Hi…
I saw another user ask about the same problem but the thread went dead… does anyone have knowledge of this issue?
I went through a lengthy procedure on BleepingComputer.com and they eventually gave up and sent me here…is anyone able to assist please?
Here is my activity so far…
http://www.bleepingcomputer.com/forums/t/484365/avast-blocked-by-group-policy/
Thanks!
Has anyone got ANYTHING to add to this? Seems to be an increasing problem…any ideas, even if it’s just to tell me there’s no hope?!
Thanks!
I notice that he concentrated on malware without running a check on permissions… This programme may take an hour to run as it will reset all file and registry permissions
As I am on windows 8 at the moment it will not allow me to tick reset registry permissions … Please ensure that one is checked
Download Windows Repair (all in one) from this site
Install the programme then run
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to step 3 and allow it to run SFC
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
On the start repairs tab click start
https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG
Select the following items and tick restart system when finished
I’ve done this… Avast is still blocked though… main log as follows - there are a few other hkey logs too, do you want to see these?:
Starting Repairs…
Start (25/03/2013 12:33:38)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (25/03/2013 12:33:38)
Running Repair Under Current User Account
Done (25/03/2013 12:33:43)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (25/03/2013 12:33:43)
Running Repair Under System Account
Done (25/03/2013 12:36:42)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (25/03/2013 12:36:42)
Running Repair Under System Account
Done (25/03/2013 12:37:18)
Register System Files
Start (25/03/2013 12:37:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:38:35)
Repair WMI
Start (25/03/2013 12:38:35)
Running Repair Under Current User Account
The system cannot find the path specified.
Invalid Global Switch.
Running Repair Under System Account
The system cannot find the path specified.
Invalid Global Switch.
Done (25/03/2013 12:40:14)
Repair Windows Firewall
Start (25/03/2013 12:40:14)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
Done (25/03/2013 12:40:47)
Repair Internet Explorer
Start (25/03/2013 12:40:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:41:06)
Repair MDAC/MS Jet
Start (25/03/2013 12:41:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:41:28)
Repair Hosts File
Start (25/03/2013 12:41:28)
Running Repair Under System Account
Done (25/03/2013 12:41:30)
Remove Policies Set By Infections
Start (25/03/2013 12:41:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:41:35)
Repair Icons
Start (25/03/2013 12:41:35)
Running Repair Under System Account
Could Not Find C:\Users\Peter\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Peter\AppData\Local\IconCache.db
Done (25/03/2013 12:41:37)
Repair Winsock & DNS Cache
Start (25/03/2013 12:41:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:41:53)
Repair Proxy Settings
Start (25/03/2013 12:41:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:41:57)
Repair Windows Updates
Start (25/03/2013 12:41:57)
Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (25/03/2013 12:42:19)
Repair CD/DVD Missing/Not Working
Start (25/03/2013 12:42:19)
Done (25/03/2013 12:42:19)
Repair Volume Shadow Copy Service
Start (25/03/2013 12:42:19)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (25/03/2013 12:42:26)
Repair MSI (Windows Installer)
Start (25/03/2013 12:42:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:34)
Repair bat Association
Start (25/03/2013 12:42:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:39)
Repair cmd Association
Start (25/03/2013 12:42:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:44)
Repair com Association
Start (25/03/2013 12:42:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:49)
Repair Directory Association
Start (25/03/2013 12:42:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:53)
Repair Drive Association
Start (25/03/2013 12:42:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:42:58)
Repair exe Association
Start (25/03/2013 12:42:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:03)
Repair Folder Association
Start (25/03/2013 12:43:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:08)
Repair inf Association
Start (25/03/2013 12:43:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:13)
Repair lnk (Shortcuts) Association
Start (25/03/2013 12:43:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:17)
Repair msc Association
Start (25/03/2013 12:43:17)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:22)
Repair reg Association
Start (25/03/2013 12:43:22)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:27)
Repair scr Association
Start (25/03/2013 12:43:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:32)
Repair Windows Safe Mode
Start (25/03/2013 12:43:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:36)
Repair Print Spooler
Start (25/03/2013 12:43:36)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:49)
Restore Important Windows Services
Start (25/03/2013 12:43:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:43:54)
Set Windows Services To Default Startup
Start (25/03/2013 12:43:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25/03/2013 12:44:05)
Cleaning up empty logs…
All Selected Repairs Done.
Done (25/03/2013 12:44:05)
Total Repair Time: 00:10:27
…YOU MUST RESTART YOUR SYSTEM…
Running Repair Under System Account
OK permissions should now be reset
Lets reinstall Avast
Download aswClear to your Desktop.
Download the correct version of Avast
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_internet_security_setup.exe
Disconnect from the net
Uninstall Avast via control panel
[*]Boot to Safe Mode.
[*] Restart the computer.
[*] As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
[*] Use the arrow keys to select the Safe mode with Networking menu item
[*] Press Enter.
[*]Run aswClear
[*]In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
https://dl.dropbox.com/u/73555776/aswclear.JPG
[*]Press Uninstall
[*]Once complete reboot your system to Normal Mode
[*]Reinstall Avast
THEN
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
OK, a couple of things…
It wasn’t possible to uninstall Avast via control panel, but I thought that was the whole point of the download and safe mode technique? Anyway, I followed that and it appeared to work.
When reinstalling Avast I got the same ‘blocked by group policy’ message before it finished, but then it did finishe and it said it installed…
I ran the scan as directed and only one text box came up and was saved…as follows:
Attachment…
Is Avast functioning as expected ?
Nope - same old message…
Could you start an elevated command prompt
Go Start > All Programs > Accessories
Right click command prompt and select “Run as Administrator”
Then type or copy and paste the following command
Pressing enter on completion
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
Does Avast now install ?
Ran it, Avast would still not open. So, I uninstalled avast again and reinstalled. This time it reinstalled without ‘blocked by group policy’, but I DID get the error again when trying to open the program.
Is it now running normally or are you still getting the blocked message ?
No… when i try to open Avast I get the same message saying ‘this program is blocked by group policy, contact system administrator’
What is the version of Vista that you have home, professional or ultimate ?
Home Premium 32 bit
Could you try the reg file situated on this site http://www.bhcblog.com/2009/03/09/fix-for-the-system-administrator-has-set-policies-to-prevent-this-installation-error/
Select the reg file I have outlined
No change.
Installed it as is and tried opneing Avast from previous install - nothing.
Uninstalled Avast via safe mode, installed registry thing and reinstalled Avast - still refused to open and blocked by groupd policy…
I am befuddled by this as your version of windows does not have a group policy manager
Could you try to install another AV and see if you get the same problem
I had the same problem on my friend’s laptop I was fixing.
Just because there’s no Group Policy editor in Vista Home edition, doesn’t mean that viruses and the like can’t tamper with the Group Policy settings in the registry and disable Avast Gui from starting.
After much internet searching I found this link, with a good fix that worked for me:
You basically have to back up the policy entries in the registry, using regedit.
As the responder says:
“The malware may have put in a registry entry under policies that is
causing your behaviour.
As a last resort you could try this:
Logon as an Administrator
[In Registry Editor]
Navigate to HKLM\Software\Policies and nose around to see if anything
there might be the cause.
Next, Navigate to
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies and do the
same.
If nothing jumps out at you, back up both of these registry keys then delete them and then
run GPUPDATE /FORCE and see if problem is still there.
If so, try all the above steps again, but this time use HKCU instead
of HKLM.”
I renamed my 4 Policy registry key entries as PolicyBAK, then ran GPUPDATE /FORCE from an administrator command prompt.
I noticed that some new policy keys came back, (but not all of them, presumably without the entry that was blocking Avast)
BTW, don’t forget to reboot your machine after doing the GPUPDATE from the command prompt.
After that, Avast worked fine for me, I got the Icon back in the system tray, and the User Interface works again.
Hello Essex.
Just as an addition. I also have group policies set that I didn’t set. For example. My sister decided to be a jerk (Light terms today). And install uTorrent. It’s actually blocked by Group Policies. I’ve rooted through my system. No group policies are there. However, that being said, I don’t think I’m infected. Although possible.