Where do I start? First, I have a Sony Vaio with Vista Home Premium. Ok, when I turned on my computer I received an error message from Avast! that it could not download updates…I was also unable to do it manually, although I had an internet connection. I could not turn on the on-access protection, and I got an RPC error when I tried to run Avast! So, I went to the FAQ and did what they recommended. To no avail. I did this as administrator and with firewall deactivated. I tried to repair Avast and got this message “A setiface error has occurred:2 Try to reinstall or contact support please!” Then, I removed Avast using the removal tool…downloaded and tried to reinstall. I got a message saying that (translated from German) “Avast setup no longer works.”
Here’s the kicker. No matter which anti-virus/spyware programs I try to install…I get similar messages. I’ve restored the computer to earlier dates, I’ve used safe or secure mode. Nothing! I can’t use Hi-jack this either. Anybody out there with a clue about what is happening on my laptop?
First thing is to tell us if this is a new laptop and, if so, did it come with a pre-installed anti-virus software?
If it is not a new laptop, has there ever been an anti-virus program on this laptop, if so what was it, has this old anti-virus been removed, and how was it removed?
I had bought this laptop last October…Norton was pre-installed. I immediately removed Norton using their removal tool and installed Avast, because I’ve been satisfied with the program in the past. It had been working fine until about 3-4 days ago.
Here’s a bit of extra information: Vista, Centrino Duo 1.8 Ghz, 2Gig RAM, 160 Gig HD, Vista Firewall, DLink WLAN, 1 user.
There is a beagle variant that can disable a number of anti-viruses and this is often hidden by a rootkit.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
Run a couple of these anti-rootkit tools and see if it detects any thing. Then try this anti-spyware tool, SUPERantispyware, download, install, do a manual update and then run it preferable from safe mode.
Well, whatever is going on, I can’t install any of these programs…I can’t even unpack zip files. Maybe it’s a Vista problem, although I don’t think so because for the first time since I’ve had this computer the Vista firewall blocked some actions from IE.
Maybe the German government is watching my computer. :o
There are some quite sophisticated malware and they are on the lookout for things that could do it harm, like anti-virus/spyware/rootkit tools. So it is possible that this could still be the case rather than a Vista problem.
Also as you mentioned you had NAV trial installed this could leave remnants that could be screwing things up. A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs: Removing your Norton program using SymNRT
If that isn’t it I’m afraid I have zero experience of Vista, but there is a recovery console thing with a number of different recovery tools. For more information check out this link, Mcrosoft Vista Recovery Console
You might need to repair vista… Try Windows XP w/SP2 (until the SP3 comes out).
You might need to go to a site and run a internet scan of your computer. That way nothing is installed. Make sure you have permissions set in the registry for “you” to install or modify programs.
I can’t get ANY online scanners to work. This is unbelievable. Sophisticated indeed. Even some websites are appearing with random characters scattered throughout the page. I guess I’m gonna have to bite the bullet and format. I’ll try a repair first, but I’m afraid that won’t remove whatever it is.
Btw…I had tried the Norton removal tool. Can’t get it to run. Go figure… Seems like others in the forum are having similar problems with getting Avast to start on-access protection. Maybe there is something new out there.
I tried the scanner and got a message that there is a problem with onlinescanner.cab… I also got a similar message from the norton online scanner. The filename was something like enavweb.cab. Hmmmm, both *.cab files. Maybe, that brings us closer to a solution.
When you download the anti-rootkit tools rename them before they get to your system like P-A-R.zip for the panda antirootkit.zip, etc. in the hope that it won’t recognise the file name, the same when you extract the executable file from the zip file, change the name again in the hope of when you run it it isn’t recognised.
Doubleclick Combo-Fix.exe
Follow the prompts. Don’t click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new HiJackThis log.
Thanks for the tips…but, again no luck. I’ve even turned off the digital signature recognition from microsoft. Well, I’ve got today off after doing a double shift. So, here I go… :-\
Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.