hello, as i was surfing the internet my computer got infected with a rootkit… after thousands of rootkits applications and using spybot i think i finally got rid of it (before i couldn’t even run regedit, it wouldn’t open) , but unfortunately after it scrambled my computer the avast’s resident protection won’t initialize anymore. i tried to uninstall avast, even using the avast uninstall tool, and reinstall but i’m still stuck with a permenantly disabled resident protection and a ‘not done yet’ virus recovery database. has anyone got any clue about what should i do? help would be much appreciated since and i’m trying to fix this for some days now and am scarred to death of buying things in the internet. of course i’ve already double-clicked the ashdisp.exe and every other .exe in the avast folder…
thank you for the attention,
fernando
-= Try downloading updates from avast website using another clean computer then save it on any removable media… Next, boot your pc in safe mode [hold F8 as soon as the first screen appears] then install avast, then install the updates… then run a boot time scan… Hope it works…
The reason this happened is that you had out-of-date and insecure software on your computer that allowed a drive-by infection to exploit a security vulnerability.
Check for out-of-date and vulnerable software with Secunia and update!
And, be sure that you have SP3. If you do not have it, you should install SP3 as soon as you are sure your computer is clean. There are important security updates included in SP3.
it’s probably Win32:Wigon (someone calls it Rabbit)… it comes along with Rustock sometimes… the thing which blocks avast and other security software from running is located here - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image file execution options
The IFEO key directs a debugger operation to be run when a programme starts, but the infection places something like this taken from a silent runners log
What this means is that when for example regedit runs it will get diverted to run winjpg.jpg at the same time, if the file is removed then the programme (regedit) will not run
I had more or less the same symptoms and scenario as the OP.
Additionally, i had tried starting up all avast windows services manually, but got a non-descript error message.
Also note i had my avast software (4.8 home) and virus definitions up-to-date (plus factory settings for auto-updates) at the time of infection (i have been using it for years now).
well folks, first of all i’d like to thank you very much for your concerns, your replies saved me more many days of worrying and struggling. second, i’m glad to say the problem is solved, ‘Onlysomeone’ was right, i was still infected, and that malware prog is excellent, fixed everything for me. it’s funny cause i’ve used panda, trendmicro, blacklight, spybot, and so many more and none of them could take out what this malware one did in one quick scan. the problem was where ‘Maxx_original’ said, plus some weird stuff:
Tech: it’s not only avast, who’s blocked by this malware… a good prevention is to detect the malware and that’s what we do, unfortunately a day or two after the first infection (that are the cases with disabled AV engines already)…
Tech, thanks for the suggestions, the funny thing is before the malwarebytes antimalware i had already run kaspersky, trendmicro and bitdefender, none of them could remove or identify the problem… i’m gonna try the other 2 you mentioned.
best regards for everyone,
fernando
PS: by the way, i did try the f-secure too… so the only one i haven’t tried yet was eset