Blocked by group user message help please

Viruses and worms
1

Hi I am having issues with accessing avast, it keeps bringing up the message blocked by group user please contact administrator. I am the only user, personal laptop.

It is an Advent Roma 1000 T3400 2.16 2.17 GHz Running Windows 7 ultimate service pack 1.

The problem began when my HP printer went doolally and failed to print wireless, I contacted HP who advised me to try and disable avast incase it was conflicting. This is when I encountered the message & it reminded me I hadn’t heard the ladies voice for a while…

I have ran malabytes no threats detected. see attached log.

I downloaded Farbar RST (it saved in my downloads not desktop) I have 3 logs from this attached.

Many thanks in advance, I am a novice capable of following instructions, Any help would be fab.

Kind Regards & thank you in advance.

2

The voice for updates has been removed by avast in version 2015.
As for the log files…
Sit back, have patience.
A malware remover will soon help you.

3

Thank you. So that’s were the lady went!

So it is malware then… oh I do hope I can fix my dear laptop, this mum has many missions to do!

Kind Regards :smiley:

4

Hi, Avast should spring to life when the computer reboots

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKLM\...\Run: [] => [X] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-07] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-07] (Coupons, Inc.) CHR Extension: (No Name) - C:\Users\Advent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjelmdgjmaefojjdoiaogndbdikhmdo [2013-07-25] 2015-03-12 17:59 - 2015-03-12 18:10 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-12 17:59 - 2015-03-12 17:59 - 00000000 ____D () C:\Users\Advent\AppData\Local\MFAData 2015-03-12 17:59 - 2015-03-12 17:59 - 00000000 ____D () C:\Users\Advent\AppData\Local\Avg2015 2013-12-30 20:56 - 2013-12-30 20:58 - 95025368 ____T () C:\ProgramData\rmqglc1q.fee 2013-12-30 20:56 - 2013-12-30 20:56 - 0000000 _____ () C:\ProgramData\rmqglc1q.odd Task: {14BBD667-3CB7-4F04-8E11-2895E2E00D9A} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {C7F7343E-A7F5-4AB3-B3CB-13D09221E31A} - System32\Tasks\4791 => Wscript.exe C:\Users\Advent\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

5

many thanks for your reply. I have just got into safe mode, downloaded avast uninstaller, removed it, downloaded avg and currently performing a full scan inc root, its 89% through and showing 2 threats found so far…

Would your instructions still be valid? Apologies if not I just read a few more forums and went on a little mission!

Kind Regards

6

These were the threats, shall I now perform your instructions?

Kind Regards

7

Those threats are risk tools and not a threat as they look to be from the system installation

Yes run the fix as that will clear the infections that AVG did not see

8

Agh I see so did AVG not pick up the real problem?

Iv done as per your instructions.
Here is the fix log. Start up a little quicker, still holds black screen for a while. Iv reinstalled avast and sure enough she started talking, scan performed no threats found… is this fixed or are there more steps?

Many thanks for your help. :slight_smile:

9

Looks good, uninstall AVG now and let me know how it is behaving

10

Hi I uninstalled AVG before re installing avast the other night. Avast is running as it should be. Printer is printing wirelessly as it should be. Overall running a lot better. Thank you, start up still holds black screen for around 10 seconds before it shows windows (didn’t used to do this) However that’s probably down to all the rubbish I have on the laptop in general!

So is all good in the logs? No further steps to take? If not then may I give you a massive thank you as you sorted my issue out.

My father has same laptop he runs the same avast etc as me, his computer is running slow and stuttering on the first few seconds of the video, is that a malware issue or something else? Sorry to ask another question!

Many thanks & kind regards
:slight_smile:

11

It may be that it just needs a tidy up. But you can post the logs for it here if you wish

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

12

Ok I shall start a new topic for my fathers laptop. Thanks.

As for mine I have just downloaded the 3 programs you listed, my laptop re started and took ages! The crypto program said it was ‘uneccesary for it to keep running to keep protected’ or something along those lines.

Is this normal & okay?

Kind regards

13

Agh… when the crypto program create dits log it deleted my hp software & now the printer is back to failing to print wirelessly…

Any ideas??

many thanks :-\

14

Crypto does not delete anything it just makes changes to the registry

Run cryptoprevent and select remove protection and apply
Then turn the printer on and rerun cryptoprevent applying the default option
Now try the printer