Resident protection disabled

I’ve been using Avast for years now without a problem and today, its icon from the notification area was gone. I opened its Start Menu folder to activate it from there and it read “resident protection disabled”. I enabled it and as soon as I checked it again, it was back to disabled. I tried to repair Avast and then even uninstalling and installing again with a complete scan. It was still disabled. Suspecting a virus, I tried to open Hijack This to get a log and it won’t run. I found a couple of suspicious files within system32 and one cannot be removed, deleted or scanned no matter what I try. Its name is 880576968 (has no extension), which doesn’t really help determine what it is. I’m getting quite desperate. Please help! Thanks in advance!

What are the file names and locations of the suspect files in HJT ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

As I stated, HJT doesn’t run at all. I looked for the latest files in System32, one was digiwet.dll and the other 880576968 (no extension). I have managed to delete the first one which was flagged as a potential threat. I cannot remove the other one.

I have SuperAntispyware, only now the program cannot connect to the server to download updates.

Attached is the Malwarebytes’ log:

Update: After the Malwarebyte’s scan and restarting, Avast showed up once again. It’s up and running. Thanks for the assistance!!! ;D

Welcome Aerynsun

Windows Service Pack 3 has been available for almost a year and contains several Critical Security updates plus performance improvements you need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don’t automatically download or install them.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

Here I am again, it seems that my good luck was only temporary. :frowning: The problem is back. Avast resident protection is once more disabled. Any suggestions?

You’re welcome.

That was one messed up system, after avast wasn’t running looks like whatever did that brought some friends along to the party.

Now your log shows No action taken against all the items found.

Did you subsequently run MBAM again and have MBAM deal with them ?
If not - Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed. You should also run SAS if you haven’t done so already, don’t worry about reported tracking cookies, a very minor issue, but allow SAS to deal with them.

So whatever is disabling avast is still there and possibly hidden by rootkit, so try these tools:

You should most certainly visit Secunia and ensure your system and other reported applications are up to date as it is old vulnerable programs being exploited, which are the common cause of infection.

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Avira
  2. Kaspersky
  3. BitDefender
  4. F-Secure
  5. Dr. Web

After that, I suggest an installation from the scratch:

  1. Uninstall avast from Control Panel first.
  2. Boot.
  3. Download the latest version of Avast Uninstall and use it for complete uninstallation. If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there.
  4. Boot.
  5. Install again the latest avast! version.
  6. Boot.
  7. Check and post the results.

Ok. Well, I had a problem with downloading Trend Micro RootkitBuster. Panda Rootkit Cleaner found nothing, and neither did F-Secure Blacklight. I attach the logs from the Rootrepeal scans.

I used SAS and deleted everything it found. I also ran MBAM once more and removed (hopefully successfully) the infected files. I attach this log as well. After restarting Avast works once more, and I really hope it will be functional tomorrow.

I ran Secunia and apparently I only have to upgrade Java and Adobe Reader. Any other recommendations?

I can’t easily read the Rootrepeal log it has lots of weird characters, plus the log is formatted and when converted to a text file it loses that formatting. However, what I can see is avg7.5, did you not uninstall that before installing avast ?

Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. That could well have been the factor in avast not installing correctly.

The MBAM detections look fine and now you have completer that, reboot and how is your system running now ?

Secunia should also have mentioned XP SP3, which ws mentioned by YoKenny.

Hi!
As for AVG, I installed it only last year when I had a problem with redirection of webpages. It doesn’t actively protect my computer. As for Avast, it’s been working almost perfectly for more than two years and I don’t think AVG had anything to do with it.

When I turned my computer on today Avast started up immediately and it seems things are okay.

Finally, concerning Secunia, I don’t know. I ran it again and once more it complained about the state of Java (which I updated since the first run…) and it failed to mention XP SP3. Weird.

Anyway, thank you once more for the assistance! :wink:

Well lets put it this way you have according to rootrepeal active avg processes, guard.exe and more importantly active drivers, AvgAsCln.sys, guard.sys, which hooks files.

These low level drivers are what commonly cause conflicts and for to say that “I don’t think AVG had anything to do with it” isn’t correct. Whilst you may have got away with it for two years, that is more by luck than design and the problem you are experiencing is classic conflict.

So you might get away with it for a while but there is no guarantee that this won’t happen again.

Hi!

I have this same problem…!
Yesterday some trojan attack my computer, I erased. After, I run a completely scan and the avast! found 2 infections, so I erased too.
This morning my resident protection where disabled… :frowning:
Sorry my English is very poor…

Thanks in advance for your help.

Laura

Other information:

My OS is Windows XP
My avast version. Home edition 4
My PC has 2 GB memory / 180 RAM / Intel Core Duo.

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Avira
  2. Kaspersky
  3. BitDefender
  4. F-Secure
  5. Dr. Web

After that, try to repair your installation:
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
If this does not help, can you uninstall / boot / install / boot again?