Every time I start up my computer Avast says it needs to restart my computer. I have tried everything people suggested but nothing worked. Is this a bug within Avast that hase not been fixed.

It’s being a boring problem…
http://forum.avast.com/index.php?topic=32235.0
http://forum.avast.com/index.php?topic=32275.0
http://forum.avast.com/index.php?topic=32252.0
http://forum.avast.com/index.php?topic=32314.0

We also have the Avast restart problem and it appeared after a type of virtumonde trojan infection which I have been unable as of yet to completely eliminate. I have removed and reinstalled Avast and it got infected again as it asks for a reboot every time we start up. Spybot S&D finds the virtumonde trojan and removes what appear to be its files but then it reinstalls itself somehow on restart. I have noticed a corruption in the qttask exe which is caught by the Spybot Tea Timer.

Can someone explain to me how Avast people can help me get this detected and removed? When I reinstalled Avast I did a boot scan and it found nothing. I also removed Avast and Spybot S&D, downloaded the latest Trend Micro trial software, and it detected nothing but some minor tracking cookies. I have followed this discussion through different threads on this forum and it seems like the Avast people don’t have a solution yet. Is this correct? I also tried the RenV.exe proposed above and it found nothing. Is there a beta update I can try?

Maybe this link helps:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99&tabid=3

Also, the tool described in the essexboy’s post will produce a list of altered files. You will be able to see which programs are corrupted. This link will take you to his post and the tool link.
http://forum.avast.com/index.php?topic=32297.msg269932#msg269932

Thanks for the help I was infected with the Trojan.Vundo Virus and since I got rid of it I have not had the problem.

Thanks for the symantec link. I tried that after doing a complete off/on reboot. I know the adware reinstalls files to the registry because Spybot catches them. I first ran spybot to make sure the registry entries were back, but I didn’t let Spybot remove them. Then I ran the symantec virtumonde removal program. Unfortunately, it found nothing, not even the registry entries Spybot found. I then went back to Spybot and cleaned out the entries so that my daughter can use her computer without her browser getting crazy. I will attach the complete Spybot report and if any of you techies could interpret it I would appreciate it. This is a nuisance to have to run Spybot everytime we reboot the computer. I’m not blaming Avast because neither Trend Micro nor Symantec can find the file that keeps reinstalling itself. Thanks!

If you follow the Virtmonde? thread and the advice from Essexboy, that sorted my system out. You download a file called Combofix that removes all the versions of the Virtmonde/Vundo virus, then use another program to repair any files the virus corrupts. You’ll probably need Essexboy’s guidance for that part.

or any of the other threads lol. Combofix is definitely the solution.

I had this, first real infection I’ve ever had, several generalist anti-malware apps couldn’t fix it so it didn’t come back, neither did vundofix or virtumondebegone, combofix did the job nicely, didn’t need anything else to repair any damage either

Thanks for the great help. Combofix was what I needed and so far Spybot and Avast have not detected any recurrence. Just before I downloaded combofix I tried a FIXMBR through Windows Repair Console and it didn’t work. I assume the Virtumonde trojan didn’t plant something in the boot record. After trying that I ran combofix and it apparently has taken out all the bad stuff. I am attaching my log report from Combofix if anyone wants to look at my infection. Interesting how the trojan replants itself in those qttask.exe files. Moves the .dot over one space at a time. How do these bad guys do this stuff?

OOPS. After making this post I got reinfected somehow. So now I’m back to the same problem. Avast finds it as Win32Tra+BHO[trj]. Avast found in planted 3 times, once in a subdirectory called QooBox. Back to work I really want to get this cleaned up. I have posted the latest combofix report, and it clearly shows again lots of corrupted files removed.

HELP!

They need to do it to stay one step ahead of the malware chasers - we all play catch up

I guess Qoobox is a subdirectory of combofix. The other 2 files were planted in the Windows\system32 subdirectories. The file name is jkklk.dll.vir.

I googled this and the posts point me to combofix as a solution. I must be doing something wrong or skipping a step somewhere. Here is the combofix text report attached I just ran after a system shutdown and restart. I ran it without disabling Avast and as combofix was running again Avast found the Win32Tra+BHO[trj] infection. Should I disable Avast when running combofix? Is this the mistake I am making?

I’m confused …

Here we go with a little fix

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

Sorry I was late with this I didn’t see the first attachment

Thanks! I found your other posts on related subjects while searching this forum. Here are the 2 reports attached after doing what you suggested. I ran the hijack this report after shutting down and powering back up.

Now the best part of the day ----- Your log now appears clean

Time for some housekeeping
[*] Click START then RUN
[*] Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

[*]
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

[*] When shown the disclaimer, Select “2”

The above procedure will:
[] Delete the following:
[] ComboFix and its associated files and folders.
[] VundoFix backups, if present
[] The C:\Deckard folder, if present
[*] The C:_OtMoveIt folder, if present

[] Reset the clock settings.
[] Hide file extensions, if required.
[] Hide System/Hidden files, if required.
[] Set a new, clean Restore Point.

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
[*]SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe