Hi,
Sorry if this is in the wrong place or there has already been a topic like this.

A while ago i started noticing that some new programs id installed (Windows Live Essentials 2011, Internet Explorer 9 etc.) didn’t work when i first installed them, i got a blank white screen or a white screen followed by “internet explorer.exe” has stopped working.

The only cure ive found so far for these applications are to Sandbox them, thats a bit annoying though because it means i cannot sign in, in windows live messenger, and I’m sure it has other restrictions to.

I don’t know if this is a problem caused by avast! or if avast simply gives me a little work around, but i didn’t know where to post this so i thought id try here first,

Any help would be appreciated,

Hello Z33RO and welcome to the forum.

1. What is your OS, 32 or 64-bit?
2. What version of Avast did you install? 5.0.677 is the latest version.
3. What product of Avast did you install? Free, Pro, AIS?
4. What other security software do you currently have or did you have in the past on this machine including antivirus (AV), firewall (FW), and other security programs?
5. Have you done any scans with Avast to see if you have malware/infections? If so, what type of scan(s) did you do, and is there anything in the Virus Chest (VC)? If so, please give a screen shot of the VC or type the exact words.

You may want to take a look at this thread regarding IE9: http://forum.avast.com/index.php?topic=63974.0. Thank you.

Hi, Thanks for your quick reply,

1. 64- bit
2. 5.0.677
3. Internet Security
4. Just Avast!
5. Recently i got a virus outbreak from visiting an infected site, it gave me an appdata virus and it spread fast creating more viruses and stopped task manager from working, ive fixed this now and task manager works again i still scan appdata a lot just incase i havent gotten rid of them all yet, usually i do a full system scan once a month

Ive included a screen of my current virus chest (i deleted alot of them just after the infection but some are still there)

It is safer to leave things in the VC for a good 2 weeks in general. This way, when Avast does its updates, some things that may have been detected as threats can be rescanned (right click > rescan) and then are found to be false positives in some cases.

It is best NOT to delete these items.

I suggest you do the following:

1. Keep your Avast defs up to date and keep scanning as you are doing.

2. Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
   · Download free http://www.malwarebytes.org/ for an on-demand scanner.
   · Double Click mbam-setup.exe to install the application.
   · After install, click update so you have latest database before scanning.
   · Under Settings:
   o General: Automatically Save File After Scan Completes is checked off
   o Scanner Settings: Check all boxes
   o Updater: Download and install update if available is checked off
   · Once the program has loaded, select “Perform FULL Scan”, then click Scan.
   · The scan may take some time to finish, so please be patient.
   · When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
   · Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
   · The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
   · Copy & Paste the entire report in your next reply.

3. Clean your machine: Download CCleaner, a freeware system optimization, privacy and cleaning tool. There is a Slim version available as well at http://www.piriform.com/ccleaner/builds - 4th options down. It removes unused files (cache, temporary Internet files, etc.) from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner (I suggest making a backup in Documents “just in case”).

4. Clean the temp. Internet files that CCleaner doesn’t get: Download Download TFC by OldTimer to your desktop.
   http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
   · Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
   · It will close all programs when running, so make sure you have saved all your work before you begin.
   · Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
   · Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Post your MBAM log in your next post. Thank you.

Hi,

Sorry for the late reply, i had started the scan and it had been going for 3.5 hours but the power went out, so ive had to start again, would you like all my drives scanned or just C:? I ask this because my J:\ Drive is 1TB and takes a long time to scan, its only got files on there (not operating system files)

Ive reran the scan but this time only on my C and B Drives it looks like its got around 10 - 20 mins left so far its picked up 1 infected file on C, last time it scanned most of J and it didnt pick up any infected files last time

Okay ive scanned B and C drives it found 2 things

1. Task manager hijack which ive already sorted out
2. and something to do with regedit

Ive attached the full file

You chose No action taken

You should let MBAM repair those items.

No i did let it fix the items because

1. it told me to restart to make the necessary changes
2. Ive rescanned and its not finding any infected files anymore

Maybe that was the log before it did that

EDIT: Sorry yes that was the wrong log file

That’s good then.

Ive ran Ccleaner and TFC.exe but i still cant access those applications properly without sandboxing
ive attached some pictures

Picture1.png - A selection of Apps that dont work well when started up

Picture2.png - When i startup Windows Live Mail in sandbox

Picture3.png wouldnt fit on that last message so its here

This is getting unbelievable now, pretty much every new application is going like this now

Even though MBAM did it’s job, you have more issues going on. If this machine is on a network, disconnect it from the network for now. Do you have another machine you can use in the meantime?

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Once you complete your OTL logs, do not make any further changes to your machine.

I will be contacting a Certified Malware expert to assist you with your problems. His name is Essexboy, and he will respond to you in this thread once you post your OTL logs. He is on UK time and usually comes to the forum late UK time. Be sure to check this thread daily as he will be giving you instructions.

In the meantime, I will continue to assist you then remain in the background while he works with you. Do you have any questions?

Ok, im just running the OTL, will post the results soon

Thanks,

Hello,

I have ran the OTL and received the logs which are attached to this message
No i do not have a machine i can use in the mean time, but i still do alot of things on this one so its not completely useless for now, i have some virtual machines, i haven’t really tried them much but it may still do the job.

Hmm this is an intriguing one, have you tried uninstalling IE9 and seeing if the same problem occurs with IE8

I can see no apparent malware and the main registry associations look good

I would like you to run the following programme, it would be best doing it overnight as it will take a while. But it will rule out a malware cause

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Ok, im currently uninstalling IE9 and installing IE 8 once thats done and we get the results i will run the w2vx4cg3.exe in safemode and let it run for the day, its 11:07am here at the moment so i should have all day to run it

Hello,

Ok ive installed internet explorer 8 and it runs without sandbox!
Im just about to boot to safemode and run the program

I ran an express scan with dr.web but it didnt give me the option to save a log file, also it only took 18 minutes
is this ok? it said it didnt find anything

Yep that looks good. OK next question are you adding all programmes to the sandbox automatically ?

Check under the sandbox shields (if using AIS) that there are no programmes set to run automatically as changing to IE8 may indicate that as the problem