CAN'T UPDATE PROGRAMS & HiJACKS

:frowning: Been using Avast about 2 months now. 2 problems. I cannot update any programs. Either I get an "unable to connect to server " message or it says downloading update but the activity bar never moves. I can update Avast with NO problems ?? Also some downloads are blocked like AVG Remover and even Microsoft NET Framework was blocked. Second problem, while clicking on a link I sometimes get Hijacked to either a Google search page or the Yellow Pages look up ??? I used to run MCAfee from Comcast. When my MoBo went south Comcast would not allow me to re-install it saying I was only allowed 3 installs. I tried AVG but that sucked big time. I don’t run windows firewall because my network router has one. These problems only started since Avast was installed. :-[

Well avast wouldn’t block the downloads as a it isn’t a firewall, b) it only scans and alerts to infection and I assume that isn’t the case.

What is your firewall ?

– HOSTS file redirect a common malware tactic to block AV sites making it difficult to remove malware - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there.

Once open you are looking for entries with avast.com on the line, you may well see other AV sites, post the contents of the hosts file. http://en.wikipedia.org/wiki/Hosts_file

You don’t say what version of McAfee you had or if you installed it, here a whole slew of uninstall tools:
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe Or http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525

Hi…thanks for the fast answers. First, the Host files were just generic examples of Host files. No actual data. While trying to D/L the McAfee removal tool at McAfee I got the “Unable to Connect” message. At Majorgeeks I also got the same message but tried a different link and D/L’d it. Ran it and it seemed to find a load of crap to delete according to the log file. As for my firewall, I logged onto the router and the only thing listed for Firewall was Block Anonymous Request=Enabled, Filter Multicast=Enabled, Filter IDENT(port113)=enabled and Filter Internet NAT Redirect=Disabled. Under VPN, IP Sec Passthrough=Enabled, PPTP passthrought=enabled and L2TP passthrough=enabled. It would seem Avast or something turns my Windows Firewall off after reboot. The McAfee AV is actually called Comcast Security, Powered by McAfee. The AV is Ver. 12.1, SecurityCenter Ver. 8.1 and Firewall Ver. 9.1. I was able to get the AV info off my ThinkPad. All three of my PC’s were running the Comcast McAfee. Thanks, Viggie

Hopefully the McAfee removal tool will have helped and I will see if there isn’t another way to get the AVG removal tool, by using an IP rather than domain to get there, try this link http://77.67.44.203/ww.download-tools

Looks like the blocking is a little more complex than just HOSTS file blocking there are some malware variants that have a DNS redirect for many security bases sites or the DNS server you use could be vulnerable to this kind of attack.

You could change your DNS server to the ones at OpenDNS.org

Hopefully if you set the opendns servers up you might be able to access these two applications.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Ran the McAfee remover. Didn’t help. Managed to D/L Superantispyware but could not update data files as usual. I’m going to try to copy the new data files from my ThinkPad ?? See if that will work. But I have my doubts. The fire wall in the router has to be ok since all my other pc’s update through it with no problem. I’m afraid it might be something corrupt in widows…AGAIN ! No matter what checker I try to use, if I can D/L it then I can’t add the data files or update them. So I’m either scanning with out dated data or not at all. What a circle jerk. Aaarrrrrrrrrrrrrrgggghh. viggie

Were you able to get the AVG removal tool I gave the IP address link for ?

Were you able to download MalwareBytes AntiMalware (MBAM) and run that ?

No, could not get the AVG removal tool. Got the ol’ “Failed to Connect, Firefox can’t establish a connection to the server at download.avg.com.” message. I did get the Malware but had to run it without updates. So it was no help. Somehow through Ebay I was able to D/L IE 8 Tuned for Ebay. I guess because it came through Ebay I was able to get it. But the problem is the same if not worse with IE and as IE 7 ran with the constant message IE running without Addons Installed (not true) so does IE 8. Go figure. :o I copied the updated files for SuperAntiSpyware from my ThinkPad to the desk top and that worked fine but didn’t find my problem. This is really strange. I can run a program like YouTube Get and D/L everything…no problems ??? I guess I’m going to have to run HiJack This and Google every item I’m not sure about. I’m tired just thinking about that.

Even using this link, http://77.67.44.203/ww.download-tools as this should bypass any DNS redirect as it doesn’t need to get the IP address ?

Some malware as I said earlier try to make it hard for you to remove by blocking security based sites. There is nothing to stop you downloading it on another computer, friend, etc. save it to a CD and copy it to your system. Note I didn’t mention USB stick as these can be a source of infection, if you don’t know it the other computer is clean or if it is your USB, you could possibly infect your friend.

DrWeb CureIt! - See http://www.freedrweb.com/cureit/ - Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe (Free) Fairly effective against file infectors, Virut (infects .exe, .scr, .mp3 & .wmv), more so when used in safe mode.

DrWeb also do a Live CD if you are unable to get into your system see, http://www.freedrweb.com/livecd/?lng=en, documentation ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf. This could be very useful as once you have burned the CD you can run it outside windows.

Hmmmmmmmm…never thought about using another PC to D/L the remover ! Great Idea. I’ll let you know what happens. viggie

You’re welcome.

The last thing you think of when your are up to your a** in Alligators, is draining the swamp. The same analogy can be used for viruses, your thinking becomes muddled/blurred ;D

I have a similar problem and I found that my Avast.setup and Avast.ss.scr files in the Windows/Prefetch directory had a “Permissions Tab” and all the permissions were set to off for Administrator. I turned them on and I got a little control back where I could get downloads. I had to remove Avast because when I would try and use any file like Notepad and Run Regedit, Avast would jump and say it was infected, and make them inoperable, so booted to Safe Mode and I could use both of them, scanned them both were find…This virus or what ever seems it takes control of Avast and it is telling it what to do, when I run MalwareBytes with would say my restore point files were find, Avast would jump up say they are infected. I deleted Avast and the Prefetch files. I have run Symantec Conficker, and Win32:virut, F-Secure Blacklight, SuperAntiSpyware, and numerous other programs, they find nothing except a few Aware Cookies. I have installed Avast back yet. I believe Avast Screen Saver was being used when this started, and I went into control and tried to turn it off but it came right back on…Any of this sound like your problems…

 Thanks
           Jerry

:slight_smile: Well…I think it’s fixed. I managed to D/L the SuperAntiSpyware definition files manually. Updated the program and let err rip. Besides a bunch of cookies it said were “spyware cookies”, it also found gaopdxserv.sys and rootkit.agent/GEN-GAOPDX. It was in the system32\drivers folder and in the registry. After a reboot I was able boot in a safe mode (could not do that before) and ran SAS again with no additional discoveries. I was then able to D/L the McAfee uninstaller and it found a load of left over stuff. And the Windows firewall now stays active after a reboot. Just for giggles and grins I updated the main program for SAS, no problem. And D/L’d and updated SpyBot S&D. I’ll run that tomorrow. I think I may D/L Zone Zlarm. I have always used it in the past and now us it on 2 other pc’s. It’s has to be better than the stock Windows Firewall. Oh and BTW…after everything started going good up popped a MS Security update for XP. No problem there. Why do I get the feeling it was being blocked ? Thanks for your help. Viggie :slight_smile:

You’re welcome, thanks for the update, glad that things are working again.

I would suggest this firewall, a free version of what I use and is IMHO much better than ZA Free.

The recently released, Outpost Firewall free 6.5 (2009) - Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, see http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/

Other firewall suggestions…

Online Armour
PCTools
Comodo
ZoneAlarm

Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/firewall-challenge/results.php
About the leak tests limitations: http://forum.avast.com/index.php?topic=29259.msg247460#msg247460

Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml

So far So Good !!! Except for one little, teenie, weenie glitch. After everything started working, Ms popped up with an “Important Security Upgrade ! ???”. So I looked as usual for the dam WGA in the list of updates. Not there so I said OK (I paid my dues to MS. I don’t need them constantly checking MY computer). Well buried in the update was the new and annoying WGAN (Windows Genuine Authentication Notification). A new NAG screen on EVERY boot up telling me to install the WGA. AAAARRRRRRRRRRRRRRGGGGGGHHH ! Soon as I get a deal on a couple of removable drive caddies I’m going to install Linux. Keep XP just for when I really need it.

Is your Windows a legit copy?
Is your computer virus free?

If you have a legit copy of windows just install it, it is no big deal. ???

Yes
And Hopefully Yes
I went through this years ago. This PC is a new build I did about 2 months ago. I guess I have to redo the process every time I re-load the OS. That’s what happens when your MoBo takes a dump. :o It was never like this way back. You paid your 150 bucks for Win 98’ and were done with MS. Don’t remember what 95’ cost me ? Probably 100 $. You don’t mind paying if the thing works. Had a problem couple years ago. Kept getting a message to the effect “USB using too much power, USB terminated” I went nuts replacing hardware. To the point of installing a USB port card. Nothing worked. Finally reloaded XP as per a suggestion. Problem went away. Windows was corrupt. Thanks a lot MS. I hear this is a not too uncommon problem. If MS wants to cut down on pirates, lower the price 50%. Don’t raise it. Remember the early VHS tape industry. Movies were $70 ! So you had pirates. They dropped the price to $20, stopped the pirates and made a lot more money too. In my state they just raised the tobacco tax 160%, Yea, 160% ! Guess what, the state lost money. Tobacco revenues went down ! It had the opposite effect. DUH ! The point is they wouldn’t have to worry about all this crap if they made it affordable. They charge OEM pc builders less than $50. So why charge the public 3 or 4 times that. The big problem with pirated copy’s of Windows, is you don’t know who added what to it. You may be loading all types of back doors to your system and personal info. Then again…who really knows what MS has in there too.