resident scanner and firewall disable automatically

and both cannot be enabled

It all started with a weird background (blue background with vertical lines, text in red and white (with spelling errors)

WARNING!
YOUR’RE IN DANGER!
YOUR COMPUTER IS INFECTED WITH SPYWARE!

etcetera

Avast found some infected files after a boot and normal scan

SUPERAntiSpyware found >400 threats (most of them are Adware Tracking Codes)

I’ll keep updating this topic

Hello DADEKEWL

your pc is infected for sure.

update your avast and do a boot time scan. that should remove some things.

then get malwarebytes antimalware(mbam) from here : malwarebytes.org(free version) install, update and perform full scan. post log here.

before everything turnoff system restore.

thanks 4 the advice.

I turned of System Restore, updated MBAM and scanned all my drives.

attached is the logfile

you are always welcome.

welcome to the forums.

after reboot are those warnings which you stated popping up again?.. or they all are gone?..

make sure you repair your avast once and do an update.

a thank u a day keeps the … away :slight_smile:

since the reboot no more popups/backgrounds

Avast is resident again and firewall is turned back on

I always update my Avast regularly, but I think one of my webvisites wasn’t that safe…

From now on I’m sitting behind my pc with a large condom over my hands!!

and I will schedule a full thorough scan when I’m fast asleep :slight_smile:

thanks again and I hope this info is also helpful for other victims

you are welcome.

use wot addon.

which is available for both mozilla firefox and internet explorer. get it : mywot.com

@nmb
WOT is very subjective and that’s why I prefer Finjan Safe Browsing

@DADEKEWL

mbam-log-2009-08-02 (20-39-10).txt (5.11 KB - downloaded 3 times.)
Does not download for me it just hangs so I have to hit Cancel.

The MBAM log is not long so why not just copy-n-paste it?

From now on I'm sitting behind my pc with a large condom over my hands!!
I prefer a nice Laker: http://www2.brickbeer.com/brands/lakerStrong

Open or save?
Works for me with both (and in FF and IE8)

considered! yokenny. will use it for ff together with wot.

@DADEKEWL

mbam-log-2009-08-02 (20-39-10).txt (5.11 KB - downloaded 3 times.)
Does not download for me it just hangs so I have to hit Cancel.

works for me too…

@yo kenny

please check the pic. and comment. i just googled for “remove spyware” and finjan marking sites which distribute rogue ware as safe?.. can i rely on it?..(just asking). ???

Hi nmb,

With the new situation of silent redirects from malcode injected on normally trusted and reputable sites occurring every other minute now or rather every so many secs, the use of so-called reputation link scanners has become more of an indication and the amount of added security has become questionable. WOT is such a scanner, using scandoo.com , a site that scans each search result to see if there is anything malicious behind the links and then feeds the security results back into your search page. Finjan is a real time scanner, but one is dependent whether the scanner can find the injected redirecting malcode. Then there is a browser plug-in for IE, Firefox, Flock etc.DrWeb’s av link checker browser plug-in with which one can pre-scan a click-able link before actually clicking on it, but it scans only what is on/in the main domain, so sometimes the scanning is not deep enough and it may miss out malicious sites for that reason. So none of these pre-link scanners be they real time or depending on a user-reported reputation database is a full-proof solution. Indicators only and one should use one’s grey cells to evaluate the online risks, going to a dark alley online means a risk to get clubbed over the virtual head!
The thing that will work is having the shields of avast resident av-solution active for your browser- they hold spearhead technology and are state of the art latest technology: in IE, Firefox, Flock or SRWare’s Iron (a Google Chrome browser without the major Google privacy and tracking concerns) Go for full proof solutions like the Firefox or Flock add-ons like NoScript (never circumvented before by exploits and malcode) Request Policy (to block third party content selectively) and ABP with a malware list subscriptionm from Brazil. The installation of SpywareBlaster is also a good advice on a non-spyware infested computer to harden browsers against adware, spyware etc.
As the majority of the modern malcode threats are browser related, mostly performed from malware injected websites redirected to silent malware donload sites (for instance from another continent),
in-browser security should be a main concern to keep your OS free of malicious code and its crippling payload(s),

polonus

i have all of these installed except the request policy addon. so now i’m sure that i’m safe.

thank you polonus :slight_smile:

The addition of a good HOSTS file managed by HostsMan with its browser speedup proxy HostsServer is an additional layer of protection. I use hpHosts and MVPS HOSTS files.

@yokenny

Thanks pal

but i use open dns.

I use OpenDNS as well as an additional protection layer.
Eveything I use won’t fit in my signature.

;D mine too.

actually, i read you recommending the hosts thing in so many posts and tried it too. from the last update - 30th july , windows defender is suspecting it as a hijack. so have removed it temporarily. after installing the latest update i’ll check if it is solved.

Windows Defender detects changes to the HOSTS file and that is probably what it is reporting.