Lost internet connection after Avast update & malware virus quarantine thursday

On Wed night the above occured, then between 9am & 10am the next day, the internet connection was lost / disappeared.

  1. Could the virus, which the Avast dashboard can not display on the dell win8pro 64bit 16gb ram notebook, have caused a delayed stoppage of internet access? (IP configuration reset passes all tests except the PING STATUS test)

  2. Could Avast have shut down internet access to our wifi router for this notebook? I’m using my wifes notebook to type this. We have 3 other devices continuing to work properly with our wifi (this notebook, Epson printer, Kindle HD8.9 tablet).

Thank you
jaykay

to find out, follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

if you dont have internet connection on that computer, use a USB stick to move program / Logs

to avoid any infection from one computer to another, install MCShield (you may install it on all computers you have)
see here https://forum.avast.com/index.php?topic=53253.0 and scroll down to SPECIFIC INFECTIONS LOGS and download MCShield
it is a install and forget program and will auto scan any removable device when plugged in

Essexboy will then assist you when he is online later today

Hi
Since the core issue is ZERO internet connection, I really cannot go online and download directly into the notebook. More and more downloads send a stub, then link back online to either complete the download, or complete the install.

I will download and try to install what I can on this notebook, copy it to a usb stick and attempt proper install on the Dell notebook with zero internet access.

Plenty of screenshots btw.

FYI
Already on the Dell notebook are Avast, Kaspersky ZDKiller, and Malewarebytes Anti-malware. All 3 found ZERO malicious entities to date.

jaykay

The important logs are the two diagnostic logs from Farbar Recovery Scan Tool … frst.txt and additional.txt

Thanks Pondus & yongsua.

MalewareAM installed nicely. This 2nd round of scanning found 1 unwanted file. It was quarantined and then removed. See screenshots attached.

Tried to open the internet (Firefox v36.0.3) and no improvement (Server Not Found message).

Will move to the next app now.

Step2 Farbar Recovery Scan Tool is completed. Logs attached.

Moving to step 3 now.

The aswMBR.exe log is attached. Thanks for your support. It is now officially way over my head.

Cheers

After this reboot let me know if the net works

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: FF Homepage: https://www.flickr.com/groups/abctvweather/pool/?rb=1|https://www.flickr.com/groups/yourkew/pool/|https://www.flickr.com/photos/52541858@N04/|https://www.flickr.com/groups/2657102@N21/pool/?rb=1|hxxp://www.friendsofgtmg.com/ FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 S4 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S4 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] C:\Program Files (x86)\globalUpdate C:\Users\Jaykay\Convert.exe CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Hi Essexboy!
Ran FRST64, rebooted and got something new on the internet open attempt.

Windows Firewall has blocked Firefox. Screenshot attached.

Still no internet.

Place a tick in private networks, apply and then try again. Can IE access the net ?

Unfortunately, no.

I restarted after seeing the attached resulting screens, hoping it would clear and work normally.

Incremental progress though, as the Firefox page appeared - but it leads to nowhere. 2nd screenshot shows the problematic Server Not Found page.

Please download MiniToolBox, save it to your desktop and run it.

https://dl.dropbox.com/u/73555776/minitoolbox.JPG

Checkmark the following checkboxes:

[]Flush DNS
[
]Report IE Proxy Settings
[]Reset IE Proxy Settings
[
]Report FF Proxy Settings
[]Reset FF Proxy Settings
[
]List content of Hosts
[]List IP configuration
[
]List Winsock Entries
[]List last 10 Event Viewer log
[
]List Installed Programs
[]List Devices
[
]List Users, Partitions and Memory size.
[*]List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using “Reset FF Proxy Settings” option Firefox should be closed.

Morning :smiley:
Here are the Results.

Hmm I can see an error that needs checking out. Let me know the result of this

To determine whether your computer’s name is correct, at the command prompt, type nbtstat -n, and then press ENTER.
If the computer name is correct, no further user action is required.

If the name is incorrect, try resetting the network adapter.

To verify that the WMI Performance Adapter service is enabled

1.In Control Panel, double-click Network Connections.
2.Double-click WMI Performance Adapter.In Control Panel, double-click Network Connections.
3.On the shortcut menu, click Disable.
4.Right-click the network adapter again, an then click Enable.

Nothing worked.

Screenshot1 is incorrect. I typed nbtstat -n incorrectly.

Here is the Wifi connection to Netgear76 listed at right of screenshot4.

3rd attempt to post this reply…

This screenshot shows full bar connection to our network , yet zero access (Server Not Found).

The correctly spelled nbtstat -n had the attached result (no names).

OK you will need to uninstall and then re-install the network adapter

Hey Essexboy
Completed the uninstall & install but no improvement achieved. Still the Server Not Found error message.

Short of that, all looks correct.???