Help! My Web shield doesn't work anymore

Since Monday my web shield has disappeared and my resident protection keeps defaulting to disabled and I can’t update my Avast 4.6 at all.

I did have a virus attack on Monday as I still have to use Internet Explorer (but I use Firefox mostly) and a think some horrible Trojan has infected my computer.

I know the two are linked.

I’ve used various programs to clean my computer up but no joy with this problem.

Any ideas how to reactivate it?

I’ve tried System Restore as well!

Hope some one can help

Cheers

Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

Or, can you post the name and path of the infected files running a full avast! scanning?

Hi there

I’ve done a scheduled boot time scan as requested and the only thing that comes up is

C:\system volume information_restore{CFCB3BD1-8C6D-43CD-43CB-9FE1-B322DAB8891C}RP1\A0004049.dll

and that is infected by WIN32:StartPage-080 [trj]

the other interesting thing is

c:\windows\system32\sqlnfad.dll error OX0000022

and I know this is the hidden .dll for the about:blank browser Hijacker.

Apparently the rest isn’t infected.

I’ve also done a full scan and there are no viruses that Avast has found…but that’s with the update from the 12th June

Does any of this explain why my shield is off?(The icon is definitely not visible on my bar at the bottom as it used to be)

Thanks

Oh…and if it’s any help here’s a logfile from HijackThis

Logfile of HijackThis v1.99.0
Scan saved at 21:52:22, on 18/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nav\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Nav\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {71983D3F-68E6-48A9-8801-BDC64E42DE07} - C:\WINDOWS\System32\mnpeeb.dll
O4 - HKLM..\Run: [sp] rundll32 C:\DOCUME~1\Nav\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [System] C:\WINDOWS\svchost.exe
O18 - Filter: text/html - {8270D6BB-85D0-4A9E-BE78-1A284368BB81} - C:\WINDOWS\System32\mnpeeb.dll
O18 - Filter: text/plain - {8270D6BB-85D0-4A9E-BE78-1A284368BB81} - C:\WINDOWS\System32\mnpeeb.dll

  1. Isuggest you update your OS and IE to the latest versions, unless there is some pressing reason not to, you are more vulnerable without the additional security measures of SP2.

  2. the latest version of HJT is 1.99.1.

Your log looks a bit thin on the ground, but you could fix all the R0 and R1 entries and probably the 02 BHO entry (and the related 018 entries), when google doesn’t find any reference for mnpeeb.dll it makes me suspicious as does se.dll (see http://www.spyany.com/files/se_dll.html).

For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.