Ok cool, will do.
Hi, I’d planned to post my results later today, but my pc suddenly rebooted again.
The only thing that was running was firefox, nothing else.
Now I am starting to wander if that is even related to the infection since it seemed to be clean ???
Any thoughts?
Other than that, no warnings whatsoever…yet :-\
Thanks,
Robert
Did you receive a blue screen or was it a straight reboot ?
No blue screen, just a straight reboot.
Oh, and I just received another antivir Rootkit.gen warning… ???
I noticed it too late. Antivir automatically denies access after a few seconds so I couldn’t copy the warning
Guess it’s not over yet :-\
Does Avira have a log that gives the file location ?
Lets try with my favourite stand alone scanner
Save these instructions so you can have access to them while in Safe Mode.
Please click here to download AVP Tool by Kaspersky.
[]Save it to your desktop.
[]Reboot your computer into SafeMode.
[indent]You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit [b]enter.[/b][/indent]
[]Double click the setup file to run it.
[]Click Next to continue.
[]Accept the Licence agreement and click on next
[]It will by default install it to your desktop folder.Click Next.
[]It will then open a box There will be a tab that says Automatic scan.
[]Under Automatic scan make sure these are checked.
[indent]
[]Hidden Startup Objects
[]System Memory
[]Disk Boot Sectors.
[]My Computer.
[*]Also any other drives (Removable that you may have)
[/indent]
Leave the rest of the settings as they appear as default.
[*]Then click on Scan at the to right hand Corner.
[*]It will automatically Neutralize any objects found.
[*]If some objects are left un-neutralized then click the button that says Neutralize all
[*]If it says it cannot be Neutralized then chooose The delete option when prompted.
[*]After that is done click on the reports button at the bottom and save it to file name it Kas.
[*]Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
[indent]Note: This tool will self uninstall when you close it so please save the log before closing it.
[/indent]
Alrighty then…
First I have to say that I will give it another try later today (as soon as I wake up) 'cause something went wrong the first run. Just in case this one’s no good.
Here’s what I did.
For some reason I checked more then I should’ve under “Automatic scan”.
So instead of:
• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
I also checked the three individual Stations C, E and F on my computer and hit “Scan”. So it basically would’ve taken twice as long. Therefor I stopped it manually when I noticed it wanted to go over the same files again. (after 4+ hours!)
So I’m not sure if it all went well ???
Now, I also copied and saved the entire log so you only have to look at the first 6 and the last 2 lines. The rest in between are the infected files from 2 of my blogs which I’ve uploaded to my pc the other day 'cause I needed to clean them up…after I got hacked (sigh!)
Does Avira have a log that gives the file location ?Yes, I've uploaded 2 logs below.
Last, I’ve also uploaded the latest Avira warnings. I tried to copy them as much as possible into a notepad last week.
Hope it makes sense…:-\
Yep sure does
- Please download The Avenger by Swandog46 to your Desktop.
[*]Right click on the Avenger.zip folder and select “Extract All…”
[*] Follow the prompts and extract the avenger folder to your desktop - Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:
Drivers to delete:
txrggao
Files to delete:
C:\WINDOWS\system32\drivers\txrggao.sys
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Now, open the avenger folder and start The Avenger program by clicking on its icon.
[*] Right click on the window under Input script here:, and select Paste.
[*] You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
[*] Click on Execute
[*] Answer “Yes” twice when prompted.
- The Avenger will automatically do the following:
[*]It will Restart your computer. ( In cases where the code to execute contains “Drivers to Delete”, The Avenger will actually restart your system twice.)
[*]On reboot, it will briefly open a black command window on your desktop, this is normal.
[*]After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
[*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. - Please copy/paste the content of c:\avenger.txt into your reply
Glad to hear ;D
Ok, so I just did another run like I should’ve this morning and here are the results.
Now back to your next instructions.
Will get back with the results asap.
That sure went a whole lot faster, but then again, it didn’t find that txrggao thing ???
So is it gone or hiding (or something)?
Anyways, here’s the report:
Aye I thought I had killed that earlier with Combofix - so I was surprised to see it again. Is Avira still alerting ?
Kas looks good with just some elements in your restore points - which will will now remove
[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE
You now have a clean restore point, to get rid of the bad ones:
[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done
Ok, done.
No Avira warnings so far, but my pc did reboot once again during dinner (correction: and just now). The only thing that was running was firefox :-\
Another thing, I also still can’t seem to activate, update or register the free version of avast. I already have the license key, but it doesn’t work. Re-installing doesn’t help either. (I can’t even delete it from the > Software list ???)
I’ve contacted the avast support and explained the issue, but they just gave me the same license key and instructions on how to insert it which I already knew 
Please check out this short video for more details, if that’s ok. Thanks.
I’ll post my latest results later today
The licence key you are putting in is for 4.8 you need to change that to 5.0 to do this just click the register now button and fill out the form - let me know if that works
Nope, that doesn’t work either. When I click the register now button a pop-up appears (see screenshot), but when I click register, nothing happens.
I can only use the > Offline registration > Registration form which takes me to the same web page where I signed up the first time.
As for my pc, so far so good (except for the 2 reboots yesterday)
When you do an offline registration do you get a file Avastlic file e-mailed to you ? If so just double click the file
Have you tried a repair installation ?
Nope, I just an email that says:
Dear avast! user,Your registration of avast! free antivirus was successful. Your license key must now be inserted into the program.
Your license key is:
---------- cut here ----------
XXXXXXXXXXXXXXXXX-XXXXXXX
---------- cut here ----------(And then instructions on how to insert the license key)
How do I get that Avastlic file?
I did try to reinstall it, but that’s probably not what you meant right?
And here’s my latest update: No Avira warnings, but again 2 reboots last night/this morning…???
You don’t get an Avastlic file for the free version that is a Pro license only.
Have you followed the instruction on how to insert the key ?
See http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=459.
Oh, ok.
Well I tried to insert the license key many times. The problem, according to essexboy, is that:
The licence key you are putting in is for 4.8 you need to change that to 5.0 to do this just click the register now button and fill out the form
Like I mentioned a few replies ago, I can’t register through the software and when I register on the registration webpage (again), I simply get the same license key.
So I’m pretty much stuck here.
Well your email is saying “Your registration of avast! free antivirus was successful” by implication I associate the wording “avast! free antivirus” to mean exactly that and that is the name of the free 5.0 version as in 4.8 terms it would be called avast 4.8 Home.
Dear user,Your registration of avast! 4 Home Edition was successful. You must now insert your license key into the program.
Your license key is:
---------- cut here ----------
WXXXXXXXHXXXXXXXXX-XXXXXXXX
---------- cut here ----------
This was one I received at the end of December 2009, note mine mentions “avast! 4 Home Edition.”
So whether this is semantics and it is a 4.8 license had you posted the instructions we would have seen that, if item 3 was the same as this it was for 4.8.
3. right click the blue “a-ball” in the bottom right corner of the screen, then left click “About avast!”
If so you need to get a new license, when you try to get it state that you are already registered but need a new license, old one expired, etc. or wording to that effect and it won’t send back what is a duplicate.