Hi,
I am unable to open Avast as I keep getting a message saying “the programme is blocked by group policy”. I uninstalled it (had to do this in safe mode as wouldn’t allow me in normal mode) and then reinstalled it but have the same problem.
I saw advice in another post to download ComboFix 14.8.24.1 and then attach the log which it produces. I have done this. Can anyone help?
Many thanks,
Rob
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
No need to run combofix, it is a bit of an overkill
Attach the main FRST.txt please
Thanks for the replies…
apologiwes i’ve never done anything like this before so all new to me. I’ve found the FRST log which is attached but cannot find MBAM / aswMBR - can you let me know how to find these?
Thanks,
As Essexboy didn’t request them, skip them for now.
Once this has rebooted could you confirm that Avast is up and running
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Panda Security <====== ATTENTION HKU\S-1-5-21-2201677754-3768584313-355640106-1001\...\Run: [Amazon Cloud Player] => C:\Users\rob Evans\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DB56844C-0ED6-47C7-8B0E-9608C349378F} URL = http://www.mysearchresults.com/search?c=2854&t=02&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {DB56844C-0ED6-47C7-8B0E-9608C349378F} URL = http://www.mysearchresults.com/search?c=2854&t=02&q={searchTerms} Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File 2014-08-25 07:30 - 2014-08-25 07:30 - 00000000 ____D () C:\ProgramData\{EC3BBC27-096F-437F-AA20-6B5E46D778AE} EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Hi,
Thanks very much for this. When I rebooted after running FRST Avast automatically opened and did scan, It identified some malware called Win64:Malware.gen. which it removed. When rebooting it then did a full boot scan which took hours!
Anyway, the fix log is attached, I am now going to download and run adw cleaner.
Do you have a file location for what Avast removed
Sorry i didn’t make a note of that. I have checked through the history in Avast and it’s not there but there is a file in the virus chest:-
wflfrqk.dot located in c:\programdata\a54b814361b84361b84f17ddc65bd638550db9
I’ve attached the 2 logs from Adware cleaner
Looks like I missed that one first time round
How is the computer behaving now ?
Computer seems fine now, seems to be faster (is that just my imagination?!)
Many thanks for your help, really appreciate it.
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
Then click OK (or press Enter ).
Wait for the uninstall process to complete.
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 