avast has the red icon come up, all the icons on destop to do with security have gone to blue/white squares, when i try to run them im not able to downloaded them onto key and re run them they star then shut down this includes superantispy./avast fee/malwarbytes/dr web cclearner works though. cannot gwt on the internet either but can use mail, is this aluroen one that steal all ur passwords and banking ect!!!
when i try to run scans: windows cannot access the specified path/file device file, you may not have the appropriate permisssion to access the item and also windows insatller has insufficent privilage to modify,.when i cick the avast free icon the square comes up with the aavm subsystem detected a rpc error also.
tried the windows removal tool, but started the scan then it stopped, then the icon changed to the square blue and white, scanning now with the avast cleaner.
Pondus, don’t put all your hope in me… I’m not an expert on cleaning.
In this case, I really do not understand what is happening, I mean, there are a lot of malware behaviors but I can’t really “see” the solution.
If it helps, If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
Clean your temporary files. You can use CleanUp or CCleaner for that.
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! instead.
It will be good if you download, install, update and run MBAM (or SUPERantispyware or even SpywareTerminator).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
About legit antispyware applications or the bad ones see here.
Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
Browser hijacking and problems with antivirus update could be managed in some scenarios by cleaning the hosts file (at C:\windows\system32\drivers\etc folder). The file does not have an extention, it’s simply hosts.
The default file consists of a number of example lines preceded with # The only required line is
127.0.0.1 localhost
You can get a good replacement with HostsMan that keep it clean (avoid infections) and updated: http://www.abelhadigital.com
After you’re clean, disable System Restore on Windows ME, XP or Vista. System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.
This is the rescue disk of choice is hiren’s and the download-link will be found via this link: http://www.hirensbootcd.net/
Hiren’s Boot CD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted. Hiren’s Boot CD has an extensive list of software. Utilities with similar functionality on the CD are grouped together and seem redundant; however, they present choices through UI’s differences and options in what they can do.
Hiren’s BootCD
All in one Dos Bootable CD which has all these utilities:: Partition Tools, Disk Clone Tools, Antivirus Tools, Recovery Tools, Testing Tools, Hard Disk Tools etc.
Look Here for List of Included tools:
Read Included BootCD.txt or See BootCD.nfo
already done the ccleaner, cant get avast to work at all, can only get log viewer up, have updated malware ans superanti via memory key, they run for a few secs then close down, done dr web cure it to starts then stops going to try the panda next. will get back to u
May be worth a try is Norman Malware Cleaner, it often runs when others dont since it is not to be installed.
You download and save to desktop, and run it from there in safe mode
Hiren’s is for the more advanced user. This could also be a solution, spicyleboratory: http://www.spicylemon.nl/spicyleboratory (combination downloadable tool with Eset Nod32 and Hitman Pro)
avast cleaner has come up with this so far, waitng for this to finish then i will run the panda application.
i
C:\WINDOWS\system32\drivers\fidbox2.dat… file could not be scanned!
C:\WINDOWS\system32\drivers\fidbox2.idx… file could not be scanned!
C:\WINDOWS\system32\drivers\sptd.sys… file could not be scanned!
D:\Documents and Settings\All Users\Documents\Recorded TV\TempRec{6AC5CA1C-B35D-4860-B866-0444096E8BCE}.TmpSBE… file could not be scanned!
D:\Documents and Settings\All Users\Documents\Recorded TV\TempRec{C3CA8E32-8D55-4B02-A188-E7BA62C57EBC}.TmpSBE… file could not be scanned!
D:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_4228230278_126681088_17711… file could not be scanned!
D:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_4228230278_8781824_17850… file could not be scanned!
no virus body found.
drives c and d
will try the norman one 1st i have to download onto my key as no internet access
Hi could you run these two programmes so that I can see what you have
Please save this file to your desktop. Double-click on it to run a scan. When it’s finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
We Need to check for Rootkits with RootRepeal
[*]Download RootRepeal from the following location and save it to your desktop.
[]Push Ok
[]Check the box for your main system drive (Usually C:), and press Ok.
[]Allow RootRepeal to run a scan of your system. This may take some time.
[]Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
tried the highjack this, and couldnt get it to carry on as just stops and disappers, have downloaded panda just doing a complete scan, essex boy im not on my pc im on my laptop as no internet access. i can get emails thats all will copy what you said and email to my pc and try it from there
OK it looks like you have one of the later variant TDSS rootkits once I see the logs I will be able to kill it - but be aware it does mess with the permission settings on your system so we may have to repair them. To reduce this try not to run any programmes that you do not need to
ok did the root thing started scanning then stopped and dissappeared, tried to restart again, windows cannot access the specified device,path or file, you may not have the permissions to access the item. came up in box, tried the anti root kit but stopped for this also previously. willl be back sunday, going to try combo fix as well.
i have disabled the avast at last ran the combi fix the box came up with the dots going up to iniciate the scan, the black text box has opened and has a flicking underscore there, but nothing else just plain black and has been like this for 20mins, is this scanning my pc or do you think its stuck? , i restarted it again same thing happening, help!! now over an hr and still nothing in black text box, polonus/anybody.essexboy.