This program [Avast] is blocked by group policy. For more information contact..

I was using Panda antivirus and my computer became infected. I worked this out because each time I attached a USB memory stick it became full of shortcuts, Panda came alive warning about Trojans, and the files on the stick disappeared. To make sure it was the computer rather than the memory stick, I put in a virgin stick, and the same thing happened. I scanned my computer rigorously, but found nothing (with Panda nor with malewarebytes). I therefore downloaded Avast, and I received the message:

This program is blocked by group policy. For more information, contact your system administrator

I see that I am not the first person to receive this message, and I am therefore starting a new thread as recommended in one of the threads I’ve read.

Thanks in advance

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Panda came alive warning about Trojans, and the files on the stick disappeared.
they are probably just hidden .... removal expert (TwinHeadedEagle) will correct this with MCShield, when you have attached requested logs

Monitoring…

Here are the first three reports: I’m just waiting for the virus definitions to load for aswMBR.exe before getting it to scan. I’ll send that one as soon as it’s done.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

I’m attaching you the aswMBR.exe log before I try using your fix, TwinHeadedEagle, for which, thanks. I think this program also made a file - MBR.dat - which I’m not attaching this time.
My computer crashed while aswMBR.exe was going its first scan - blue screen with a message saying that Windows was terminating as my computer was in danger. This is the first time I can remember reading such a message on this computer.
The log you see attached is therefore the result of the second scan that aswMBR.exe did. Windows said that it made a crash log, but I don’t know where to find this - I haven’t searched.

I did as you instructed TwinHeadedEagle: FRST64.exe, FRST.txt and fixlist.txt are all in the same place - on my Desktop.
However, no fixlog.txt file was created on my computer. Instead however, FRST64.exe was re-saved (new time stamp) - and a new folder was created, FRST-OlderVersion with the original FRST64.exe file from this morning as its only content. I’ve tried to post the new file, but it’s too large for your system.

Please execute Fix again.

This time it worked, and attached, you should find the fixlog.txt file.
I was going to get aswMBR.exe to scan again, as I think it froze the last time: it continued scanning after I’d sent you a log.
I’ll await your instructions, in any case.

Very good. Can you install Avast now?

Yes, TwinHeadedEagle, I have been able to install Avast - and have done so and switched off Panda.

However, I still have a problem with my external hard drive, which shortly after being attached (via USB) becomes inaccessible. Initially it appears as normal and I usually open Windows Explorer to find a file in it - all fine, until a moment when the drive suddenly becomes inaccessible. It’s still there (although it’s now just called ‘Local Drive’) but when I click on it, a window appears saying that it is inaccessible.

I tried scanning it with Avast as soon as it appeared in Windows Explorer, which certainly delayed the moment of inaccessibility, but did not prevent it happening a little later. Avast found nothing; nor has it found anything on my computer.

Any ideas?

Many thanks for your help with installing Avast.

Did you follow Pondus’ advice regarding MCShield?

Pondus:

“removal expert (TwinHeadedEagle) will correct this with MCShield, when you have attached requested logs”

I was awaiting the instruction from the Removal Expert.

I guess that you mean I should install MCShield now? I’m going ahead with it, but please give me any additional instructions I may need.

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[
]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Dear TwinHeadedEagle,

It feels too good to be true, although as time passes, my initial terror, that it wouldn’t last, and wonder, that it did, gradually diminish.

My external hard drive remains accessible: miraculous!

I attach the log as requested

What should I do to retain this state of bliss?

Many thanks!

there is a forum problem with MCShield logs, when attaching it is not readable…
So this log you copy and paste :wink:

Opening with android / opera work, so i have copy pasted it for you

>>> MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<

14/05/2015 11:51:58 > Drive C: - scan started (Ols ~446 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<

14/05/2015 11:52:39 > Drive E: - scan started (Back Up 2 ~932 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<

14/05/2015 11:53:42 > Drive F: - scan started (EOS_DIGITAL ~15079 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.12.1 / Windows 7 <<<

14/05/2015 11:54:45 > Drive H: - scan started (CORSAIR ~29541 MB, FAT32 flash drive )…

=> The drive is clean.

Dear Pondus and TwinHeadedEagle,
Many thanks for copying and pasting my MCShield log, Pondus.

Unfortunately, while my external hard drive worked fine for a bit, it then stopped and started exhibiting its previous behaviour – becoming inaccessible and losing its name.

Am I correct in deducing that the Trojan (if that is what has infected my computer) is still present, but is being disabled by MCShield – at least, for some of the time?

I’ve looked at the log file (MCShield-AllScans.txt) but there is no change from the one I sent you yesterday.

Please let me know what you’d like me to do next.

Your external drive is probably malfunctioned. Did you try to attach your drive to other PC?

Dear TwinHeadedEagle,
Thanks for Friday’s suggestion.

Up to then, I had not connected my external hard drive to another computer. After your suggestion that the external hard drive had ‘malfunctioned’ (I guess you meant hardware-wise – it’s definitely been malfunctioning software-wise), yesterday, I tried connecting it to another computer.

This computer was I believed, well protected; furthermore, I only copied files from a memory card (from a camera) to my external hard drive, in an attempt to reduce the scope for infection.

My external hard drive did not exhibit the same behaviour that it does with my computer. It remained active and accessible throughout the time it was connected (more than an hour). I did however, notice a dreaded shortcut appearing in a newly created folder on the external hard drive, so I guess that it too, is infected with this malware.

It seems clear that Avast and MCShield are not effectively blocking the action of the malware on my computer and external hard drive. Please let me know if you have any ideas on what I should do next.