Can't "Fix"

I just installed Avast Internet Security because I was getting a notification that there had been repeated malware attempts on my computer. I have a warning that my system is not fully protected and the Firewall is off. The “fix” button does nothing, and when I try to manually turn on the firewall I get a message that the firewall is unavailable. Now what?

do you install avast along with another antivirus?

No, Avast is my only anti-virus software.

Any other AV software installed? Which?
What Windows version?
Previous AV software before Avast?

I was using the free Avast software and just upgraded. This problem developed after the upgrade. I don’t have any other antivirus software installed. I am using Windows Vista on my laptop and Windows XP on my desktop and have the same problem on both (the upgrade included installation on 3 computers). I have Windows firewall activated on both computers. Could that be the problem?

I never had any other antivirus software installed on my laptop but did use Norton’s on my desktop at one time.

So you upgraded.

I’ld recommend a clean install of new pre-relase version 6.0.1044.
You can click on the “AIS” in my signature, download the installer and run it. No need to uninstall current version.

No, the Windows FW is no problem with Avast AIS. Leave that activated.

If that does not cure the problem, we’ll take a little deeper look.

Thanks! This worked perfectly on my laptop but I am having more difficulties on my desktop. I keep getting “Best Malware Protection” popup windows, telling me that my computer is infected and that I should buy their product (which I have not done). How do I get rid of that so I can proceed to upgrade Avast on my desktop?

That PC is infected for sure.

Download MBAM (free version) from my signature.
Install it.
Start it.
Update it via it’s GUI.
Run a quick scan.
Have it delete all it finds.
Post the log here.

Thx.

Away from keyboard for 40 minutes now. ;D

Unfortunately, I can’t get on the Internet from that computer. I use Firefox and don’t have any other Internet program installed. Everytime I try to get on I get a message, something to th4e effect that the proxy server won’t connect.
The good news is that I’m not getting the Best Malware Protection pop-ups anymore, but last time I shut it down I had messages that cmd.exe and ping.exe couldn’t start, and I couldn’t get rid of the messages in order to properly shut down the computer. Eventually I had to force the computer to shut down. Can you think of some way around this before I take it in to my computer guy?

This is a heavy infection it seems, so I recommend our Malware expert as I am not such a wizard. He will guide you through the most complicated stuff, if needed.

His nick is “essexboy”, I will inform him. Be aware that he is not 24/7 available, so it may take a little while. He is on local british time, so keep on looking in here frequently.

He’ll help you get rid of it.

Be patient please.

Greetz
Zyndstoff

Can you boot the PC in Safe Mode?
Hit F8 repeatedly during boot up until menu screen appears and select “Safe Mode with networking”.

Try the MBAM download and procedure from there, if possible. Just a try.

Hi could you transfer the following two programmes to the infected system using a USB drive if Zyndstoff’s suggestion does not pan out

Download RogueKiller to your desktop

[]Quit all running programs
[
]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[
]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

You’re damn quick today! :slight_smile:

Was my proposal using safe mode okay? I need to learn…

Thats a for sure - if safe mode with networking works we will be able to do a faster fix. MBAM will not get the proxy changes or the malware folder - but it should get the running processes ;D

I’ll watch this closely, so I will not always need to call you this soon. ;D

Thanks guys. I’m actually in the Middle East so British time is only 2 hours behind. I’m too tired now to concentrate on essexboy’s suggestions, but I will give it a try first thing in the morning and let you know how it works out. Thanks again for all your help. I really appreciate it!

For sure I will not be online until about 1900 gmt

BTW: don’t take it to a “computer guy” if by any means this is dealer you are talking about. He is most probably not a malware expert, he won’t invest any time (and that is surely needed), he’ll tell you it can’t be fixed and he is going to sell you some unneeded hardware like new HDD and tells you to reinstall Windows… ;D

essexboy will get this straight with your co-operation.