I keep getting this big red box popping up on my computer, every 60 seconds or so, or every time I change pages or go to a new website. The voice also screams “Threat Detected”. I have just, within the last few days, re-registered for the 2nd year of free Avast. I have run the update. I have run a Quickscan twice, a full scan twice, and also run a quickscan and a full scan of Ad-Aware. All to no avail. When I ran the first full scan of Avast, some objects were found. When I tried to quarantine them, it wasn’t clear whether or not anything happened. I wasn’t able to do anything further after attempting to choose this option. With Ad-Aware, they found some items, and removed them. The next time I ran both softwares, nothing was found. Still – I get this message. Total time spent yesterday trying to fix this problem – 7 hours. Total work done – none. I own a commercial digital photo lab with a full-time tech. I am not a pro, but he is. I had him spend part of his day yesterday trying to fix this. He can find nothing wrong. Every time this message pops up, I am offered the option of getting further information. When I try to do this I am directed, not to a site where this info is shown, but to a site which pressures me to buy Avast’s $29.95 upgrade. I now think that this “threat” is a cynical ploy on the part of Avast to get me to buy their upgrade. If this is true, I will promptly unload this software, and go back to the despised Norton. At least they are upfront with their relentless pressure. WHAT IS GOING ON??
Which is the URL detected? (please, post a dead link like hxxp or add spaces to it).
avast does not force you to upgrade. You can be probably being redirected to a fake site.
Download rkill first. Then download Malwarebytes and run a scan.
- Get rid of Ad-Aware. Running two av’s at a time causes conflicts.
- Uninstall any old versions of avast. See http://files.avast.com/files/eng/aswclear.exe (run for each version). Don’t forget to re-boot.
- Install 6.0.1044 http://forum.avast.com/index.php?topic=74515.msg617340#msg617340
- Hope this helps.
Also provide us with info concerning any and all other security software you are using or have ever used in the past. And if uninstalled, how was it uninstalled.
I installed Ad-Aware AFTER all this started with Avast, so it’s not the problem. I’ve also run a registry DX software, and “Malabytes”. I’ve had Avast for over a year now, and my original Norton was removed by my tech. I’ve had NO problems with Avast until after I re-registered. I just ran yet another full scan of Avast, and NO threats were detected. STILL I get the screaming red box.
What sites and are your virus definitions up to date -
Are you getting redirected form the site you expect ?
I’m sorry – I don’t understand what you are asking me for either of these questions. You mean what sites on the web? Dozens – Huffington Post, for one, and some IRS government sites. Also, the State Board of Equalization. All sites that I would assume are heavily policed. As for the other question – I really don’t know what you want to know.
With all due respect. I would still get rid of Ad-Aware to prevent any possible conflicts. Running more than one active av at a time is asking for trouble.
What sites are you visiting when you get redirected? ???
OK first are your virus definitions up to date as there was a false positive on HTML files a few days ago
Current is 110415-1
What is the alert that Avast produces - could you take a screens shot or state which file/ip address is responsible
Then
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
And with all due respect to you, as well, this does not in any way address my concerns. The original problem existed before the Ad-Aware, and has not changed in any way since. It would make just as much sense to delete the Avast.
I am not on ANY other websites when I get redirected. I am directed from the Avast scan itself! I do the scan, and there is an option to get further information on the scan results. I choose this option (from the Avast website itself) and get sent to the advertising site.
Reply to the person who asked about my updates: everything has been updated as of late last night, and was done multiple times yesterday. As I said in my original post – my tech and I spent 7 hours yesterday trying to get rid of this. He has an arsenal of professional tools that I can’t even begin to list. He has worked for me for 7 years, and has been solicited 3 different times by HP (for whom we do beta testing) to work for them. He is a pro. When he says there is nothing to remove, I believe him. We have our own FTP sites for our customers, and constantly monitor our systems for problems. He says the message is coming from the Avast site, and I believe him.
Essexboy is a pro Malware remover if anyone in here can find out what and fix it then it is him
so follow his advice
I get this pop up 2 times, why?
OK. I’ll check out of here and try it. I’m alone without my tech today, so I just hope it doesn’t do any further damage.
@ Essexboy I’m wondering if he isn’t using 4.8 which if I’m not mistaken is no longer supported. But he did reply he was getting def updates. And the OP has not given any info concerning any other security software. I really doubt his problem is avast related. The OP has not stated if he has scanned using MBAM. I’m out of here since you (Essexboy) know a lot more about malware than all of us combined.
@ Zile You should start another thread. Click on “New topic”.
Hi there, Para-Noid. (She), me, that is, isn’t sure what you mean by 4.8. I am about to leave and try Essexboy’s directions. For whatever it is worth – I have a new HP computer with Windows 7 on it. All my hardware is just about new, and all my software is up-to-date. The version of Avast is the current one, and has been updated in the last 2 days or so.
@Zile
That is a dcom exploit blocked by Avast
Download and run dcombobulator from here http://www.grc.com/freeware/dcom.htm
Sorry for the “he”. Please follow Essexboy’s suggestions. He does know what he’s talking about. I didn’t think you were using 4.8 (an older version of avast). I just wanted to be sure. Any info concerning any other security software you are using or have ever used will always help in determining the direction we should be looking.
I do wish you the best with your problem.