hello. i’ve got strange problem. i use yahoo as my home page, but now when i use yahoo as home page, i can’t browse…get the microsoft notice “internet explorer has encountered a problem and needs to close…” …when i use anything else as my home page, i can browse. i’m running avast 4.7 home, windows xp home, 1.2 GHz celeron, 768 ram. email works ok.
Can you get to your home page via another page, if so then go via that route then reset your home page in internet options
thanks essexboy, i thought i had tried that. it does seem to fix the problem. i’ve been having lots of trojan infections. just ran the virus cleaner tool and it didn’t find anything. the prob with homepage occurred after ‘move to chest’ failed and ‘rename/move file’ failed so i had to delete the file. the last time this happened i chose to take no action. if i continue to use the delete file option, i’m risking not being able to launch explorer – so i would really like to find a better solution. what happened with my homepage was a warning i can’t afford to ignore. what about using an anti trojan scanner in conjunction with avast? and can a technically challenged newbie do it without making a mess? (as i recall, when move to chest and rename/move file failed, i got a notice saying the file couldn’t be found …which struck me as odd since avast apparently found the infected file and then lost it again…?)
Can you post the full filename (path) of the detected file(s)?
the last 3 boots have had no problems…prior to that, i would sometimes get the avast notice that a sample of a trojan was found in startup (i can’t recall the exact message and unable to generate it again)…i wrote down some of it before the message vanished…C:\csrts.sys contains sample of Win32:Hacdef-S [Trj]
avast apparently took care of the problem. yes? could it have been auto updates? i’ll repost if i can get more accurate info, thanks for your help.
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
ok here's the latest...just ran Boot Time Scan and at the end a report was printed which only lasted about a second but i was able to read that avast found 23 Infected Files...
after maybe 8 normal boots over the past week, today i have again received the avast warning that Win32:Hacdef-S [Trj] is in file C:\csrts.sys --- at that time i chose to take no action.
then i read Tech's post in the forum and ran the boot scan. during the scan the trojan infections were located and i was given several choices. i chose repair (press 7) followed by repair all, both yielded error 42060 the file was not repaired. so then i chose move to chest (press 5) which was followed with another infection notification, at which point i chose move all to chest (press 6) whereupon at least 6 files were moved to chest.
the rest of the scan proceded normally with no new infections located.
i'm hoping this takes care of the problem, if not i'll keep posting.
Only executable files on VRDB and legit executables will be repaired.
Don’t worry, this is normal.
I suggest a ‘whole’ process now to be sure you’re clean:
If a virus is replicant (coming and coming again), you should:
- Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
- Clean your temporary files.
- Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
- Download, install, update and use at least one of the following trojan removers: a-squared, Free AVG Antispyware, SUPERantispyware or Spyware Terminator.
ok Tech. followed your instructions and here’s what happened.
1. avast boot scan still revealed File C:\csrts.sys is infected by Win32:Hacdef-S[Trj]
2. installed avg anti-spyware and ran complete system scan. it revealed one high risk threat from “Downloader.Small.azk” which was quarantined. several medium risk threats were deleted. these were the recommended actions.
avg also gave the notice … 1 trace detected in the following location: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp
3. started up avast boot scan again and it still reveals File C:\csrts.sys is infected by Win32:Hacdef-S[Trj] , whereupon i aborted the scan
4. then boot commences and finally the notice is generated which i’ve been trying to obtain, located above the system tray and it reads:
C:\csrts contains sample of Win32:Hacdef-S[Trj]
5. so apparently my comp is still infected
6. sigh…what to do now
Have you checked csrts.sys at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Aside from this post there are only two other hits for csrts.sys, but what is strange to me is why it is in the root directory.
http://www.geocities.jp/kiskzo/csrts.exe.html
This would indicate that it is a part of hacker defender (a rootkit), which the avast malware name seems to support.
Do you have Hacker Defender installed ?
i do feel more secure with avg anti-spyware installed. it found this bugger trojan which it calls Backdoor.HacDef.ae … this is a bad trojan which may provide remote access, risk assessment high. avg recommended clean & move to quarantine, which of course i did…then next boot, avast says now there is sample of another trojan called Win32:Trojan-gen.{Other} …which fortunately was successfully moved to chest. ok. so i think all probs solved, good, i’ll just run avast boot scan one more time and take a look see. avast still says csrts.sys infected by Win32:Hacdef-S[Trj]…in spite of that notification, the comp seems much better now but i’ll wait a week or so before i allow myself to feel relieved …
When referring to a virus/malware detection, the malware name on its own isn’t very helpful, combined with the infected file name and location it makes it more helpful.
The AVG detection ‘Backdoor.HacDef.ae’ is possibly the same detection avast made but under a different malware name (there is no standardisation or naming convention), so perhaps you will see why it is important to also include the infected file name and location. Sorry to keep banging on about it, but it makes our life easier to help you.
We also ask questions to eliminate options, if they don’t get an answer we remain in the dark, so I have to assume by the non-response you didn’t install Hacker Defender.
The other thing about detections they can give a warning that other malware might be present, something designated as a backdoor.something is trying to circumvent your defences to gain access to your system. So it is essential to have a good firewall that provides protection against unauthorised outbound connections, what is your firewall ?
Why did you aborted the scan? If the file is infected… :
Me too… I wish avast has a full antispyware module :
no i did not install hacker defender.
i was fairly sure HacDef avg found and Hacdef avast found was same hacdef.
isp (direcway before they became hughesnet) informed me they have their own firewall; assuming retaining them as my isp, i would be unable to browse at all if i put up my own firewall.
i aborted the scan bc i had recently run several (about 5) yielding no new info/infections, they are time consuming, and i didn’t see the point. however, as mentioned i did run one again very soon thereafter (when i thought maybe the prob had been cleared up) and it said the prob was still there.
did i say i appreciate your help? yea, i really do. thanks!
The firewall should be between you and your ISP… I can’t see an utility if the firewall is between your ISP and the Internet…
I can’t understand why ??? :
Sure, on-demmand scanning is time consuming. Considering doing it at night
Reading the FAQs on the HughesNet/Direcway forum, I was under the impression a separate firewall on my computer would be needed. This question in particular:
"Q: How do I know my ports are secured? (#2467)
A: If you don't have a firewall or a Router, chances are that you definitely have one or more insecure ports that can't be closed. The best way to find out is to scan your computer from outside for open ports. DSLR provides two different free port scans. The first thing you should do is to perform a basic port scan of your computer which will give you a fast result.
The next logical step would be to start securing your machine by choosing a software firewall, a router or both."
the firewall thing —i’m sorry i can’t offer a better explanation as i don’t understand either. they told me i absolutely had to remove my firewall or i wouldn’t be able to connect to the internet via them. anyway, today i ran the standard avast scan followed by the boot scan. during the std scan 2 files were moved to chest (one being the hacdef which has been very resistant to eradication or even containment). the boot scan came up absolutely clean. whew! do i dare smile …
If someone told me I absolutely had to get rid of my firewall I would absolutely get rid of them.
Who has told you this, who is they ?
What is your ISP (Internet Service Provider), who you pay your money to to connect ?
They can’t protect your system without you having their firewall program installed on YOUR system, it can’t possibly protect YOUR system if the software/firewall protection is at the Server/ISP end.
So does your ISP provide you with a software firewall (they might not have called it that, security package) to install on your system ?