Been using Avast about 2 months now. 2 problems. I cannot update any programs. Either I get an "unable to connect to server " message or it says downloading update but the activity bar never moves. I can update Avast with NO problems ?? Also some downloads are blocked like AVG Remover and even Microsoft NET Framework was blocked. Second problem, while clicking on a link I sometimes get Hijacked to either a Google search page or the Yellow Pages look up ??? I used to run MCAfee from Comcast. When my MoBo went south Comcast would not allow me to re-install it saying I was only allowed 3 installs. I tried AVG but that sucked big time. I donât run windows firewall because my network router has one. These problems only started since Avast was installed. :-[
Well avast wouldnât block the downloads as a it isnât a firewall, b) it only scans and alerts to infection and I assume that isnât the case.
What is your firewall ?
â HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.
Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file
You donât say what version of McAfee you had or if you installed it, here a whole slew of uninstall tools:
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe Or http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525
HiâŚthanks for the fast answers. First, the Host files were just generic examples of Host files. No actual data. While trying to D/L the McAfee removal tool at McAfee I got the âUnable to Connectâ message. At Majorgeeks I also got the same message but tried a different link and D/Lâd it. Ran it and it seemed to find a load of crap to delete according to the log file. As for my firewall, I logged onto the router and the only thing listed for Firewall was Block Anonymous Request=Enabled, Filter Multicast=Enabled, Filter IDENT(port113)=enabled and Filter Internet NAT Redirect=Disabled. Under VPN, IP Sec Passthrough=Enabled, PPTP passthrought=enabled and L2TP passthrough=enabled. It would seem Avast or something turns my Windows Firewall off after reboot. The McAfee AV is actually called Comcast Security, Powered by McAfee. The AV is Ver. 12.1, SecurityCenter Ver. 8.1 and Firewall Ver. 9.1. I was able to get the AV info off my ThinkPad. All three of my PCâs were running the Comcast McAfee. Thanks, Viggie
Hopefully the McAfee removal tool will have helped and I will see if there isnât another way to get the AVG removal tool, by using an IP rather than domain to get there, try this link http://77.67.44.203/ww.download-tools
Looks like the blocking is a little more complex than just HOSTS file blocking there are some malware variants that have a DNS redirect for many security bases sites or the DNS server you use could be vulnerable to this kind of attack.
You could change your DNS server to the ones at OpenDNS.org
Hopefully if you set the opendns servers up you might be able to access these two applications.
If you havenât already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Ran the McAfee remover. Didnât help. Managed to D/L Superantispyware but could not update data files as usual. Iâm going to try to copy the new data files from my ThinkPad ?? See if that will work. But I have my doubts. The fire wall in the router has to be ok since all my other pcâs update through it with no problem. Iâm afraid it might be something corrupt in widowsâŚAGAIN ! No matter what checker I try to use, if I can D/L it then I canât add the data files or update them. So Iâm either scanning with out dated data or not at all. What a circle jerk. Aaarrrrrrrrrrrrrrgggghh. viggie
Were you able to get the AVG removal tool I gave the IP address link for ?
Were you able to download MalwareBytes AntiMalware (MBAM) and run that ?
No, could not get the AVG removal tool. Got the olâ âFailed to Connect, Firefox canât establish a connection to the server at download.avg.com.â message. I did get the Malware but had to run it without updates. So it was no help. Somehow through Ebay I was able to D/L IE 8 Tuned for Ebay. I guess because it came through Ebay I was able to get it. But the problem is the same if not worse with IE and as IE 7 ran with the constant message IE running without Addons Installed (not true) so does IE 8. Go figure. :o I copied the updated files for SuperAntiSpyware from my ThinkPad to the desk top and that worked fine but didnât find my problem. This is really strange. I can run a program like YouTube Get and D/L everythingâŚno problems ??? I guess Iâm going to have to run HiJack This and Google every item Iâm not sure about. Iâm tired just thinking about that.
Even using this link, http://77.67.44.203/ww.download-tools as this should bypass any DNS redirect as it doesnât need to get the IP address ?
Some malware as I said earlier try to make it hard for you to remove by blocking security based sites. There is nothing to stop you downloading it on another computer, friend, etc. save it to a CD and copy it to your system. Note I didnât mention USB stick as these can be a source of infection, if you donât know it the other computer is clean or if it is your USB, you could possibly infect your friend.
DrWeb CureIt! - See http://www.freedrweb.com/cureit/ - Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe (Free) Fairly effective against file infectors, Virut (infects .exe, .scr, .mp3 & .wmv), more so when used in safe mode.
DrWeb also do a Live CD if you are unable to get into your system see, http://www.freedrweb.com/livecd/?lng=en, documentation ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf. This could be very useful as once you have burned the CD you can run it outside windows.
HmmmmmmmmâŚnever thought about using another PC to D/L the remover ! Great Idea. Iâll let you know what happens. viggie
Youâre welcome.
The last thing you think of when your are up to your a** in Alligators, is draining the swamp. The same analogy can be used for viruses, your thinking becomes muddled/blurred ;D
I have a similar problem and I found that my Avast.setup and Avast.ss.scr files in the Windows/Prefetch directory had a âPermissions Tabâ and all the permissions were set to off for Administrator. I turned them on and I got a little control back where I could get downloads. I had to remove Avast because when I would try and use any file like Notepad and Run Regedit, Avast would jump and say it was infected, and make them inoperable, so booted to Safe Mode and I could use both of them, scanned them both were findâŚThis virus or what ever seems it takes control of Avast and it is telling it what to do, when I run MalwareBytes with would say my restore point files were find, Avast would jump up say they are infected. I deleted Avast and the Prefetch files. I have run Symantec Conficker, and Win32:virut, F-Secure Blacklight, SuperAntiSpyware, and numerous other programs, they find nothing except a few Aware Cookies. I have installed Avast back yet. I believe Avast Screen Saver was being used when this started, and I went into control and tried to turn it off but it came right back onâŚAny of this sound like your problemsâŚ
Thanks
Jerry
WellâŚI think itâs fixed. I managed to D/L the SuperAntiSpyware definition files manually. Updated the program and let err rip. Besides a bunch of cookies it said were âspyware cookiesâ, it also found gaopdxserv.sys and rootkit.agent/GEN-GAOPDX. It was in the system32\drivers folder and in the registry. After a reboot I was able boot in a safe mode (could not do that before) and ran SAS again with no additional discoveries. I was then able to D/L the McAfee uninstaller and it found a load of left over stuff. And the Windows firewall now stays active after a reboot. Just for giggles and grins I updated the main program for SAS, no problem. And D/Lâd and updated SpyBot S&D. Iâll run that tomorrow. I think I may D/L Zone Zlarm. I have always used it in the past and now us it on 2 other pcâs. Itâs has to be better than the stock Windows Firewall. Oh and BTWâŚafter everything started going good up popped a MS Security update for XP. No problem there. Why do I get the feeling it was being blocked ? Thanks for your help. Viggie
Youâre welcome, thanks for the update, glad that things are working again.
I would suggest this firewall, a free version of what I use and is IMHO much better than ZA Free.
The recently released, Outpost Firewall free 6.5 (2009) - Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, see http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/
Other firewall suggestionsâŚ
Online Armour
PCTools
Comodo
ZoneAlarm
Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/firewall-challenge/results.php
About the leak tests limitations: http://forum.avast.com/index.php?topic=29259.msg247460#msg247460
Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml
So far So Good !!! Except for one little, teenie, weenie glitch. After everything started working, Ms popped up with an âImportant Security Upgrade ! ???â. So I looked as usual for the dam WGA in the list of updates. Not there so I said OK (I paid my dues to MS. I donât need them constantly checking MY computer). Well buried in the update was the new and annoying WGAN (Windows Genuine Authentication Notification). A new NAG screen on EVERY boot up telling me to install the WGA. AAAARRRRRRRRRRRRRRGGGGGGHHH ! Soon as I get a deal on a couple of removable drive caddies Iâm going to install Linux. Keep XP just for when I really need it.
Is your Windows a legit copy?
Is your computer virus free?
If you have a legit copy of windows just install it, it is no big deal. ???
Yes
And Hopefully Yes
I went through this years ago. This PC is a new build I did about 2 months ago. I guess I have to redo the process every time I re-load the OS. Thatâs what happens when your MoBo takes a dump. :o It was never like this way back. You paid your 150 bucks for Win 98â and were done with MS. Donât remember what 95â cost me ? Probably 100 $. You donât mind paying if the thing works. Had a problem couple years ago. Kept getting a message to the effect âUSB using too much power, USB terminatedâ I went nuts replacing hardware. To the point of installing a USB port card. Nothing worked. Finally reloaded XP as per a suggestion. Problem went away. Windows was corrupt. Thanks a lot MS. I hear this is a not too uncommon problem. If MS wants to cut down on pirates, lower the price 50%. Donât raise it. Remember the early VHS tape industry. Movies were $70 ! So you had pirates. They dropped the price to $20, stopped the pirates and made a lot more money too. In my state they just raised the tobacco tax 160%, Yea, 160% ! Guess what, the state lost money. Tobacco revenues went down ! It had the opposite effect. DUH ! The point is they wouldnât have to worry about all this crap if they made it affordable. They charge OEM pc builders less than $50. So why charge the public 3 or 4 times that. The big problem with pirated copyâs of Windows, is you donât know who added what to it. You may be loading all types of back doors to your system and personal info. Then againâŚwho really knows what MS has in there too.