I never thought I needed a whole lot of security software, since I rarely download anything (and I thought that was the only way to be infected). I guess I’m learning my lesson now.
I had been running AntiVir, didnt think it found everything. Switched to AVG. Then I began having problems with them, and assumed it was their software, and someone recommended Avast. About 3 days ago, before i installed avast, the other software had found a couple of trojans. Quarantined them, and eventually removed them, until suddenly AVG was corrupted. Files were missing, and it was unable to run. I re-installed them, ran a scan, found more trojans. Again the security software was down again, and this happend with both the antivir, and the avg. I uninstalled both, and installed avast.
So far, the avast is working ok. I have found yet 4 more trojans, but as of now the avast software is ok, and none of its files are missing… yet. Is it possible for the viruses to specifically attack any antivirus software I put on my comp?? Also, is it possible to get the viruses from myspace?? I’ve been playing one of the games on their site, and assumed the worst I could get from it was spyware, but these infections have got to be coming from somewhere… Any ideas??
Any help would be greatly appreciated!!!
ps. I also had Ad-aware, and that too had files suddenly missing, and was unable to run.
You don’t have to download anything to get infected or at least attacked these days.
There are many malware variants that attack anti-virus and firewall applications.
From avast version 4.8 there has been a self-defence module in avast, this greatly limits the potential for it to be attacked and disabled, though nothing in life is guaranteed.
It is entirely possibly to get infected at myspace and facebook, in fact they are I would say a moderate risk as all they have to do is craft a page to try and attract people with social engineering tricks, ‘I have seen you naked on myspace,’ etc. and off they go like lambs to the slaughter as when they open that page it can activate an exploit to try an infect your system.
Fortunately avast has the web shield and is quite good at detecting these exploits before they can harm you, but you still need to exercise care.
AdAware is a relative lightweight.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file). SUPERantispyware On-Demand only in free version.
HI
Avast User here
I’m concerned that with all the switches of AV you may have set yourself up for some hard to diagnose problems
before you do anything else try a manual update rt click the blue ball and click updateing
select program update and click
did it work?
rt click the ball again and schedule a BOOT TIME SCAN
send any hits to the chest do NOT remove/delete
post the log here
C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt.
what firewall, os etc do you run
did your system come with an AV or suite pre-installed? which one?
when you removed AVG did you run the “latest installer” (if you had been installed and there had been AVG updates your original installer would not know about them)
go here http://www.pchell.com/virus/uninstallavg.shtml
do what it says if you did not do it exactly as it says already and had AVG long enough for it to do a PROGRAM update
now go to the bottom of the PC hell page
and follow the links for Norton Mcafee panda or any pre-installed or self installed AV
lastly
link to the remove Antivir page at PCHELL
and do the same for ANTIVIR- another fine program but too much is too much
run the antivir reg cleaner
It may find crap from all the other AV’s
that’s why you run it last
REinstall Avast
run CCleaner stand back (not the registry cleaner part)
set a new restore point
Now Do the Superantispyware scan David R recommended if you have not already done it
update-run
post the log here
as before quarantine do not completely remove/delete hits
My goodness! Who knew actually using the forum would result in real help!! Ok I’ve just been thru the steps you stated, and I’m going to try to address it one by one. Btw, my os is XP (service pack 3 if that helps), I’m just using the windows firewall so basically just what it came with… No AV software came with the comp.
Ok I started out manually updating as instructed. Worked fine, and there were no new updates. (I just installed Avast yesterday, before I did the first boot scan yesterday I checked for updates, and I got those successfully).
I’m about to do the boot scan, I just had to finish something first, but this is the reported issues from the boot scan I ran this morning before I knew that it was better just put it in the chest and not delete it.
8/1/2008 9:48:55 AM Evelyn 2688 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang.exe$R1$PLUGINSDIR\utility.dll” file.
8/1/2008 9:49:22 AM Evelyn 2688 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\US\acslang.exe$R1$PLUGINSDIR\utility.dll” file.
8/1/2008 10:17:30 AM Evelyn 2688 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{CCEB12D6-04B7-47CF-9986-65894874A813}\RP500\A0048985.exe$R1$PLUGINSDIR\utility.dll” file.
8/1/2008 10:17:40 AM Evelyn 2688 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{CCEB12D6-04B7-47CF-9986-65894874A813}\RP500\A0048986.exe$R1$PLUGINSDIR\utility.dll” file.
I did go to PC, followed the instructions for both, and both the AVG and AntiVir we completely removed. I will post the results of both scans when they are done. The superantispyware is running now.
Good On Ya
fast work
those hit in the chest could be false positves since the have the -gen or general suffix
(or they may be real)
check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Unfortunately I cannot run the files from the previous post in Virustotal because I deleted them this morning befor I had found the avast forums.
Here is the log from the superantispyware scan. When I’m done writing this I’m going to run my boot scan.
You can let SAS deal with all those entries if you haven’t already done so.
Most are just registry entries with no associated file (which is good) making the entry inert, no risk letting SAS delete the registry entry is fine.
Trojan.Media-Codec
C:\Documents and Settings\Evelyn\Favorites\Online Security Test.url
Again this isn’t a file on your system but if you used it in your favourites could compromise your system, again let SAS deal with it.
Tracking cookies are a minor privacy nuisance rather than a security risk, but let SAS deal with it. I personally don’t have the SAS scan even bother looking for these, I periodically clean out my cookies and don’t allow third party cookies to be saved, in the SAS Preferences you can uncheck the Tracking Cookies option (your choice).