Troubles with avast virus recognition

Status
Not open for further replies.
C

ClownKiller

Posts: 16   +0
Hi to everyone, I have problems with avast recognizing the following files as viruses and i think that they are a part of the system files :S

C:\windows\system32\elgswrqt.dll
C:\windows\system32\tuVIIkjj.dll
C:\windows\system32\tvyfabkn.dll

Im always getting a message that a virus was found but i can't delete them. When i did remove them somehow then on restart im getting a windows error message that this files are missing and that windows cannot load some of them.

Im using Win Vista Ultimate x86 fully updated as well as avast pro latest edition.

Enyone have some solutions?
 
Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Very Important do you live in Croatia?
Is this your Internet service provider -> Croatian Telecom Inc

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:

Not a lot of good free choices for vista yet, but this is what I use:
Comodo

Install Comodo right away

----------------------------------------------------------------------------------------------
Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update Tab at the top of the Java console
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java
------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
-------------------------------------------------------------------------------------------

Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • Type "1" (and Enter) to start the fix.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt


Attach for me:
1)MBAM log
2)Combofix log
3) New Hijackthis after the other 2 runs
 
You are being of great help.

This is what is going on so far

Java 6-5 installed / 5-3 unninstalled

Comodo firewall pro 3.0 installed

MBAW installed scann in progress....


update and logs will i add to this post.

p.s. for now i still getting a fake messages that my pc is infected and to dowload antimalware software (popups and so on)

and what should i do with avast? to let it be my antivirus protection?
 
Let the scans run, they should sort out most of the problems. Just remember to make sure that Malwarebytes removes what it finds.
 
Ok let us see what i have done :X

Java ......fixed
Comodo.......fixed (give's me a headache with lots of aprovall to files i dont know what they are :X tons of them)
MBAW......fixed
ComboFix.........fixed
HijackThis (again).......fixed

here are the logs

what to do with avast?

p.s. i have lost internet connection when doing all this and had to reset everything from router and net connections :X
 
Blind Dragon said:
Be sure that everything is checked, and click Remove Selected.
Click to expand...

Your going to need to run MBAM again.

Also you appear to have both AVG and Avast! running? Not a good idea, this does not increase security but actually diminishes it, uninstall one.
 
that's a good point but i did unninstall AVG prior to instalation of avast and i have no idea where is there still running procesess of AVG :S
 
It's seems to me that everything is ok now. To be sure a did run MBAM again in depth scan and it didn't find anything.

Thanks a lot for the tips on how to get rid of that **** from my PC.

If you have some other useful hints to prevent this things happening in future im all ears =)

Blind Greetz
 
Check for Java updates periodically, and always have a firewall active.

Can you please run the following scan to see if it finds everything. And we still need to secure all the work you have done so far, that means clearing your restore points and clearing all quarantined items

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
Ok, im doing that with Kaspersky right now, but why so many tools to get this thing to the end? Another thing, it's a dumb question probably but it seems that my avast icon dissapeard from sys tray and i can't get it back nor in preferences of avast itself nor under taskbar properties :S But the program itself is running wich can be seen in tskmngr.
 
From your logs it appears that AVG Free is set to run a startup, and the resident protection is active.

Avast is not, however in the services section it is still active.

Which Anti-virus do you want to use and I will advise how to disable/enable to fit what you want
 
at the moment i have unninstal avast aswell as AVG and i thin i will go with avast as it seems to be a better choice. Just to run Kaspersky online and afterwards i will install avast again.

NOTE:

tell me about Comodo.....i have under proactive defense saying over 300 files marked as waiting for your review. WTF should i do with them? under few options im always choosing remove from list but it seems that they are comming back from time to time :S
 
Here is a log of Kaspersky scan, he found some of this but half of them are not harmful cause im using them quite a long time.

Im waiting for your reply Blind so i wont touch anything on Kaspersky report (delete or anything) so long i dont hear from you with suggestion to what to do. =)
 
Comodo will get better as it learns your habits, eventually you wont hardly know its there.

Before we proceed:

Download the diagnostic tool MGADiag and save it to your desktop.

* Double-click on MGADiag.exe.
* Click Run and Run again.
* Click Continue, then Copy.
* Next open Notepad, in the empty pane right click and select Paste. Save the file to your desktop so that you can attach it here
 
Puf, puf.....here you are. This one too. I don't see an importance of this log except if you wish to see if its genuine....well.....it is =)

Now what? I hope I wont have to do another logs :X
 

Attachments

  • MGADT-log.txt
    3.2 KB · Views: 5
There are some shady files in your logs, better for me to check than to assume anything. Especially with removing what I am fixing to tell you to remove.

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Folder::
D:\PROGRAMI\DivX Professional v6.2.5 Full.rar
D:\PROGRAMI\mirc6.21.rar
D:\PROGRAMI\RealVNC.Enterprise.v4.2.8.rar
D:\PROGRAMI\XP activation.rar
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
 
The files you have quoted, i know for them and im 1000% sure that they are not harmful in no way couse there are keygens in the .rar files and as you do know some keygens AV softwares marks as viruses and other stuff but these are not. Im using them a fair amount of time and they are ok.

Anything else to watch for, beside this?
 
Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

* When finished exit out of OTMoveIt2

---------------------------------------------------------------------------
I recommend you keep
1 anti virus program
1 firewall
Combo of Anti-Spyware (Spybot S&D and MBAM, or your choice)

For Spybot you can download the latest version from HERE.

keep them updated.

You can also turn on tea timer in Spybot:
  • Click on Mode at the top and make sure that Advanced is checked
  • Expand the Tools tab in the left pane
  • Single click on the Resident Icon also in the left pane
  • check Resident "TeaTimer" (Protection of over-all system settings) Active
  • Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

And just to be sure
Set correct settings for files
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please check Hide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

clear system restore points

  • This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.
 
OK, all cleaned. Is it ok if i keep Comodo firewall and avast in combination? no other apz for security needed? Don't want to pile up tons of them to suck whole mem from pc lool =)

p.s. it wouldn't happend none of this if it was me at the time of infection behinde pc, but was mine kids :X looking all sorts of cartoons etc on net.....
 
Comodo and avast are fine together, but you really should keep some antispyware on there. If you want to keep MBAM or get Superantispyware, they don't run constantly unless you tell them to, so only eat resources when you scan with them.
 
I have left MBAM aswell as i see it's a good stuff ap.

Blind, thanks alot for all the help provided and your time.

This topic is ready to be locked. Problem solved.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
M
Virus warning popup
Replies
1
Views
538
Mark Fuller
M
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back