[Resolved] AVAST stops very often

system · August 25, 2010, 10:37am

It did and I have deleted them. (14 elements : 1 trojan, 12 registry entries and 1 malware)

system · August 25, 2010, 12:34pm

I have restarted the computer and waited. It seems it’s not better.

system · August 25, 2010, 1:34pm

I may have found something else.
It seems like searching something on the web stops avast! services (each time I search something on google, or watch something on youtube, and very often when i just navigate on a web site) because I had to restart it about 100 times during the last hour, and there is no viruses left on my computer.

If you want to compare, I must restart Avast! about 1 time each hour when I am not connected to the internet.

system · August 25, 2010, 10:23pm

Can you copy and paste your last MBAM log and post it here for me to review. Thank you.

After this, I will give you further instructions.

system · August 26, 2010, 7:25am

ok.

`Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4474

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/08/2010 12:33:32
mbam-log-2010-08-25 (12-33-32).txt

Type d’examen: Examen complet (C:|D:|E:|H:|)
Elément(s) analysé(s): 484911
Temps écoulé: 1 heure(s), 55 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) → Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\glassfishv3\pkg\python2.4-minimal\msvcr71.dll (Malware.Packer.Gen) → Quarantined and deleted successfully.
`

system · August 26, 2010, 7:29am

It’s not the last i made but it’s the lonely which found something

system · August 26, 2010, 7:32am

At least we know now that malware was causing your problems.

system · August 26, 2010, 7:36am

Next, I’d like you to run an OTL log. See the thread here: http://forum.avast.com/index.php?topic=53253.0. You have already run the MBAM part, so you can skip that. When you run your mouse over “OTL” in red, you can download OTL to your machine…put it on your desktop and follow the instructions on the thread.

I would like you to attach the OTL log to your next post because it is very long. To attach: click on “Additional Options” in the post page > “Attach” > browse (your OTL logs will be on your desktop – 2 logs).

Do you have any questions?

system · August 26, 2010, 8:26am

Now you have many informations about me…

system · August 26, 2010, 8:27am

I will take a look and get back to you. Thank you.

system · August 26, 2010, 8:37am

I’m going to refer you to one of our Certified Malware Experts. His name is Essexboy. He will respond to you in this thread. I want him to review your logs in detail and he will ask you additional questions and ask you to do more things to problem solve so we can get your machine working again. In the meantime, I will sit in the background and monitor the situation. Do you have any questions?

system · August 26, 2010, 8:42am

In the meantime, please to not make any changes to your machine. He should be checking in with you most likely tomorrow evening.

system · August 26, 2010, 8:58am

Ok, thank you and him too.

I have no question at the moment.

system · August 26, 2010, 9:05am

When exactly did your problem start? Is the problem that you have only with Avast starting/stopping and the mouse or is there more? He will want to know this.

system · August 26, 2010, 9:17am

I think my little problem with the mouse started when i have first installed avast 5 (I was running avast 4.8 before). I don’t know really when it was but more than a month ago.

The problem of Avast stopping, I don’t really know, I noticed it first about two weeks before starting this topic. I don’t remember if I already had MSE or if I installed it later.
(I’ve already uninstalled MSE, following your advice)

system · August 26, 2010, 9:19am

I haven’t seen any other problem.

system · August 26, 2010, 9:20am

We’ll just wait for Essexboy and he will ask you more questions and give you more instructions. For now, do not make any changes to your machine or you will need to do the MBAM and OTL logs again. OK?

system · August 26, 2010, 9:50am

Do you think I should reinstall Avast now I have used MBAM to clean my computer from viruses ? I’ve just done a new analysis and it finds nothing else.

essexboy · August 26, 2010, 1:04pm

Does Avast update normally when you trigger a manual update ?

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - No CLSID value found. 2010/07/27 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\e
:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

system · August 26, 2010, 1:35pm

Hello,

manual updates seem to work, automaticall updates sometimes work (at least) because my definitions are updated.

I’ve just done what you told me to.

[Resolved] AVAST stops very often

Announcements