Cannot disable shields on AVAST

Hello everybody,

I’m experiencing the following problem and would appreciate some help.

I cannot disable AVAST’s control shields. The message i get is “You are not allowed to perform this action, please contact your system administrator” and I’m the computer’s administrator who installed it.

The program version is 7.0.1426, and my system runs Win XP SP2.
I also try to update my system by installing SP3 but i can’t because i get a setup error.
Is AVAST to blame for not being able to install SP3 in any way ?
Is any virus/trojan, that i recently discovered in my system using another AV product (an offline one), to blame for this ?

Thank you in advance.

Well, avast should work with XP SP2.
Of course, the installation of a service pack brings a new situation of the OS.
I remember to have installed SP3 with avast running. But this was a long time ago…
Do you have the full SP3 setup or you’re installing using Windows Update site?

I’m using the full setup of SP3. For a strange reason Automatic Updates doesn’t work also.
The icon to install new updates appears in the system tray but whenever I click it nothing happens.

What I suspect is that a virus thoroughly changed the settings of my system. And I can’t perform a clear install due to other, not technical, reasons.

Any help appreciated.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware.
Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

I followed the instructions of the URL you suggested Asyn and I’m posting 4 log files.

As I already said the offline AV product I used cleared my system but, as I suspect, the settings these malware imposed remained.

Can you from the logs figure out what settings were changed so that I can somehow roll them back ?

Thanks again.

You’re welcome.
As this is in the wrong section, I’ll draw some attention to it.
Please be patient, it could take some hours, before you get a reply here.
Good luck,
Asyn

Hi have you recently had a zero access infection ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[]Accept the disclaimer and allow to update if it asks
[
]Allow the installation of the recovery console

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

As I said I cannot disable Avast so while ComboFix was running this AV was working at full blast mistakenly detecting it as root-kit. And as far as I know my system didn’t have the zero access infection.

I’m including ComboFix.txt in my reply. As how is my computer running now, I have to add that the problems remain.

I recently discovered that ipconfig.exe is not running properly because a .dll is missing.
I’m also deliberately posting the log file of the AV offline product I mentioned above (or I didn’t) so that you can see what type of malware my system used to have.

Hoping for help …
Anyway, thanks for the reply.

OK lets check out the registry for the network, when you try to disable the shields what error does Avast come up with

run farbar service scanner

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

It comes up with the error I mentioned in my initial post above …

Here is the log:

Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 10-04-2012 at 10:12:14
Running from “C:\Documents and Settings\Administrator\Desktop”
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal


Internet Services:

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Security Center:

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

File Check:

C:\WINDOWS\system32\dhcpcsvc.dll
[2012-03-21 14:17] - [2006-05-19 15:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2012-03-21 14:17] - [2008-08-14 12:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2012-03-21 14:17] - [2004-08-04 02:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2012-03-21 14:17] - [2008-06-20 13:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2012-03-21 14:17] - [2004-08-04 02:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys
[2012-03-21 14:17] - [2004-08-04 02:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll
[2012-03-21 14:18] - [2004-08-04 03:56] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 03:56] - [2008-04-14 03:11] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2012-03-21 14:17] - [2009-02-06 20:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE

Extra List:

aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

I think I see the problem

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif

On the start repairs tab select advanced mode and click start

http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture1.gif

Leave the default items selected and tick restart system when finished

Nothing happened essexboy.
The application had to terminate unexpectedly on the last step (Start Repairs).
The problems remain … but thanks anyway.

Next step then will be to update to SP3 and that will refresh the files and the registry

I also try to update my system by installing SP3 but i can't because i get a setup error.

Very good idea, but I can’t update it.
Neither from a full setup file nor from the Windows Update service.

Thanks for your attention. :stuck_out_tongue:

Will this help ???
http://www.ghacks.net/2008/04/28/official-windows-xp-service-pack-3-download-links/

What error do you get when you try to install the SP

Thanks for the intersting link bob3160.

Anyway,I have tried many setup files but none of them do the work.

Please, anyone, be patient and willing to read what I have already posted so that me and others can benefit from this thread.

Any help appreciated.

Do you get a specific error when you try to install the SP as that may give me a pointer to the problem area

I get the following message:

“Service Pack 3 setup error. Access is denied.”

OK I will need to search for a way to reset access permissions