Windows Security saying i have no virus protection

Avast Free Antivirus / Premium Security
1

Hi Everyone,

New to this stuff, can’t really get my head around it!!

I haver up to now used AVG for protection, but on Thursday it updated everything except for the virus protection. I have given my PC to my uncle to clean up, and found now huge things wrong with it.

But he has taken avg off, then put it back on, still getting the same results.

We have now installed Avast! 4, have run everything we can, and all still seems fine, although the pop up that keeps getting through which seems to have hijacked my internet explorer is still getting through on my newly installed Mozilla firefox, its a internet explorer blank page named warning! I think this is the rotter that is stopping my virus protection from updating.javascript:void(0);
Cry

Now should Avast! 4 update the Windows Security that it is protected, or do the two not communicate?

If you have anyother suggestions they will all be very welcome.

Cheers

Donna

2

Is your system time and date correct?
Did you fully uninstall AVG?

Did you try to repair your avast installation?
Which is your Windows? 98, Me, XP?
Do you use any other antivirus in your computer?

Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair). You must be connected to the internet while repairing.

If this does not help, can you uninstall / boot / install / boot again?

3

@ Tech
I would say he is using windows XP because of the comment “Now should Avast! 4 update the Windows Security.”

@ Icehockey44
Well avast doesn’t use a browser to update, so I would doubt that that is the culprit.

What is your firewall ?
Does it allow avast.setup internet access ?

  • If it does delete the entry for it and do a manual update, this will force the firewall to ask permission again.

You should be getting error messages if you can’t update avast, are you ?

The windows security center (WSC) monitors some avast files to tell if it is running and up to date, again if it is out of date or not running you should get an error from WSC, what is it ?

4

I am using XP, and my firewall is the Windows firewall,which I have now added Avast! to the list to let in.

I have now done a Trend Micro Housecall scan, and it appears that my Microsoft Office has a gremlin in it!

Detected vulnerabilities

Office 2000 UA Control Vulnerability

Transferring more information about this vulnerability…
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows a remote attacker to conduct unauthorized activities via the Show Me function in Office Help, since Office 2000 UA ActiveX Cont…
More information about this vulnerability and its elimination.
Affected programs and services: Word 2000
Excel 2000
Powerpoint 2000
Access 2000
Photodraw 2000
FrontPage 2000
Project 2000
Publisher 2000
Outlook 2000
Works 2000 Suite
Malware exploiting this vulnerability: VBS_DAVINIA.A
This vulnerability allows a remote attacker to conduct unauthorized activities via the Show Me function in Office Help, since Office 2000 UA ActiveX Control is marked as safe for scripting.
More information about this vulnerability and its elimination.

RTF Document Linked to Template Can Run Macros Without Warning

Transferring more information about this vulnerability…
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows attackers to execute macros without user warning. It is done by linking a Rich Text Format document to a template that contains an…
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Word 97
Microsoft Word 2000
Microsoft Word 98 (J)
Microsoft Word 98 for the Mac
Microsoft Word 2001 for the Mac
Malware exploiting this vulnerability: W97M_GOGA.A
This vulnerability allows attackers to execute macros without user warning. It is done by linking a Rich Text Format document to a template that contains an embedded macro.
More information about this vulnerability and its elimination.

What should i do about this, the scan says these programmes need to be deleted manually. Do you think I should take these applications off of my PC?

Cheers

Donna

5

Well the XP firewall doesn’t protect against unauthorised outbound connections, so in theory it shouldn’t be blocking avast.setup.

I’m not sure exactly what the housecall scan is saying as it isn’t pointing at a specific file or giving a specific malware name.

When it talks about a vulnerability, I would associate that with and unpatched vulnerability in Office 2000 (or Word versions) and not a specific infection.

This vulnerability allows a remote attacker to conduct unauthorized activities via the Show Me function in Office Help, since Office 2000 UA ActiveX Cont...

It appears to me it is checking for updates and I wasn’t aware that it did this. I would however recommend that you ensure you have all the latest security updates for your copy of Office/Word.

What about my question about errors given by WSC ?

Did you try the avast repair as suggested by Tech ?

6

Hi DavidR,
WSC is saying that the Avast! virus protection may not be up to date, but I only downloaded it yesterday!

I originally used AVG antivirus, but that failed to update correctly on Thursday, so I have fully taken this off of my PC, and replaced it with Avast!

But this still hasn’t solved the problem

I am a bit nervous about downloading anything from Microsoft, as the Pop-ups that we think the virus is getting in on, is titled Microsoft.

Which is the best patch to put on, if the Housecall scan doesn’t work?

Cheers for all of your help

Donna

7

But did you update the virus database (VPS)? From downloading, only the program will be the last version.

What do you mean? Can’t you scan your computer with Housecall on-line?

8

Check your system date and adjust as required, check the day month and year.

You don’t have to download anything from microsoft at the moment, I strongly doubt that the pop-ups have anything to do with microsoft, you have little to fear in visiting the windows update or office update sites.

I just said that the housecall scan seems to indicate that your system isn’t up to date and has a vulnerability. I can’t say what patch you need I don’t know and there is nothing in the housecall report you posted to say either. Other than ensuring your copy of MS office/Word is up to date I can’t say.

I don’t even know what version of office of ms word you are using ?

You mention pop-ups titled microsoft, is this the security center notifications (see image for the WSC style format) or something different ?

9

I have the up to date Avast! virus protection (just checked it) current version 00766-1 downlaod 71 (if this helps!!

DAVIDR

i have just checked the date on my claendar, and you were right, it is a week ahead of us!! so i have corrected it to the correct date!!

Cheers

Donna

10

Your welcome, but that was mentioned in the first line of Tech’s first reply.

What about my question about the microsoft pop-up, is it different to the WSC notification was ?

11

Well my unkle took off IE yesterday so I can only use Mozilla Firefox as the main page, but the pop ups are still gettig through as IE ones.

The WSC warning only comes up as a bubble next to the clock. So both are completely different.

AS I have now corrected the date on my pc, and I have updated the Avast! anti virus WSC is still saying that i am not protected. Is it possible to put another AV on at all?

My nkle has sent back the results from the Housecall scan, fromt he Hijackthis website, it lists everything in colour code, and tells you which to get rid off, and what not too. But I am not sure how I get rid of the ‘bad’ stuff!!

heres a few examples:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/nwshp?ie=UTF-8&oe=UTF-8&hl=en&tab=wn&q=
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don’t know here clean this line!

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

12

Icehockey44, most of that list (if not all of it) is clean. Yahoo and Google stuffs.
Maybe you could post your complete HijackThis log (splitting in parts if it exceeds 1000 characters).

13

These are the red highlighted ones

HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

I only have 4, well say only!!

but i don’t know how to get rid of them!!

Cheers for all your help, as you can guess, i am not too confident about this kind of thing!!

Donna

14

To be sure, the better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti
There is also Kaspersky File Scanner (The file should not be larger than 1 MB).

Virus Total is the best, in our opinion because:

  1. It uses the Windows version of the AVs so avast has more unpackers for windows and that is the version most are using.
  2. There are 27 different scanning engines greater than the others.
  3. It also has an email submission option for periods when they are busy and you get a reply.
  4. It can cue the submission and you can carry on browsing and you will eventually (not to long) get your result displayed.

You can delete this as it’s not associated with a file.

15

Hi,

I have popped the download into Virus Total,and the results were 0/32 (0%) :-\

Is this a good thing?

With the one you said to delete, the problem is I don’t know how to delete it. My uncle said to check the box and fix it, but as he attached the results in an email, there is no facility to check boxes or fix it buttins!!

Donna

16

I have just powered down and restarted, and I no longer have the WSC telling me that I am not covered!!

So have I solved my problem?

Am I covered? How do you tell with Avast!, as with AVG you just pressed update, and it either updated or told you that there were no updates available.

Cheers for all of your help, its been very much appreciated esp, Tech and DavidR

Donna

17

I don’t know if your problem is solved one part of it is solved the WSC part for sure, but not the other supposed microsoft pop-up.

Are you still getting it and if so please post the full text of the warning (or post a screenshot of it) ?

avast’s VPS updates are automatic and once one has been done you will be notified of it. I don’t allow auto update (on dial-up) so my Program Settings, Update (Basic) is set to Ask, if one is available it will be notified by a small alert box at the bottom right of the screen that an update is available.

You can also do a manual check/update, right click the avast icon, Updating, iAVS Update, that will either download any available update or tell you you are up to date.

18

I do keep getting a pop up from avsystemcare.com which warns me that I am not protected from virus’

This comes upas a blue box by the clock, it is quite big, when I click close it opens into a full window, i click cancel and tries to download so I click the close button and it disappears!

thats the one that keeps poppingup today, but not sure if it coming in as I am on sites that deal with this kind of thing.

Donna

19

Do you mean no one detected? Yes, it’s a good thing, the file is clean.

Into HijackThis you can check that item and right click it to choose the delete option.

20

Try this tool, RogueRemover, available here http://www.malwarebytes.org/rogueremover.php