Malware turns antivirus off redux?

By sailinfool
Aug 27, 2010
Post New Reply
  1. I lurked on the thread below and followed all steps with some success, but avast still gets turned off on reboot.

    Please review my info below and recommend next steps.

    thanks, allan

    Compaq Presario with XP Home SP3 installed


    1. Grandma's computer, with expired antivirus for over a year allowed major infestation.

    2. Reinstalled XP home and upgraded to SP3 on new partition C but unfortunately left D partition presario_RP alone.

    3. Reinstalled Avast from scratch, but on reboots, get turned off. scan is clean and boot-time scan found nothing.

    4. Ran malwarebytes and found nothing

    5. Ran and found nothing

    6. Ran exehelper with no results

    7. Ran combofix with the results noted below. I noticed the autorun.inf deletion and thought I found the culprit, but still have the problem.

    8. Ran eset NOD32 and found nothing.

    9. Installed zonealarm to monitor things until we get to the bottom of this.

  2. Broni

    Broni Malware Annihilator Posts: 54,256   +383

    Welcome aboard [​IMG]

    Now, some spanking...
    See here: Do not run Combofix without our guidance
    I'm removing Combofix log.

    I don't see, how your computer could be infected right after fresh installation.

    I'll ask mods to move this topic to XP forum
  3. sailinfool

    sailinfool TS Rookie Topic Starter

    System Update

    Spanking accepted.... "Thank you sir, may I have another"

    Perused the sticky threads *after* wading into the mud....

    After a reboot, Avast temporarily shows disabled, then recovers and seems fine.

    Figured that the recovery partition still had malware, which now seems to be cleaned, thanks to combofix removal of the offending file.

    Impressed with the quality of this forum.

    Thanks Broni,

  4. Broni

    Broni Malware Annihilator Posts: 54,256   +383

    You're welcome, but...
    Recovery partition can't be infected, because it's "read-only".
    Most likely, you just needed to reboot.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...