connection’ / ‘Local Area Connection Properties’/ ‘Internet protocol version 4 (TCP/UPv4)’ / ‘Properties’}
from ‘Obtain DNS server automatically’ to ‘Use the following DNS server address’ (8.8.8.8 and 8.8.4.4 - Google).

I now want to revert to the automatic DNS server setting, but if I do so, although the Network and Sharing Center says I have Internet connection, I cannot access any sites, use my e-mail client (Eudora) etc.

Tried to run ASWMBR again, but got the same outcome:
‘avast! Antirootkit has stopped working - A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.’
The last line reported is:
‘Scanning: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Policy\Ma…’ (then extends outside the box).

So if you cease using opendns it is just a problem with the mail client ? So the browsers work ok

Sorry I didn’t make that clearer: no, I have no access at all (no e-mail client, no on-line installation, no mobiles via wireless, and none of my browsers except - and this is what intrigues me - the Avast SafeZone browser, which I am using to write this). I am now going back to opendns.

Do any other computers that use your router have the same problem ?

There is only one other computer on the network and, yes, it does have the same problem.

OK you will need to reset your router, do you know how to do this ?

Somewhere on the back of the router will be a pinhole marked reset
Using a biro press in until it clicks
Wait until the router has finished resetting then try the net again

I guess I should first reset ‘Internet protocol version 4 (TCP/UPv4)’ / ‘Properties’ to ‘Obtain DNS server automatically’?

‘biro’ eh? That places you quite precisely (I am in Brazil).

Good guess or not, I did so and reset the router. Internet access with automatic DNS server duly restored and thank you sir.

I will give you a 24-hour follow-up status, just in case all the unseemly jubilation proves premature.

Thank you again. Essex rocks!

The second computer having the same problem after I reset the DNS was the clue. Let me know when you are happy

I never did get back because things settled only partly and temporarily. We’re now back to a similar situation, but now Avast has reported an attack by HTML:Router CSRF-C. In telligent Scan reports no Virus, but does identify Network Problems (without specifying what they are). Boot-time Scan finds nothing. Whether or not this is a continuation of the previous problem, a new infection or a successfully averted attack, I have not been able to discover. In any case, all attempts to accesses banking sites from my wife’s computer get redirected to phishing sites.
Really sorry if this sounds a lot like back to square one…

What you need to do is reset the router and then change the router password so that it is not on default

If you let me know what make your router is I will get you the user name and password