Can't Connect, Can't Update, Frustrated

Avast can’t connect to the server to update, and won’t allow any internet access, except for my home page, which is a university website.

My PC is XP Media Center Edition, Service Pack 3. Windows Firewall

I previously had a trial version of Norton, removed that through Add/Remove first, and then tried the Norton Removal Tool, which also didn’t work. I added the relevant Avast files to the exceptions list in the Firewall, no help.

I can only access the internet when i stop On-Access protection, which renders the product totally useless.

The only other AV-ish program I run is Spybot S&D.

I’m not totally tech-illiterate, but I’m far from an expert.

Hi
Did you try running the latest Norton Removal Tool in Safe Mode on XP. Have you any folders named Symantec / Norton on your computer to get rid of?. After this try repair of avast! through add/remove programs. If you are confident of editing the windows registry ? Try removing all entrys relating to SYMANTEC & NORTON USING (F3 FIND) Back up whole registry to desktop before editing!

May have to disable Tea Timer in Spybot Search & Destroy?

Download and install:
User Profile Hive Cleanup Service:
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Download Malwarebytes’ Anti-Malware (MBAM) then install it then update it and run a Quick scan:
http://www.malwarebytes.org/mbam.php

Post a log here.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

Thanks guys, the Malwarebytes program found an infected file that Spybot had been missing for over a year. Removed the file and registry file and restarted all is well.

Thanks a bunch!

could you please post the log of mbam here, please.

Malwarebytes’ Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/21/2009 10:45:42 AM
mbam-log-2009-09-21 (10-45-38).txt

Scan type: Quick Scan
Objects scanned: 93902
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft Office Enterprise\groupmanager.exe (Backdoor.Bot) → No action taken.

thanks for the log, dmccoy87. but the infection has not been removed. quote : “No action taken.”

select all the files that were detected and remove it, please. reboot if asked to.

I don’t use Microsoft Office Enterprise, but I would suggest that you upload the suspect file to virustotal for confirmation, as there are lots of instances where this is a legit file.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

I did remove the files after the log was made. I have no doubt the Microsoft Office was infected. The Virtumonde trojan horse hit me a while back and I had to reload the operating system, and I didn’t have my product key anymore. So I downloaded the program from an internet site. Played with fire, got burned.

Which program are you talking about? avast? Norton? Office?
Maybe this helps: http://www.softpedia.com/get/Antivirus/VundoFix.shtml

The missing product key was for Microsoft Office, which came installed on my computer when I bought it in 2006.

The Virtumonde hit too fast, infected my registry, disabled my firewall, denied me access to Spybot, eventually infected Firefox, and then even kept me from opening my C: drive through My Computer, among other things.