Hi guys! I have some problems with my Avast. I’ve downloaded Avast Free 2015.10.2.2218 and the setup went well,but then it says that I’m not protected. If I click Start now or Resolve all,nothing happens. I also tried with other antivirus,to see where is the problem,and the same thing happens,I can’t enable real time protection. Moreover,I have a program which has that shield, which means that only administrators can access it,and it won’t open,although I am administrator(this is the only account on the laptop and it has admin rights).
I’ve read others topics here with the same issue,tried uninstalling and reinstalling several times,but nothing changed. The only security/cleaning tool I have is CCleaner.
Do you have any ideas? Thanks in advance!
- What windows operating system do you have? What version of Service Pack has it got?
- What is your previous antivirus software? Did you run it’s uninstaller utility/removal tool after uninstalling it via add/remove?
- What firewall do you have?
- Did you try a repair of avast via add/remove?
I am administrator(this is the only account on the laptop and it has admin rights).That is not true. What you have is a user account with admin rights. There is also the true administrator account.
Since you also tried other av’s, you have a messed up system.
They all need to be removed before trying to install avast again.
What application do you mean with “which has that shield” ?
- Windows 7/ 64 bit
- Avira. Yes,uninstalled it,now the only AV installed is Avast.
- Hmm,don’t know exactly what to answer here. I have Windows Firewall,which is enabled for both home and public networks.
- Yes,I have,nothing changed.
This is my personal laptop,at home,and when I installed the OS,this is the only account I created. Shouldn’t I be the admin?
I did remove all the AV and nothing changed.
That application was Anti Malware,I installed it to scan,I thought there may be a malware which causes all this trouble. I was able to run it only in safe mode. Now I uninstalled it,but Avast still won’t work.
You need to use the Avira uninstaller utility/removal tool and run it in safe mode. Link is here http://www.avira.com/en/downloads#tools download the Avira Registry Cleaner.
Before you do the above, I want you to uninstall avast via add/remove and follow the instructions. After that, download the Avast uninstall utility from here https://www.avast.com/en-nz/uninstall-utility run it. It will say to you that this tool will automatically run your computer in safe mode, click yes and follow the instructions.
After that manually run your computer in safe mode and run the Avira Registry Cleaner and follow the instructions. After that download a fresh clean copy of avast and follow the instructions. After installation it will run a quick start up scan. After scan finishes, manually restart your computer and register your copy of avast.
Note: You mentioned you removed all antivirus? How many antivirus did you use prior to Avast? One is Avira! Any other antivirus? Prior to installing Avast, make sure you first use the Avira removal tool and other removal tool for other antivirus you have used?
Done everything you said,still same problem.
You might have malware or some other issues. Attach logs as mentioned here https://forum.avast.com/index.php?topic=53253.0 and once you have attached the logs I will ask an expert to help you out.
That is what I had in mind too
The four logs mentioned in the post.
Note: I ran Anti Malware in Safe Mode,that’s the only way I could open it.
Hi you have a new piece of malware just a day or so old, it uses mainly open source software, I would like to either take a copy of the files or ask you to upload them to Avast when we are done
If when you run this fix you get a blue screen of death then restart the computer in safe mode with networking and run the fix from there, the malware service sometimes gets uppity if I try to kill it in normal mode
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: R2 VSSS; C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [99717824 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION S3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] 2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\MAUAU2MK.exe 2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\AUIYMAUU.exe 2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6M6YEYI2.exe 2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\6KAUM2M2.exe 2015-06-29 12:41 - 2015-06-29 12:41 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCC.exe 2015-06-29 11:58 - 2015-06-29 11:58 - 01415680 _____ (wj32) C:\Program Files\UAUIYI2K.exe 2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\K4GWO4OC.exe 2015-06-28 17:00 - 2015-06-28 17:00 - 01415680 _____ (wj32) C:\Program Files\0K0S8WCG.exe 2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\IHO8ZEEE.exe 2015-06-28 16:54 - 2015-06-28 16:54 - 01415680 _____ (wj32) C:\Program Files\GVEDKK4T.exe 2015-06-28 15:48 - 2015-06-28 15:48 - 01415680 _____ (wj32) C:\Program Files\5L1H5D15.exe 2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\K6UE2I6K.exe 2015-06-28 14:48 - 2015-06-28 14:48 - 01415680 _____ (wj32) C:\Program Files\5P9TL1T9.exe 2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe 2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\VJZN7BVV.exe 2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\L5TDTHP9.exe 2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\FZFZBVFJ.exe 2015-06-28 12:32 - 2015-06-28 12:32 - 01415680 _____ (wj32) C:\Program Files\6UEYMY2K.exe 2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\G4O4SG04.exe 2015-06-28 00:26 - 2015-06-28 00:26 - 01415680 _____ (wj32) C:\Program Files\FR7V3RFZ.exe 2015-06-27 19:17 - 2015-06-27 19:17 - 01415680 _____ (wj32) C:\Program Files\VJZJBRJZ.exe 2015-06-27 13:52 - 2015-06-27 13:52 - 01415680 _____ (wj32) C:\Program Files\G0O4SCCC.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\ZJ3NR7RZ.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\WGOC0O8S.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\P9T5XL5H.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\N7NFVJ37.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\F3FZN7RF.exe 2015-06-27 00:32 - 2015-06-27 00:32 - 01415680 _____ (wj32) C:\Program Files\0OCSG0KO.exe 2015-06-26 13:51 - 2015-06-26 13:51 - 01415680 _____ (wj32) C:\Program Files\WGK4O8WG.exe 2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\N3N7F3R7.exe 2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\K2IAKE2M.exe 2015-06-25 20:01 - 2015-06-25 20:01 - 01415680 _____ (wj32) C:\Program Files\7N7VBVFJ.exe 2015-06-24 19:36 - 2015-06-24 19:36 - 01415680 _____ (wj32) C:\Program Files\AKAUE2IM.exe 2015-06-24 12:30 - 2015-06-24 12:30 - 01415680 _____ (wj32) C:\Program Files\P5LDTHX1.exe 2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\JZJBRJZJ.exe 2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\CSC4K4KO.exe 2015-06-23 19:04 - 2015-06-23 19:04 - 01415680 _____ (wj32) C:\Program Files\AKEUAUEI.exe 2015-06-23 12:36 - 2015-06-23 12:36 - 01415680 _____ (wj32) C:\Program Files\1H9PD1LP.exe 2015-06-23 12:35 - 2015-06-23 12:35 - 01415680 _____ (wj32) C:\Program Files\M2MEUEUY.exe 2010-11-21 06:24 - 2010-11-21 06:24 - 72990720 ___SH () C:\ProgramData\msouafor.exe C:\Users\Flaviu\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe C:\Program Files\kprocesshacker.sys Tcpip\Parameters: [DhcpNameServer] 78.96.7.88 192.168.0.1 Tcpip\..\Interfaces\{8B51EB5B-ACE4-44D4-8284-63EA06051247}: [DhcpNameServer] 78.96.7.88 192.168.0.1 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Little mistake in that fixlist.
2015-06-28 14:00 - 2015-06-28 14:01 - 15199032 _____ C:\Users\Flaviu\Downloads\gu5setup.exe
That is the setup for Glary Utilities.
Aye just emptying the downloads as I do not know what the dropper was and the time frames are very close
This is the fixlog
I see you had to run in safe mode… But, it looks to be gone, Avast and MBAM should now run in normal mode
How is the computer ?
Also could you zip the folder C:\FRST and upload to a file sharing site like Mediafire for me to collect https://www.mediafire.com/
Yes,MBAM finally runs in normal mode. As for Avast,it still says that I’m unprotected.
PS:I’ll send the archive in 20 minutes,it’s uploading.
OK I have noticed that this does damage most antivirus programmes so a repair may be in order. If you could try that and let me know
Repair what? Avast,from add/remove?
Yes using add/remove (programs and features) repair Avast
I repaired it and IT WORKS!
Thanks a lot! Respect!