So having two issues with AVAST! (Free and Pro Antivirus)

So I seem to be having issues with AVAST! Free AntiVirus Software and Pro Antivirus Software.

I run Windows 7 Ultimate

So to start with the first problem, it’s with free antivirus software. I know I should probably download the pro first, but just hear me out. So free antivirus software has this issue where it says that the “programs has stopped or is in an inconsistent state.” I’ve looked up how to stop this problem but nothing works! I’ve tried repairing it, uninstalling and re installing and the ASW Utility uninstall method and nothing works! It just keeps on giving me the same problem, I don’t know what to do!

So here comes the second problem, I decide to download Pro Antivirus instead, maybe that should work right? Wrong. Not only do I get the same issue with the free version, but now, for some reason, my keyboard refuses to work!? My mouse works fine, but now my keyboard stopped, and it’s not the keyboard itself, I tried another one and the same issue arises. These are USB keyboards btw. I went to the drivers and found out that avast put some driver inside the keyboard and now it prevents me from using it. Of course, I uninstall it and it works fine again. I don’t know what to do!

Please I need an solution to this problem, I really want this program to work cause viruses are messing me up. Can anyone help me?

hi PhantomMinaX1,

Thank you for posting here.

Problems with installing and running Avast! likely related to the ‘viruses’ issue you are having.

We can help you with that.

Firstly, since you may not have any antivirus protection, strongly suggest using another computer to download and transfer these programs to the sick computer. This means sick computer does not see the internet again until the all clear is given by the malware expert assisting you. You can use an USB stick to transfer needed programs and logs to/from to post here in the forum. The idea here is to protect it from further damage and infections.

  • AdwCleaner
  • Malwarebytes
  • aswMBR
  • OTL

Attach the resulting logs here in your next reply, not copy/paste.

To start this process you go here: http://forum.avast.com/index.php?topic=53253.0

Well I did all the scans so here are the logs. I know I shouldn’t copy and paste, but I can’t seem to attach all of them, so here is the shortest log I have to paste here. The other logs are in the attachments.

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 10:48:54

10:48:54.921 OS Version: Windows x64 6.1.7601 Service Pack 1
10:48:54.921 Number of processors: 4 586 0xF0B
10:48:54.921 ComputerName: BRANDEN-PC UserName: Branden
10:48:54.969 Initialze error C0000001 - driver not loaded
10:48:56.116 AVAST engine defs: 12101001
10:49:01.229 Service scanning
10:49:02.094 Modules scanning
10:49:02.096 Disk 0 trace - called modules:
10:49:02.099
10:49:02.116 AVAST engine scan C:\Windows
10:49:02.131 AVAST engine scan C:\Windows\system32
10:49:02.164 AVAST engine scan C:\Windows\system32\drivers
10:49:02.176 AVAST engine scan C:\Users\Branden
10:49:02.189 AVAST engine scan C:\ProgramData
10:49:02.194 Scan finished successfully
10:50:07.673 The log file has been saved successfully to “C:\Users\Branden\Desktop\aswMBR.txt”

Well I did all the scans so here are the logs. I know I shouldn't copy and paste, but I can't seem to attach all of them, so here is the shortest log I have to paste here. The other logs are in the attachments.
well....you dont have to attach all in the same post ;)

anyway this looks ok

OBS: do you have avast and Norton/Symantec installed ?

Oh well thank you for telling me that, I’ll keep that in mind next time. |

And I have Avast installed, but not norton/symantec

And I have Avast installed, but not norton/symantec
used it before then ?....as i see some files in there
PRC - [2011/12/01 03:58:44 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe SRV - [2011/12/01 03:58:44 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2011/05/03 14:56:02 | 000,126,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)

anyway the removal specialists are notified…should be here soon :wink:

Weird, I don’t remember using it. That’s really strange. Thank you.

while waiting you may run Norton removal tool and reboot

Nr #26a http://singularlabs.com/uninstallers/security-software/

Hi I can see the culprit

Please follow these instructions carefully as we will only have one shot at it

When you see the following items in TDSSKiller select Delete :

FILE : C:\Windows\SysNative\drivers\aaf348065100b1c.sys
DRIVER/SERVICE : aaf348065100b1c

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I know this should be meant for putting in the logs but you said something about this:

When I ran the TDSSKiller, no such thing popped up. It said that no objects were found. Should I continue to combofix and then put both reports in the next reply, or is there a problem?

I’m just making sure I’m doing this right because I don’t want to screw things up :frowning:

Run Combofix please as the malware has probably changed, also could you attach the TDSSKiller log

Combo is currently doing it’s thing, I’ve attached the TDSSKiller log in the previous message I posted if you wish to check that out.

Alright here is both the combofix log and the TDSSKiller Log.

Also my computer seems to be running as it was before the combofix began scanning.

It blocked TDSSKiller, so I will run Combofix on it and then I would like you to immediately follow up with TDSSKiller again please, deleting the files if present

  1. Close any open browsers.

  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit:: C:\windows\System32\Drivers\aaf348065100b1c.sys

File::
C:\windows\System32\Drivers\aaf348065100b1c.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aaf348065100b1c]

Driver::
aaf348065100b1c

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

What do you mean by this? I’m having trouble understanding what you mean. Should I do the instructions you gave below first then TDSSKiller or do TDSSKiller first then do the instructions?

I did it! I followed your instructions and was able to find the malware causing the problems! I destroyed it and after rebooting, avast finally worked! I will post the final logs just in case. Thank you so much for all your help!

hi PhantomMinaX1,

Very tricky one, that.

Not often we see one exactly like yours.

Wait for essexboy’s all clear. Once you are clear, you should be able to install Avast! with little to no problems. Glad to help here. Come back if any other problems come up.

EDIT: Ooops, sometimes I read too fast for my own good. ;D

OK it looks like combofix has been upgraded to kill this one. Could I have a final OTL run please to confirm that all is clear

Currently I am on a trip with my family so I am unable to do the OTL scan at the moment. Once I return home, I’ll run the scan and report back. Sorry about that!

No problem, family rules ;D