Does Avast have something called “Enhanced Protection Mode”?
I can’t access the user interface on my avast free edition. I keep getting a popup window that tells me avast is in “Enhanced Protection Mode” because of a recent virus threat and that I should do nothing.
Never heard of enhanced protection mode, where did you download you copy of avast from ?
I would suggest to you to get yourself a copy of malwarebytes and superantispyware and run the scans with them and see what they turn up.
I keep getting a popup window that tells me avast is in "Enhanced Protection Mode" because of a recent virus threat and that I should do nothing.can you take a screenshot and post here
lower left corner > Additional options > attach
As far as i remember, AVIRA was using such terminology for some of their functionality. Which was called exactly like that. Are you sure that you have avast! ?
I most assuredly have Avast! and I downloaded it from Avast’s website.
I can’t take a screenshot because that pop-up is no longer there!
The problem began with a chat message on facebook inviting me to see a video that I was in. As the message was apparently from my sister I opened the link and was instructed to download the latest version of Flashplayer on the link provided.
Almost immediately a window opened telling me a threat has been detected (incurable)and my computer shutdown, restarted in safe mode, shutdown again, and restarted normally. When I clicked on the Avast! system tray icon to see what had happened the “Enhanced Protection Mode” window opened!
I couldn’t open the Avast user interface so I tried re-installing Avast. The computer wouldn’t let me(“Access Denied” was the message) so I downloaded Malwarebytes, disconnected from the 'net,deleted Avast, installed Malwarebytes and ran a full system scan. A trojan was detected and quarantined. I then reconnected to the 'net, downloaded Avast from the home site and re-installed it successfully.
Now everything appears to be normal.
EXCEPT!! I can connect to any website—BUT NOT FACEBOOK!
Hi eustace flynn 
Most likely you were/are infected. Maybe almost everything seems to be normal, but you can’t be sure. I will ask our malware removal specialist Essexboy to help you. In the mean time can you post the MBAM log in your next reply ?
Greetz, Red.
Getting that feeling of having been here before, see this topic http://forum.avast.com/index.php?topic=81972.0 and my post on page 2 http://forum.avast.com/index.php?topic=81972.msg669522#msg669522.
Yes, I noticed too that the OP is not the only one with this problem. Maybe the MBAM log can provide some information what we are dealing with.
Greetz, Red.
Hi Rednose
I also, um, deleted malwarebytes after I ran the scan. Will try all this again so I can post the mbam log.
Wish me luck
Can you remember the name of the trojan in the MBAM log ?
Greetz, Red.
Okay folks. I retrieved the mbam log.
Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7221
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/21/2011 6:18:44 PM
mbam-log-2011-07-21 (18-18-44).txt
Scan type: Full scan (A:|C:|E:|)
Objects scanned: 285482
Time elapsed: 1 hour(s), 12 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) → Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790474B6765C5531AD97 (Malware.Trace) → Value: SRS_IT_E8790474B6765C5531AD97 → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\autotelic\my documents\downloads\xvidsetup.exe (Adware.Hotbar) → Quarantined and deleted successfully.
c:\system volume information_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204337.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\system volume information_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204338.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\system volume information_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204339.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\system volume information_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204340.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\system volume information_restore{8b422c1a-99cf-42d7-9be6-759d6edfa248}\RP1041\A0204341.exe (Trojan.Dropper) → Quarantined and deleted successfully.
c:\WINDOWS\Temp\253454858.exe (Trojan.FakeAlert.Gen) → Quarantined and deleted successfully.
Any good to you?
PS
I ran another M-Bytes scan and it came up with nothing. Clean.
hi… i have a photi of this shit!!! i have it to
This sh*t isn’t an avast! shield, it seems you got an fake antivirus, you’d better get rid of him as fast as you can, and install avast only from the off. site .
Is that shield still present ?
As I am sure that Avast would like some of those files
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Under the Custom Scan box paste this in
%USERPROFILE%..|smtmp;true;true;true /FP
%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
Hi Essexboy
I can’t believe it but I did it!
Here’s the info.
OK lots and lots of temporary files to clear - so this may take longer than normal to run ;D
There will be a zip file within c:_OTS\moved files could you upload that to Mediafire and post the sharing link please. Once I have grabbed it you can delete the link
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (mdxgthkn) mdxgthkn [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\AUTOTELIC\Local Settings\Temp\mdxgthkn.sys
[Registry - Safe List]
< FireFox Extensions [User Folders] > ->
YY -> No name found -> C:\Documents and Settings\AUTOTELIC\Application Data\Mozilla\Firefox\Profiles\5l78mbfx.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
< FireFox Extensions [Program Folders] > ->
YY -> Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
YY -> Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
YN -> No name found ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-606747145-1960408961-839522115-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1960408961-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-606747145-1960408961-839522115-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1960408961-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}" [HKLM] -> [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
YN -> "vidc.LEAD" -> [LCODCCMP.DLL]
[Files/Folders - Created Within 7 Days]
NY -> update.2 -> C:\WINDOWS\update.2
NY -> rpcminer -> C:\WINDOWS\rpcminer
NY -> phoenix -> C:\WINDOWS\phoenix
NY -> update.5.0 -> C:\WINDOWS\update.5.0
[Files/Folders - Modified Within 7 Days]
NY -> info1 -> C:\WINDOWS\info1
NY -> geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY -> phoenix.rar -> C:\WINDOWS\phoenix.rar
NY -> ufa.rar -> C:\WINDOWS\ufa.rar
NY -> rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY -> loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
NY -> geoiplist -> C:\WINDOWS\geoiplist
[Files - No Company Name]
NY -> geoiplist -> C:\WINDOWS\geoiplist
NY -> geoiplist.rar -> C:\WINDOWS\geoiplist.rar
NY -> phoenix.rar -> C:\WINDOWS\phoenix.rar
NY -> ufa.rar -> C:\WINDOWS\ufa.rar
NY -> rpcminer.rar -> C:\WINDOWS\rpcminer.rar
NY -> info1 -> C:\WINDOWS\info1
NY -> loader2.exe_ok -> C:\WINDOWS\loader2.exe_ok
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
Hi…
I have the same problem can 
it also started in facebook… downloading a fake flash player… suddenly all of my protection turned off…
Hi saisory, welcome to the forum
I am sorry you have problems, but if you need help to fix them you should start your own topic.
Greetz, Red.
You will need to start you own New Topic in the viruses and worms forum, http://forum.avast.com/index.php?board=4.0 and click the New Topic button at the top of the page.
Download and Run the OTS analysis tool mentioned in Reply #14 of this topic, http://forum.avast.com/index.php?topic=81947.msg669791#msg669791, attach the OTS log to the new topic.