Missing avast exe file

Hello

I have a problem that some virus or program is deleting the exe operating file of any virus propection including avast?? I install it, it appears for seconds after install then becomes deleted , have read a few threads with simular comments but no answers

Shaun

Hello and welcome :slight_smile:

Have you tried running some online scans, for example:
http://housecall.trendmicro.com/
http://www.emsisoft.com/en/software/ax/ … ?

EDIT: also can you post your HiJackThis Log file here, so we can have a look on it ?

Which file is it deleting ?

There is an ashavast.exe file but that only starts the program and runs the meory check and simple user interface to run an on-demand scan.

On-line Virus Scanners and other useful Links Security-Ops.eu.tt
You could also use an on-line scanner to confirm, established connection to the on-line scanner of your choice and just before you do the scan, pause Standard Shield, enable after completion. Assuming you can get it to run.

Whilst the other topics you say you have read suggested options like other scanners, etc. what have you tried ?

Does not make any difference will not permit a panda scan online any ideas whats causing it??

Shaun

Have you tried with other online scanners ? If not, try other scanner. There are lots of links on the site DavidR gave you :wink:

If none scanner can’t start post your HiJackThis log file here :wink:

Hiya

Here is a screenshot of the only exe files that remain after install

Shaun
http://www.look-tenerifeproperty.com/images/ScreenHunter_004.jpg

something has deleted the icons in sys tray and the related exe files??

Shaun

Hiya again

Done all types of online scans most lockup before completion ,trend scan completed and got a couple but prob still persists

Hers the highjackthis log

Logfile of HijackThis v1.99.1
Scan saved at 15:18:12, on 05/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\winxp\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM..\Run: [Norman ZANDA] C:\Norman\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [BespokeMarketing Harvester Recovery] C:\Program Files\BespokeMarketing\Harvester\stabliser.exe -logon=fulllisense
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RentRight Reminder System.lnk = C:\Program Files\RentVer3\reminder.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra ‘Tools’ menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160579613167
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip..{A1D84757-1D5C-4387-ADF7-CE03F45A37A8}: NameServer = 80.58.0.33,80.58.32.97
O17 - HKLM\System\CCS\Services\Tcpip..{A4A99A0A-4237-4F7D-845B-3782DC0F9637}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

Shaun

hmmm… :-\ I’m afraid I cannot see any problems with your log file, maybe someone else will have a look at it.
But meantime, what did Trend scanner found ?

Hello

A couple of trojan generic virus´s that it deleted another strange thing is the same virus has disable the option of safemode it will not allow you to reboot in safemode

Have a look at the windows/hosts file (there is no file extension, use notepad to look/edit), there is likely to be a number of entries for AV sites, 127.0.0.1 http://www.pandasoftware.com, etc. if there are delete the entry lines.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode if you can get in there.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

i have same problem… and i also can not safe boot.

i tried almoast everything

Is there any error message?
Can you attach this HDD in another computer and scan it from there?

i did that, scaned (and cleaned some viruses and trojans) in another computer vith avast, an some online scaners from security-ops.eu.tt. system apears to be clean, but i still cannot instal avast, spybot or any other antivirus. same problem, missed *.exe files

after instaling avast and rebooting, avast starts for some 5-10 second and than just disapears with every *.exe file.

Was Panda Active Scan one of them? If it wasn’t please give that a try.

I’m almost sure that there is an old thread here in avast forum about exe being disappearing…
Anyway, it would be good if you download, install, update and run other trojan remover tools:
a-squared
Free AVG Antispyware
SUPERantispyware

Would it be possible to scan with ewido in the same manner, or does ewido just do the entire computer? I’m not familar with the program, so I don’t know if you can do a selective scan.

Ewido, now AVGantispyware is fully customizable…

Perhaps he should try that. The files on the “infected?” hd should be dormant and maybe ewido(avg) could find something.

i tried online panda, bitdefender, MS oncare, ewido, kaspersky web scaner, and some anti spyware tools…
HDD seems to be clean.

So, does anybody can tell why the avast exe files are disappearing? ::slight_smile: ??? ::slight_smile: