Computer Support Forum

Avast Web Shield threat detected

Question: Avast Web Shield threat detected

Every time I open firefox, a window or tab I get a frightfully well spoken lady telling me a threat has been detected. I've run malwarebytes (4 PUP detected and removed) and scanned with Avast (no problems detected). Only intrusion found recently is homepage hijacked by search engine which is OutBrowse sp4 but can't find it in programs (control Panel) to remove it. Any ideas pls?

Relevance 100%
Preferred Solution: Avast Web Shield threat detected

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Avast Web Shield threat detected

Take a read here - there is a LINK to download AdwCleaner which should be able to remove it.
outbrowse removal guide

2 more replies
Relevance 83.64%

AVG Resident Shield has popped up several times on my home PC to announce it had detected a "Multiple Threat" with the name Trojan Horse Downloader.Agent2.BIL. The file named was C:\\WINDOWS\system32\userinit.exe and multiple instances were logged for various applications.

I note that Yeti49 had the same problem and extremeboy provided a repair strategy.

I have followed the same instructions and have run combofix. Since, there does not appear to be any further AVG alerts. Please find attached the log report of which, I would be very grateful if someone could inspect and advise if further issues are evident.

Many thanks

Answer:AVG Resident Shield popped up on my PC to announce it had detected a "Multiple Threat

Hello and Welcome.

A Reminder....

As seen in Post #2 of our sticky topic 'NEW INSTRUCTIONS Read this Before Posting For Malware Removal Help'

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix




---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Relevance 83.23%

Ok so when I run avast full scan it detects 3 threats, but i think they are important files. When i deleted them through avast my system would not work properly anymore. So i restored my computer to an earlier date and now the problem is back. I have a picture of what avast reports in the link below.http://gyazo.com/87e4c2b7e16b2990e4...Also....this happens when i try to quarantine the threatshttp://gyazo.com/275e45feb77a6d8f8f...

Answer:Avast! has detected a threat PLS help

"When i deleted them through avast my system would not work properly anymore"Update Avast again & run, it may have been their problem.If it still finds them, delete again & then run SFC.Refer here.http://answers.yahoo.com/question/i...How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7http://support.microsoft.com/kb/929833

2 more replies
Relevance 80.77%

Hello,
I am using a Dell Studio laptop with windows 7 (32 bit) installed. Recently I just plugged in one of my friend's virus infected USB drive. I have been asked to format the USB drive. Then, even after formatting the USB drive, the AVAST anti virus in my computer continuously alters with a message saying "threat has been detected"

Even after unplugging that infected USB drive, and plugging my own USB drive, it continuously alerts with the same. The following is the message shown by AVAST.



I just want to know whether my whole laptop is got virus infected. It would be a great help if any expert can help me on this issue. Thank you.

Answer:AVAST continuously alerts LNK:Runner threat has been detected

Hi and welcome to Sevenforums!

I would run a boot-time scan with Avast first.

If possible, boot into Safe mode with Networking (Follow Option Two and be sure to check the box for Networking)
Safe Mode

(Run one or the other, they are the same sort of program)
Run aswMBR http://www.bleepingcomputer.com/download/aswmbr/ or TDSS Killer http://usa.kaspersky.com/downloads/TDSSKiller

Also run Malwarebytes and see if that combination is sufficient enough to remove the threat.

5 more replies
Relevance 80.77%

Hello,
 
Let me start off by saying I am new to this forum (first post) and not technologically inclined AT ALL, but my new years resolution was to immerse myself in things that I do not fully understand so here I am
 
Alright... so my computer has been moving mega slow (start-up is slow, freezing when watching things online) so I initially ran a complete system scan using my free Avast Antivirus software, and sure enough threats were detected. I was prompted to run a 'boot-time scan' which is currently under way (i'm using my netbook to write this). I have been writing down some of the infections coming up and researching them for more details, and this forum is where I have ended up.
 
Some if the infections that are coming up are as follows:
 
     -WIN32:PUP's (oneclickdown-A/searchprotect-A/installer-K)
     -DLL error 42127 (CAB archive is corrupted)
     -CAB error 42144 (OLE archive is corrupted)
     -NSIS:oneclick-D [pup]
 
I would like assistance understanding ...
 
     -what these infections are??
     -How do I determine whether to repair vs. delete ??
 
 

Answer:Threat's detected using Avast free antivirus software

Hello, the 2 PUPs(Potentially Unwanted Programs) can go.
 
These we need to know your Operating System an the full path to them.
 
  -DLL error 42127 (CAB archive is corrupted)
     -CAB error 42144 (OLE archive is corrupted)
 
Example:
 C:\WINDOWS\Temp\_avast_\unp37475553.tmp|>wm10l\wmp.dll Error 42127 {CAB archive is corrupted.}
 

1 more replies
Relevance 80.77%

I keep getting a popup that says a "Malware Blocked" or avast!Webshield has blocked a harmful webpage or url .The alert gives me a URL address and if I click on "show details" it takes me to a website to upgrade my avast antivirus,which also show a very confusing url. This popup has been very annoying and will keep popping up when I'm browsing. Have been using the malwarebytes anti-malware but couldn't clean them up. It's very frustrating. Can you please help me with this problem?
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.51.2
Run by ASUS A43S at 12:44:53 on 2014-07-07
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.62.1033.18.4073.2074 [GMT 7:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System... Read more

Answer:Avast keeps notifying "Malware Blocked" "A threat has been detected"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540139 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

6 more replies
Relevance 80.77%

I keep getting a popup that says a "Malware Blocked" a threat has been detected. I have ran malwarebytes anti-malware but it comes back clean. The alert gives me a URL address but if I click on anything it takes me to a website to upgrade my avast antivirus. Can you please help me with this?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Darrin at 21:13:48 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1433 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil... Read more

Answer:Avast prompt "Malware Blocked" or "Threat Detected"

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

26 more replies
Relevance 80.77%

Hey,

I was running two 3D games. One was in STEAM and it crash 2x in the same general area of a mission. The other was a browser based game using Unity that failed to load in IE.

Avast! gave me this warning during a scan being done by MalwareBytes:

Threat detected A0052585.dll

It's been awhile since I've dealt with an infection on my home machines.

Hijackthis log

StartupList report, 1/6/2013, 10:56:21 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\avastUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

-------... Read more

More replies
Relevance 79.54%

[Edit] Apologies for spelling mistake in my post title. I don't think I can edit that...
 
Windows 7 Home Premium Service Pack 1, Automatic Updates (so I presume the system is up to date) running Avast Free antivirus (fully updated with latest definitions)
 
Hello - I hope someone might be able to help me. Several weeks ago I downloaded and installed what I thought was a legitimate program for driving a new digital microscope that I use for my work. I'm usually a very cautious browser, and only download from legitimate sites, but this time it looks like I goofed. The installer made the usual offers of adware, which I declined, but then went ahead and installed a bunch anyway. The immediate symptoms were attempted browser hijacks (some successful, some blocked by Avast). I cleaned up what I could manually (including uninstalling the digital microscope program), but there was at least one adware program that would not fully uninstall through add/remove programs. Over the next week or so I looked up what to do about it, and eventually ran through the malware removal guide listed here: https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/. The tools found a bunch of things (all apparently adware, nothing nasty) and removed them. After three cycles through the malware tools, everything was coming up clean (no reported threats/infections).
 
However, since that time, I get periodic Avast "threat detected" warnings (thi... Read more

Answer:Frequent Avast "Threat Detected" Warnings - No Infectionions Found

Follow up: I can now add RogueKiller to the list of programs run that report an apparently clean system.
 
Avast threat detections continue - a partial list is:
 
alwaysisobar.com/4141/TroubleFix_142669690001746.dll
simplesitescan.net/4141/LibraryProc_142667285206710.dll
bestdriverstar.net/4141/CutterGeneration_142669028246641.dll
anythicago.com/4141/CutterSystem_142669222915982.dll
simplesitescan.net/4141/CutterGeneration_142669028215736.dll
alwaysisobar.com/4141/SystemInclude_142652930467594.dll
opticguardzip.net/4141/RelayTurbo_142668814316255.dll
simplesitescan.net/4141/SystemVisual_142669159151878.dll
simplesitescan.net/4141/TrimModule_142669092997470.dll
alwaysisobar.com/4141/afterguard_142667076317268.dll

16 more replies
Relevance 79.54%

I have Avast! Running automatic scans once a day and am having a couple of issues:
 About once a week I will get a “Threat Detected” pop-up window post-scan, but when I click on the “Show Results” button it does not work, and when I look at the “Scan History” button and look at the scan it always shows “No Virus Found”.  This pretty much sums it up:
https://feedback.avast.com/responses/threat-detected-during-scan-log-shows-no-virus-found
After each daily automatic scan Avast! Opens a pop-up window showing that the scan was run, even though I have turned off having the pop-up window (when nothing is found) via the Avast! Settings.
 
This problem occurs on a Dell XPS 8500 desktop running Windows 7.
 

Answer:Threat Detected during Avast! scan, log shows no virus found

More feedback reports here.Quick scan results window says threat detected but Show Results and logs says no virus foundshow results not workingThis has occurred and been reported previously at the avast forums...Disappearing Reappearing "Threat found!" note in Internet Security"Threat detected" but no threat?Quick scan Threat detected errorThey usually say the fix will come in the next version...see here.

3 more replies
Relevance 79.54%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 3943 Mb
Graphics Card: Intel(R) HD Graphics Family, 1843 Mb
Hard Drives: C: Total - 465583 MB, Free - 377606 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: avast! Antivirus, Updated and Enabled

Very unwieldy, have to tease it and mess with it to get it to open a webpage. Hangs up, freezes. Zoom comes on by itself and sticks and runs the view down to 10%, takes awhile and some trouble to get it unstuck.
 

More replies
Relevance 78.72%

Hello - I have posted a new topic here after my posting in 'Am I Infected' could not be resolved (see http://www.bleepingcomputer.com/forums/t/579994/frequent-avast-threat-detected-warnings-no-infectionions-found/)
I am running Windows 7 Home Premium (Service Pack 1), fully updated. Several weeks ago I downloaded and installed software that resulted in some adware infections (some introduced by the installer despite opting out). The immediate symptoms were attempted browser hijacks (some successful, some blocked by Avast). I cleaned up what I could manually (including uninstalling the original download), but one - Cinem Plus 2.4cV26.05 - could not be removed using 'add/remove' programs. I eventually ran through the malware removal guide listed here: https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/. The tools found a bunch of things (all apparently adware, nothing nasty) and removed them (including Cinem Plus). After three cycles through the malware tools, everything was coming up clean (no reported threats/infections). Hitman Pro flagged one .exe file as suspicious. That .exe file is in my downloads folder, and as it turns out is part of the installer package for the original downloaded software that I believe started this whole problem in the first place (which I still have in my 'Downloads' folder if it needs to be inspected). However, Hitman Pro did not find any threats, and all other malware tools now come up clean.
Ho... Read more

Answer:Frequent Avast "Threat Detected" Warnings But Malware Tools Find Nothing

 
Quote from MidnightShadow (Messenger conversation - reposted here)
 
Dancing_Bear,
I am new, so unable to reply to the thread. Anyhow, this feels very familiar.
If any of these symptoms exist:
- Several instances of dllhost.exe are running
- A random blank window pops up. Window title starts with: javascript:\..\mshtml,RunHTMLApplication ";eval . . .
- MBAM produces constant warnings that a malicious dllhost.exe is attempting to connect to a malicious website
- Null registry data may reside in HKEY_CURRENT_USER\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
- Nnull registry data may reside in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Most anti-malware software and removal tools find no malware infections to remove
- Event viewer throws a DCOM error to CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
- Internet Explorer Security Zones keep changing on their own
- Internet Explorer Protected Mode cannot be enabled
- Internet Explorer cannot download files
Then you may have a Poweliks infection. You can clear it up one of a few ways.
1- (Easiest and fastest) Automated solution -
MBAM: Download and run MBAR (Malware Bytes Anti Rootkit), which should remove the infection and any related registry keys.
Symantec:
- Download and run the appropriate tool for the architecture of the computer you're on (gslink.us/symantecpoweliks64 or (gslink.us/symantecpoweliks32)
- Download RegDelNull from https://technet.m... Read more

12 more replies
Relevance 67.65%

I am having a problem in my sister's laptop. She does have antivirus installed (AVG Internet Security). However, its license expired, so I downgraded it to free version. After, downgrading it, I installed Avast! as it's antivirus and decided to uninstall AVG. Then, a few minutes ago after rebooting the laptop, a window opened saying that Trojan is infecting my computer, I heal it.. Then, another pops out. Heal and heal and heal..

After doing it, I rebooted the laptop thinking that it will refresh the system. Unfortunately, after rebooting, I cannot connect to Internet now. :cry :cry :cry Help me please? I already performed the Malware removing however, it did not help the laptop. I attached the files you asked me.. Please, help please? Thank you!
 

Answer:Avast error code 10050/No internet connection/Cannot start web shield in Avast

Welcome to Major Geeks!

Please attach the below log from Malwarebytes as requested:
Code:

"C:\Users\MSI\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Oct 23 2012 11802 "mbam-log-2012-10-23 (21-32-26).txt"

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=29053&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com?si=29053&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=29053&home=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R1... Read more

1 more replies
Relevance 67.65%

End webcam spying ? for good ? with Webcam Shield and Avast Premier

Essentially, with Webcam Shield you have total control over what (and who!) uses your camera. This means you can now force any app to ask your permission before it can access your webcam.

Simply put, Webcam Shield promises to:
Protect Privacy
Give you total control over your webcam
Help prevent blackmail
With webcams now embedded in so many devices, it?s never been more important to protect yourself and your family from prying eyes and those with unknown motives.

& +

Automatically fix and update over 127,000 drivers for peak PC performance
Less crashing Faster browsing Better graphics Richer audio Fewer device problems

Print, scan, import files. Play crystal clear videos and make crackle-free voice calls. Avast Driver Updater auto-scans and updates your drivers to reduce and prevent problems with:

Printers and scanners, Photo and video cameras, Headphones and speakers, Mouse and keyboards, Monitors and Wifi routers, and other external devices.

MORE : Avast Driver Updater & Scanner | For Peak PC Performance
 

Answer:Avast have new tools: Webcam Shield feature & Avast Driver Updater.

Windows has webcam shield built-in. It works great!
 

0 more replies
Relevance 66.42%

Hello guys, I am new here. I'm starting to think my PC is infected, although it shows no solid signs that it is. Here's what led me to think so.
 
Yesterday, my brother brought a flashdrive and asked me if I could type a document for him and copy that to the drive. I inserted the drive in to my USB port (I had already disabled Autorun using Microsoft TweakUI and was also using Ninja Pen disk), and the drive did not autorun. I decided to scan it using Avira AntiVir Free Edition anyway, although my brother said it was clean, and Avira showed two threats - one was a trojan TR/Autoit.CI.14, as a file named New folder .exe (with a space after 'folder'), and the other was an INF virus INF/AutoRun.lj.7. Avira removed them both and I formatted the pendrive. The thing is, I was checking the Avira Report log this morning and it shows that there were three threats in the pendrive (the above mentioned two, plus another Trojan TR/Spy.Ardamax.J), which is also contained in the file New folder .exe! The report also showed something like Archive type: AutoIt --> svchost.exe, I have no idea what it is. When Avira began disinfection, the Ardamax trojan was logged as TR/Autoit.CI.14. Ardamax is a keylogger, isn't it?
 
My PC has about 8 svchost.exe running (5 SYSTEM, 2 NETWORK and 1 LOCAL). I downloaded Process Explorer to check the services associated with the svchost files and as soon as I exited the program, my computer displayed a "c000021a FATAL ERROR" BSOD. I should also note... Read more

Answer:Antivirus detected threat and disinfected threat are different?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

6 more replies
Relevance 61.91%

Hi,

I recently formatted my hdd and reinstalled Windows XP Pro on my PC. Everything seemed ok until i installed AVG Anti-virus Free ver. 8.0.237 software. After that, AVG started to detect infected files. While some of them seemed like genuine infection, some didn't. Some threats reported were trojans but most of them were reported as "Virus found Win32/Heur". I know this is due to the heuristic scanning and could be fake alarms but i was not sure. To save trouble and since i had not installed too many software, i decided to reformat the hdd and reinstall WinXP again.

This time i was careful and made sure that after settling with the service packs, i installed AVG before any other apps to ensure any threats would be detected early. Everytime i installed a new app, i would scan my hdd to make sure no new threat appeared. Then suddenly, AVG's Resident Shield alert started popping up its alert window with multiple threat warnings. All were "Win32/Heur" and this seemed to have affected a lot of system files in C:\Windows\ directory. Trying to heal these infections were not successful as they would reappear again and again. As i remember correctly, the most recent apps installed were Mozila Firefox, Ad-Aware and WinRAR. I tried to do a system restore but i noticed many of the earlier restore points were gone. Trying to restore to some of the restore points available failed.

Well, i know that i can always repeat what i did i.e. reformat and... Read more

Answer:AVG's Resident Shield alert "Multiple threat detection"

It looks like you may be saving a very nasty file infector and reloading it after a format

The other candidates are you are not deleting the system partition before a format(unlikely infection tho)

Maybe an infected router that's redirecting your dns

When you reload are you sure your usb flash and external drives are clean?

3 more replies
Relevance 61.91%

Hiya Guys

I keep getting a couple of AVG Resident Shield alerts that I don't understand.

They say "Multiple threat detection
File name – C:\Program Files\BitDownload\player.dll
Threat name – Multiple runtime compression aspack.nupx
Detected on open.

Process name C:\Windows\System32\svchost.exe
Process ID 988"

Any ideas would be much appreciated - .

Thanks in anticipation
Gilli
here is my Hjt file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:15, on 05/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\Arc... Read more

More replies
Relevance 61.91%

Hi Guys Just a quick question everytime I go to do anything on my laptop this thing keeps popping up satin resident shield alert multiple threat detection, gives me 3 options . Remove selection infections, remove unhealed infection, close !!

I just keep pressing close but it keeps popping up! Is that a virus???

I would really appreciate any help whatsoever

Thanks a lot

Answer:resident shield alert multiple threat detection

This is a 'balloon' notification from AVG. To correct this, open the AVG control panel and select 'Tools' and then 'Advanced settings'. Under the 'Appearance' settings you will see a box for 'Balloon tray notifications'. Uncheck this box and then 'Apply'. Return to 'Overview', double-click on 'Resident Shield', and select 'Remove all threats automatically'. You can now choose whether or not you want AVG to scan for and remove 'Tracking cookies'.

To answer your original question, it is AVG probably detecting a 'Tracking cookie' and asking you what to do. Having the 'Resident Shield' remove all threats automatically will remedy this.

1 more replies
Relevance 59.04%
Question: Avast threat alert

Avast has started blocking files in my drafts folder detecting them as threats. The script shield log has twenty-five infected entries, twenty of them are the same (saved) email file I've tried to access in my draft folder.

"GFX HasherVerification[1].htm"
 

Answer:Avast threat alert

Howmanator said:





Avast has started blocking files in my drafts folder detecting them as threats. The script shield log has twenty-five infected entries, twenty of them are the same (saved) email file I've tried to access in my draft folder.

"GFX HasherVerification[1].htm"Click to expand...

Can you right click on the actual files in the quarantine folder and tell Avast these are false positives and to allow them? When Avast flags files do you have an option to not block the files you want?

I'm running Comodo Internet Security Premium (also freeware) and when it detects what it "thinks" is malware/infected a notification comes up in the lower right of my screen with choices to either allow or treat as allowed. Under the Quarantine heading in the dashboard if I've inadvertently selected "Clean" when a notice comes up, I can choose "Restore" and then I'll be asked if I want to restore the file and add it to my exclusions list. It also submits those files to a cloud database for exclusion/addition as false positive.

In fact, I'm running the entire gamut of Comodo software ? Internet Security, Program Manager and System Cleaner. I like the entire package and Comodo AV received top marks.
 

1 more replies
Relevance 59.04%

Please, please help. I have been telling my dad how brilliant this website and forum is, everyone is so knowledgable is - its fantastic! I was reading a couple of threads regarding anti-virus programms etc and what you rate etc. My dad is running ME and has got just the AVG running, however, i told him about another rated programme called 'Avast'. When my dad installed this avast onto the pc, after recieving an email from them with the license key - AVG Resident Shield box immediately appeared, saying the following' While opening file: C:/WINDOWS\SYSTEM\HHCTRL.OCX' infected with a virus etc,,,,, It would not let me then use any of the options to get rid of the virus! Real direstraits here - my dad is'nt talking to me now, please could someone advise me on how to irradicate this thing! PS when trying to heal etc it says that the file is denied! Therefore we are unable to tackle it! Have tried to uninstall avast - did successfully, will not let me get rid of the files left within the programme files - as it says that they are still in use???Please, please would somebody help, many, many thanks in advance!!!

Answer:VIRUS THREAT FROM AVG - Avast!!!!!!

HHCtrl.ocx is a Windows file to do with HTML help control click hereYour problem was installing one AV product whilst another was running. ME has System Restore. Use this to go back before you installed Avast. Then delete AVG and only then install Avast.

10 more replies
Relevance 59.04%

During the time I've been a forum member I've read many posts saying that Avast and MSE work well together. I've used MSE ever since it came out last year and I'm currently running the 2.0 beta. Yesterday I installed Avast 5.0 (free) and so far I haven't had any compatibility issues nor have I noticed any system slow downs. I decided to test both products and they're each using their respective default settings just to make it a fair evaluation.

I've deliberately visited sites with known viruses as well as running the Eicar test files. In every instance, MSE has alerted me to a potential threat while Avast has remained silent. The only time Avast alerts me is if I've turned off real time scanning in MSE.

Why don't I get any alerts from Avast when MSE is enabled? Shouldn't they both alert me? If not, why not? Thanks for any input.

Answer:Avast + MSE Threat Alerts

The only thing I can think of is the potential threat you got was a false positive threat.
Run MBAM as see what you get! IMO

9 more replies
Relevance 59.04%

I did a stupid thing yesterday. I downloaded an icon pack APK file on my computer to upload to my mobile. Anyway, the thing is, when I double clicked on it, BlueStacks (Android Emulator) opened up, and Avast started giving me lots of warnings about BlueStacks accessing Trojan URLs (it blocked them of course).
 
Now, the thing is: I scanned the APK file both in Malware Bytes Anti Malware and Avast (and even Malware Bytes Anti Rootkit), and it showed no virus or malware found. But when I try to attach the the same APK file as a Gmail attachment (which I read on the net detects viruses, which is why I tried it), Gmail gives me a "Virus found" error.
 
So, my question is how come such reliable antivirus / anti-malware programs like MBAM and Avast didn't detect the virus but Gmail did? And more importantly, (though I have deleted the APK file in question from my computer) is my computer safe? Or has a rootkit / trojan been installed?

Answer:Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

Upload file in question here: https://www.virustotal.com/ for security check.

5 more replies
Relevance 59.04%

Now I can't access this site on another computer because I get the message: Avast Web Shield has blocked access to this page because the following certificate is invalid, SS1278353 Cloudflaressl.com. I've run the Avast software, Malwarebytes, Adwarecleaner, and 360 Total security to no avail.

What's up?
 

More replies
Relevance 59.04%

I really like Avast AV very much. I have a question about the Web Shield part of the program. On the program itself, generally 6 of the 7 modules are running. I do not have Outlook or MS Exchange so for that area the program says, "The Program is Waiting for a Subsystem to Start." (or something like that.)

About once a month, maybe twice a month, I will notice 5 of the 7 providers running and the program will have one of the Web Shields running. However, it will say, "The Program is Waiting for a Subsystem to Start." (instead of saying, "The Provider is currently running." The funny part is that when I go to webpages and do a check, the Web Sheld is still scanning them. So on the Web Shield thing, what is Avast waiting for?

This is a common issue with the program based on Internet Searches. I don't know if this is a bug or the way that Avast 4.8 works. Can you also provide information about the two different shields that the program uses? One is the Web Shield, the other is called the P2P Shield.

The updates are working fine. Oh, it hasn't happend often enough, but so far the only way that I can get the Web Shield back to not saying, "The Program is Waiting for a Subsystem to Start." is to do a reboot.

Jack
 

Answer:Question About Avast 4.8 AV Web Shield?

Go to control panel and uninstall avast, when you try it it will display 4 choises choose repair.
Webshield scans scripts, cookies such stuff from yout browser.
And psp shield scans files downloaded from utorrent, limewire you can see them all if you right click avast icon choose on access protection contol psp program-customize.
 

2 more replies
Relevance 59.04%

Hello everyone I have a problem with my Toshiba laptop. Avast! Pro Antivirus keeps popping up from down right corner of my screen saying that Avast Web shield blocked malwarius web page or file. It's popping up literally every second and i need a solution how to stop this and remove viruses if I even have them. ( I already looked on web for solutions and everyone is saying different so i don't want to mess it all up).Edit: Topic moved from Windows 7 to AII ~ Computerxpds

Answer:Avast web shield problem, need help!

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 59.04%

Was hit by the FBI MoneyPak ransomware virus a couple of days ago. Seem to have successfully removed that virus along with a number of other ones (ZeroAccess.Trojan; Java/Exploit.Agent.NBD.Trojan; . Unfortunately, my computer continues to show a Windows Security Alert ("red shield") in the start-up tray indicating that "Computer may be at risk" because "Automatic Updates is turned off." Also, while using a cleaning tool (adwcleaner.exe) during the FBI ransomware virus clean-up, a security alert (from AVG Anti-Virus Free-Edition 2012) popped up to warn that the cleaning tool (adwcleaner.exe) was a "rogue" program.Have pasted contents of the ddt.txt below. Also attaching the Attach.txt.Was going to attach Ark.txt (GMER log) once the GMER scan was finished, but got a blue screen saying: "A problem ahs been detected and windows has been shut down to prevent damage to your computer.""IRQL_NOT_LESS_OR_EQUAL""If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:[I will spare you all of the details here and just add technical info.]"Technical information:*** STOP: 0x0000000A (0xFAABDC00, 0x00000005, 0x00000001, 0x806F48EE)Beginning dump of physical memoryPhysical memory dump complete.Contact your system administrator or technical support group for further assistance." Any help in figuring out how to remove this malwar... Read more

Answer:Windows Security Alert ("red shield") appears in start-up tray & report of "Rogue Virus" threat when using...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Relevance 58.63%

Hi everyone,

I currently use 3 free security programs : Avast 6, Microsoft security essentials and Malwarebytes.

I just ran a quick computer scan with Avast and just when the scan completed I got an alert from microsoft security essentials :

Does this mean that there's a virus located in my Avast temp folder? Or maybe MSE doesn't get along too well with Avast??

I wont remove the file until I get an answer cuz I'm affraid this could de-activate Avast!

Please help!

Answer:MSE detects a threat in Avast folder!

It's generally not advised to run multiple Anti-virus at the same time. They don't agree with each other, resulting in a lot of conflicts with virus removal as well as a multitude of other things.

For example, they could both latch onto the same infected file and try to delete it. Obviously, this doesn't work very well, usually ending in a terribly slow computer. Similar problems occur if one AV quarantines a file while the other AV tries to delete it. I once had BitDefender and Trend Micro installed on the same computer. My computer was so slow, it was barely usable.

Most AV software nowadays attempts to detect and remove other competitors at installation. it's probably for the best as having more than one AV will probably cause you more problems than do you good. If there's any AV software you prefer, I recommend keeping it and uninstalling the others. Malwarebytes in my opinion, is great. You should be able to use it in conjunction with avast! or MSE though as it doesn't offer real-time protection. Though in the end, it really comes down to what you feel more comfortable with. Alternatively, you may have to set exclusions for the related file folders in order to avoid any complications.

9 more replies
Relevance 58.63%

Hello!
I use Avast! Free antivirus & just recently, while browsing on Google chrome, I received a message from Avast saying they detected & blocked a malware threat. I closed it and continued browsing but the message would keep appearing each time I opened a new page or refreshed the current page. 
I tried firefox and had the same results. I ran a quick scan with MBAM but nothing turned out. I'm also not receiving the messages from Avast any more so I'm not quite sure if I've been infected or not. 
 
Some help & advice on what actions to take would be greatly appreciated! 
Edit: I forgot to mention, my OS is Windows 8.

Answer:Avast detects URL:Mal threat on every page

Hello Iris I would think Avast just did its job and prevented malware.. I would suspect wherever you were visiting may have been suspicious.Let's take a look and get some junk off that is probably on here now anyway.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the con... Read more

9 more replies
Relevance 58.22%

Greetings all! I apologize if this isn't the right place for this! I'm trying to help my boss get his computer squared away and I'm having issues with Avast Web Shield popping up constantly. As of the typing of this message, it seems to have slowed down a little bit, but I want to make sure the problem is solved and that there is not going to be any issues going forward for him!
 
I would try to do something myself, but every time I've searched anything online about this, it says that every case is different and that solutions only work in that particular situation.

Answer:Avast Web Shield Working Overtime

You have the option to turn off the Web Shield permanently according to the info in link below.
Turn Off (Disable, Pause) Avast Antivirus 2015
 

1 more replies
Relevance 58.22%

i'm having some problems with my broadband but have just notice that my avast is not running. whenever i try to start it up it says" unable to reach file system shield. shield unreachable. how can i get it going again, thanks

Answer:avast smart shield not running

an happen with a corrupt update. rmove avast with the removal tool click here and reinstall.

1 more replies
Relevance 58.22%

Hello!

Brand new computer (well, used, but new to me) and the same old virus problems.

The Avast Behavior Shield turns itself off every time I hit "Connect" on VZAccess manager during the last 24 hours. Avast does warn me that it's off and I click it back on manually. Says it's back on, but I have my doubts.

Particularly as when I tried to surf eBay, the website suddenly thought I lived in the Czech Republic. Yeah, I've changed my eBay password and my PayPal on a friend's clean computer already.

So here's the DDS log with the ATTACH, err, attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Lois at 19:58:07 on 2017-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2302.1316 [GMT -7:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\s... Read more

More replies
Relevance 58.22%

I recently went from Avast 4.8 to Avast 5 and am pleased with the new version. I note that it has a Behavior Shield and can't recall if the earlier version also had. What I would like to know is this: does the Behavior Shield make Threatfire, which I also use, redundant?

Unfortunately, although I tried to glean an answer from Avast's Help Center, I do not know enough about computers to know what the description there of the Behavior Shield amounts to: it 'monitors all activity on your computer and detects and blocks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.'

I have XP, SP 3.

Thanks in anticipation.

Answer:Avast 5's Behavior Shield and Threatfire

Behavior shield - monitors all activity on your computer and detects and bloxks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.avast! 5.0 Quick User GuideThreatFire monitors your machines activity and uses an intelligent behavioral engine to alert you about malicious behavior rather than rely on signatures. - How ThreatFire WorksAs such there will be some redundancy using both but their technology is different and therefore, what is detected may vary.

2 more replies
Relevance 58.22%

Hi everyone,

new beta version 17.5.2298 is released.

What's new:
- Tiny Firewall for blocking EternalBlue exploit - (internal) It is a part of StreamFilter, turned ON/OFF by Online Shield
- internal fixes

As many of you are aware Avast and AVG are 1 company now. Cause development of 2 different UIs takes different time, in this beta we introduce Ransomware shield in AVG beta now. You can expect Ransomware shield in Avast in next betas.

If you wanna try Ransomware protection in AVG build, check this link:
- AVG Antivirus Beta 17.5.3017

Download links:
BETA testing - Overview & Download links
 

Answer:Finally,the ransomware shield in avast

Good, but why they need a whole new tiny shield for stopping an exploit and this has to go through beta and be delivered after tests!? There are firewalls for blocking ports like the Windows Firewall and the Avast one in paid solutions. Maybe it is a sign that they need something like Norton's IPS?
 

3 more replies
Relevance 58.22%

Hello,

My son got into some bad stuff which led me to this forum a few months back. After some research I went with Avast Anti Virus (free version), Malware Bytes (paid version), and Comodo Firewall (free version). I have had a lot of slow behavior when surfing and doing email. The cursor is unstable and I cannot type things without a long wait. I turned of the Avast Behavior Shield and everything is a lot better. What have I lost turing off this feature? There are still several other Avast Shields running along with the Malware Bytes and Comodo.

Any suggestions? Should I try a different AV program?

Thanks,

Dave

Answer:Avast 5 Behavior Shield Slows Down XP?

hello daveplaysbass,The behaviour shield is a bit of a mystery! There's quite a few questions about it on the Avast forums and no real answers. I think the guys on there have been waiting for months for a 'promised' explanation from an Avast official. Found out a few things tho. This is a quote from an interview with a Avast official ...."The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits."So whilst it's new and not operating at it's fullest potential, it still is an important part of Avast!It's not supposed to use hardly any system resources, but a few people have had problems with it conflicting with other software. One person had the problem of it conflicting with the 'Payed' version of Malwarebytes. And thats interesting because my set up is the same as yours, Avast(free), Comodo firewall(free) but i have the Free version of Malwarebytes, and i have no problems with conflicts.Its worth checking to see if there's any information in the Behaviour Shield report( at the bottom of the Behaviour shield page) in th... Read more

1 more replies
Relevance 58.22%

the behaviour shield is yet not improved....

i still see the shield is not yet fully operational on auto decide it should be able to block atleast 50% of malware beahviour atleast...

i see the behav shield records suspicious events but doesnt block them neither no alerts are displayed....why??

I saw all this in my tests...behav shield records suspicious events but doesnt display a pop-up and neither blocks it....

when avast sees something bad is suspicious is going on it should block it....what's the deal with that??
 

Answer:no improvement in avast 7 for behaviour shield.

Likely Behavior Shield uses heuristics analysis so therefore a file that's known to be malicious/suspicious will popup so for Sandbox feature too.

When its set to ask a behavior popup must shown with the option.
 

24 more replies
Relevance 58.22%

Last April, a gentle person from Europe helped someone with this same problem.  I tried to follow the advice, but find I need some help. What I've done: 1)  Run Malwarebytes software daily.2)  Uninstalled Avast and reinstalled it.3)  Installed IE 11.4)  Have trouble with downloads.  I get Current Security settings do not allow download.  I've gone into Internet Options and attempted to change all settings to allow file downloads.  I accomplished this once, but then it does not last.5)  I've run Tweaking.com, Windows Repair All-in-one. The Avast Web Shield is still popping up. Thanks for any help!Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

Answer:Avast Web Shield notifications appear constantly

Please run the following scans in the order they appear.
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 

 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 

 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 
 
3)  The scan will automatically run now.
 

 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 

 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items. &... Read more

3 more replies
Relevance 58.22%

Thanks for your time.

I just installed Antivir and felt naked without a web shield, so I reinstalled everything in Avast! except the standard shield.

In theory, this should work, however the apps froze on startup, so I set Avast! to launch after all other applications load and they seem to like each other now.

What I'm here to ask is whether this should theoretically cause any problems.

Please don't reply with, "OMG YOU ONLY NEED ONE ANTIVIRUS" because I am only running one antivirus. My reasoning for running both apps is so that the Avast! web shield will take effect during browsing, and Avira will handle everything locally. The issue I have with using Avast! for everything is that it seems to constantly scan all my files, without letting me set it to just "scan on application read/write" which causes major slowdowns.
 

Answer:Antivir + Avast (Web Shield Only) Compatibility

Wow no one has any experience with this pairing? That's amazing.
OK thanks anyway.
 

1 more replies
Relevance 57.81%

Hi

I keep getting messages from Avast that a malicious URL has been blocked in process C:\windows\system32\svchost.exe
It also discovered a rootkit when I ran a boot scan.

I've tried to get rid of this but it keeps returning:(
Any help would be greatly appreciated.

Thanks.

Answer:Avast detects threat in svchost.exe + rootkit

OK now. TDSSKiller did the trick.

2 more replies
Relevance 57.81%

Hello Everyone,
 
I am new here and would like some help on a virus Avast found. When I click move it to chest I get "Error: There is not enough space on the disk (112)".
 
I downloaded Cobian Backup and started the backup. I received error messages which I saved and attached below under Cobian Backup Error Messages. 
 
Please help as I do not know how to remove it.
 
DDS is below.
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.6001.19048  BrowserJavaVersion: 10.15.2
Run by James at 20:54:42 on 2013-04-06
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.27.1033.18.2038.323 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\SysWOW64\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windo... Read more

Answer:Avast found threat: win32:hubigon-onx [trj]

Dear forum administrator,
 
Please help with this post. Although there may have been postings of a similar nature, the hubigon virus looks like it had infected the other computers in a different way. I thought the recommended solution may be different in those cases and not help me. Please let me know if I am wrong and can use the recommendations. That way I will not have to wait unnecessarily. 
 
I understand those who assist are busy and can't afford to help everyone immediately, but I would greatly appreciate any assistance.
 
Thanks.

17 more replies
Relevance 57.81%

Good day,
 
I've been getting a lot of alert from avast as per the topic title. The specifics of it are as below
 
Object: hxxp://69.65.5.105/ (Changed tt to xx in the URL for obvious reason)
Infection: URL:Mal
Process: C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
 
Avast will keep on alerting me at a very random interval. sometimes as often as once every 4-5 minutes. When I stop the FileZilla Server service, the alert will stop too. As soon as I start the service again, avast will immediately start alerting me again. One peculiar things I have noticed since avast started alerting me on this is that I cannot download any file directly from the browser (Chrome, Firefox) anymore. I started noticing this one when I wanted to download DDS. 
 
Anyway, I've got my hand on the DDS software from another PC. Unfortunately running the software gave me the following error message
 
"DDS is not meant to run in 'Compatibility Mode'. The program shall now exit."
 
Thus I'm not able to produce the logs to accompany this post. By the way, I'm using Windows 8.1 Pro (64-bit). I'm pretty sure I'm infected and any help will be much appreciated.

Answer:Avast web shield has blocked a harmful webpage

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

4 more replies
Relevance 57.81%

S y s t e m I n f o r m a t i o n

OS Name Microsoft Windows 7 Ultimate
Version 6.1.7600 Build 7600
System Manufacturer INTELR
System Model AWRDACPI
System Type X86-based PC
Processor Intel(R) Pentium(R) 4 CPU 2.40GHz, 2394 Mhz, 1 Core(s), 1 Logical Processor(s)
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 27/01/2004
SMBIOS Version 2.2
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Hardware Abstraction Layer Version = "6.1.7600.16385"
Installed Physical Memory (RAM) 1.50 GB
Available Physical Memory 536 MB
Total Virtual Memory 3.00 GB
Available Virtual Memory 1.69 GB

I installed AVAST Free Antivirus Version 5.0.677

Enabled the REAL-TIME SHIELDS (which include 7 options) all listed below:

File System Shield
Mail Shield
Web Shield
P2P Shield
IM Shield
Network Shield
Behavior Shield

I'm only able to enable 6 of the 7 Shields without locking out all internet web page traffic loading.
Every time I enable the WEB SHIELD it prevents any pages loading.

My questions are why, how do I correct it & what exposure does it present not having it enabled???

Any help to resolve these issues would be really appreciated.!
 

More replies
Relevance 57.81%

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser:... Read more

Answer:Avast keeps asking for Mail Shield Security Exclusions

I'm sorry for the second topic, the browser gave me internet error (or something) and I clicked refresh.

1 more replies
Relevance 57.81%

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser:... Read more

More replies
Relevance 57.4%

This is very strange and I haven't seen any reports about this issue.
During the install process for Pale Moon 26.1.1, Avast anti-virus ver 11.1.2253 stopped the process with a Threat Alert.



Infection: FileRepSnxclass [PUP]
Process: C:\Users\{username}\AppData\Local\Temp\7zSBA2B.tmp\setup.exe

The threat was detected and blocked just before the file was executedClick to expand...

Has anyone else had a similar event or know anything about this?
 

Answer:Avast Threat Warning During Pale Moon 26.1.1 Install

Upload that setup.exe file to VirusTotal.
https://www.virustotal.com/
 

4 more replies
Relevance 57.4%

Problem: Avast reports high threat win32-gen (with no obvious malware symptoms) System Info: Avast installed over a year, windows XP-pro, Windows firewall always on, PC used for business by me only- - no gaming/risky site browsing. - Connects to business server at times. - No banking or accounting. Avast is set to full scan at night installed for over a year. Windows XP firewall- Windows auto updates set to ?on?. First Avast report of malware 7/5/2011. - PC had been offline about a week. - The cable/internet ISP service was down- tech said the line connections 'fixed" at last service call about a month prior- was issue. - Techs did not touch PC? just modem & cable.Once PC online again, Avast performed a program update & virus definition updates. 1. next day Avast reported high threat win32-genc:\program files\online services\PeoplePC\ISP5900\Bin\BartShel.exe 2. i think i moved this to chest- thought this was installed by manufacturer & never used ( i am not owner of PC and it is an older Compaq XP media center- plenty of junk installed that i ignore). 3. Avast recommended a boot-time scan (it scans before windows fully loads) 4. boot-time scan reported the following : 1 - High Threat: Win32:Malware-gen. o c:\system volume information\_restore{106CF321-99A3-4EA-9103-1BD027606A99}\RP279\A0054917.exe 4- low Threats: PU... Read more

Answer:Avast reports win32 Malware-gen High-Threat

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

16 more replies
Relevance 57.4%

Coming Soon to Avast is New Center of Screen Threat/Detection alerts, (Currently in Beta) no response from Avast Staff/Developers on if these are staying, but since they just released a new beta version 17.6.2307 and they remain, think the new threat alerts are remaining.

So Think Saturday will proceed with my System Reset that should fix up any other errors, and make sure Avast completely removed I would think

More replies
Relevance 57.4%

I keep getting avast threat detections or "blocked a harmful webpage" just for using Firefox and Chrome, sometimes repeatedly for being on a website like CNN or Youtube. I ran Malwarebytes and Avast...nothing showed up. One time, in between warnings the screen froze, turned completely white, whle the start task bar reamined but was recolored black. I coudln't do anything, not even ctrl+alt+delete.
 
The url is 54.201.107.94/redir...
 
it's listed as MAL
 
and the process is either through chrome or firefox. If anyone can help I'd appreciate, thanks.
 
Here's the dds text file:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Taylor Kendall at 18:49:36 on 2014-11-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6126.4040 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.... Read more

Answer:Keep getting Avast threat detections for opening Firefox and Chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558201 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 56.99%

Good Day
 
I have an Avast Premier antivirus
and recently this pop-up has been coming up frequently(actualy starting to be annoying now)
I have done a full scan and nothing seems to help.
I have attached the logs i ran with DDS
help would be apreciated,
thanx
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by user at 9:02:46 on 2014-08-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.1954.340 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explor... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello tonata I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

15 more replies
Relevance 56.99%

I get this specific error "avast! Web Shield has blocked a harmful webpage or file
 
Infection: URL:Mal
 
Process: C:\Windows\System32\svchost.exe"
 
Everytime I opened up google, I actually removed avast thinking malwarebytes would remove it, but it didn't. I did multiple threat runs on avast + malware, stuff showed up I got rid of it, yet it's still here. I don't see the error anymore only because I removed the avast, I want to get rid of it could someone help me.
 
I also get something called Nexxtcoup on my google extensions, everytime I remove it, I'll close google and then bam it's back there.

Answer:avast! Web Shield has blocked a harmful webpage or file

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

1 more replies
Relevance 56.99%

I'm sure you've seen these topics before...
I need some help about the constant popups avast has given me FOR EXAMPLE
 
Avast Web Shield has blocked a harmful webpage or file.Object:  htp://filesonlinehere.com/sync/?rmbs=...Infection:  URL:MalProcess:  C:\Program Files (x86)\...\chrome.exe
 

 
If there is anything I need to provide, please elaborate and I will be grateful to supply it

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

18 more replies
Relevance 56.99%

Every time I click on the Account hyperlink to access my YouTube account on YouTube Avast Network Shield blocks the attempt. This is obviously a false alarm but I don't see a option to edit it's block list or to make a exception though I see it for the Web Shield. Is there anyway to fix this or do I have to pause it each time I want to access the account page on YouTube because thats the only thing that works.
 

Answer:Avast Network Shield Blocks YouTube/Account

Outlawstar15a2 said:





Every time I click on the Account hyperlink to access my YouTube account on YouTube Avast Network Shield blocks the attempt. This is obviously a false alarm but I don't see a option to edit it's block list or to make a exception though I see it for the Web Shield. Is there anyway to fix this or do I have to pause it each time I want to access the account page on YouTube because thats the only thing that works.Click to expand...

You're not alone, see Avast forum. Avast has acknowledged the problem and an update should be available soon.
 

1 more replies
Relevance 56.99%

Hello Guys,
My system:
Toshiba  / Satellite C55-A   /  Intel ® Celeron  ® N2820
64 bit Windows 8.1
I am at the end of my rope. I have tried everything. First, let me say I am not good at technical things on a computer, just enough to be dangerous. So if some things I say seem crazy, they probably are.  So here is the story. About a week ago I received a email on my go daddy webmail.  www.login.securserver.net. That is how I long into that email. Now, that is not my main email. My main email is gmail, which I use the most.
The email I received on the go daddy email was a Notice of Apperance in Court #00406341. It contained a zip file,  Court Notification 00406341.zip.   Of course being stupid, I unzipped the file, thinking it was something important, since I have some court cases ongoing for business.
With research  I think it is a Kuluoz or another one that starts with  A.  cant remember.
It put a zip file in my downloads folder  Court_Notification_00406341.doc, which shows as File Type: Java Script file, 8.84kb.  That is the only one I noticed, not sure if they are more somewhere.  Then things started getting a little weird. Nothing major, I still get emails, still send them, and my system seems to be running normally, except for Avast Mail Shield security exclusions ,  It keeps poping up at least 40 times a day, saying 
 
Now, here I used to get different info, like websit... Read more

Answer:Avast keeps giving me Mail Shield Security Exclusions

hi,
 
We will start with FRST to remove some items from the log.
 
Usually Iam only on this site once or twice per day so you may not get a reply from me until the next day.
 
Copy/paste whats below in the box into notepad. Save it as fixlist.txt in the same location you have FRST, your desktop. Click the FRST icon like before and this time click on the fix button just once. When done you will find a fixlog on your desktop. Please post the fixlog in your reply. Machine may reboot to finish the process.

HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Philip\tmp2098815588907764838.exe
C:\Users\Philip\tmp3347511962698503720.exe
C:\Users\Philip\tmp7839474401173251832.exe
2014-03-10 16:57 - 2014-03-10 16:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
SearchScopes: HKU\S-1-5-21-2793440623-1628646824-2415799637-1001 -> {21A3F5B1-BB9E-458A-815D-54E44AA350A8} URL =
CHR HKU\S-1-5-21-2793440623-16286... Read more

5 more replies
Relevance 56.99%

Hello, Thanks for being there for us.
I have a problem with my computer. After downloading a PDF file which instead of opening, suddenly disappeared and I cannot locate it. From there on whenever I open Firefox or iexplorer, Avast starts alerting me that it’s blocking a harmful website or file. Although these alerts stop when I go offline and so far the computer is running properly. Kindly assist me to fix this problem.
 
Thanks alot.
 
Taha

Answer:Avast web shield blocking harmful website whenever i go online

Hello Taha,please run a FRST scan to start with:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

9 more replies
Relevance 56.99%

So basically I only installed the behavior shield from the avast installation wizard. I was thinking having Kaspersky as my main AV along with avast's behavior blocker is a good set up. However, admittingly I am a novice, and I don't know if these two will clash. So far, everything seems to be going smoothly, but the WD notification icon is displaying that X and is saying I shouldn't have more than one AV installed. Thanks.
 

Answer:Using Kaspersky free with only Avast Behavior Shield installed.

I personally think it should work ok running these 2 programs if Avast is only enabled for behavior blocking.
 

20 more replies
Relevance 56.99%

Q. 1.There is a Heuristic Scale and Test Whole file box in File shield.
Should I Scale up it to high (from normal) and check the "Test whole File" box, for better protection?

Q 2. There are two tabs in File Shield settings, "Scan when opening" and "Scan when Writing"
Should I tick the Scan All files in both Opening and Writing for better Protection? (It will scan all files that are being opened or written in the system but there will be negative impact that IDC)

Q. 3. Should I tick "All Packers" or go with Default packers.

Q. 4. Should I activate Avast Aggressive Hardened mode because I don't like Voodooshield as it shows its Pro Version Advertisement in every Startup which is too much annoying for me.
 

More replies
Relevance 56.99%

Hello!
 
I installed Avast recently and have the premium trial version of it at the moment. Every so often, there's a notification that pops up with "Avast! Web Shield has blocked a harmful webpage or file", and some random website. It notifies that it's running through Chrome even when I'm not currently running it (I'm mostly using Firefox). I believe my computer may be infected because I started seeing ads that appear normally where they shouldn't (with a description like ads by deall2ddeualit), and some Firefox addons that enabled these ads that were installed without me knowing about it.
Somewhat related, I allowed a scan from Avast of the computer files while it was booting up and accidentally unplugged the power which turned off the computer mid scan. When I booted it up again, I was entered into something like a temporary account where all my saved documents were pretty much gone. After another reboot, it did the same thing except now it stated that the copy of windows was not genuine. And after a third reboot, everything seemed restored. However, it feels as though start up is somewhat slow now. I'm not quite sure what happened here.
I'm not quite sure where to start, but I believe I need to provide a log? How do I go about doing that?

 

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545315 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 56.99%

Working on a computer with 32-bit Vista. Windows Updates appear to be stuck - any updates are rolled back with the error of them "not being configured properly". Tried Googling and trying individual update solutions, but no luck.
 
PC had Microsoft Security Essentials installed, I removed it and installed Avast. Although Avast installs, the Web shield appears to be permanently disabled.
 
I have run Adwcleaner, Malwarebytes Anti-malware and Eset online scanner.  A few low-level threats were found and cleaned, but nothing has changed with the symptoms above.
 
Thanks for the help!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Shari (administrator) on P2JOFFICE (21-03-2016 11:16:46)
Running from J:\
Loaded Profiles: Shari (Available Profiles: Denise Pauls & Shari)
Platform: Windows Vista ™ Home Premium (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST ... Read more

Answer:Vista not accepting updates & blocking Avast web shield

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===I need more information. Please run this tool.Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Pleas... Read more

16 more replies
Relevance 56.99%

Purchased avast internet security in November 2011. It's suddenly stopped working. "Fix Now" button not responding and unable to restart program as I'm being advised that the file system shield is unreachable! Any idea what's happened? Please help.
Angie.

Answer:avast internet security: file system shield

You have posted this twice - to avoid confusion:-
Please tick this thread as resolved (click the rigt hand column) and do as suggested in the other thread and reinstall avast.

1 more replies
Relevance 56.99%

For a week, I have been getting constant alerts from Avast!, and since I updated Malwarebytes, it is also giving me alerts.
 
Avast! Alert: 
Avast! Web Shield has blocked a harmful webpage or file.
Object: http://brozblagrom-c2.com/online/526 (This changes with ever new alert popup, usualy 6 or more will show up at once)
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
Malwarebytes Alert: 
Malicious Website Blocked
Domain: forteen-meters7.me
IP: 5.45.6.199
Port: 50271
Type: Outbound
Process: C:\Windows\System32\svchost.exe
 
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Kistoway at 16:17:04 on 2014-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.1531 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microso... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539339 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

11 more replies
Relevance 56.99%

Hello I'm having problems with the Avast! web shield popping up very often and have no idea what to do. Pop ups go along the line of
 
Avast Web Shield has blocked a harmful webpage or file.
  Object:  htp://filesonlinehere.com/sync/?rmbs=...
Infection:  URL:Mal
Process:  C:\Program Files (x86)\...\chrome.exe
 
I have posted the DDS log below
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by LEOLEOLEOLEO at 1:06:42 on 2015-01-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8141.4816 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

11 more replies
Relevance 56.99%

Can anyone suggest the most appropriate settings for COMODO HIPS so that it would work with Avast behavior shield in tandem?
 

Answer:Avast Behavior Shield with COMODO HIPS. Which settings should I use?

U can use safe mode in comodo hips. It should work realy nice with the behavour shield from avast. Well, i would turn off hips totaly if u use comodo firewall and avast. there is no need for hips.
 

5 more replies
Relevance 56.99%
Question: Threat Detected

OK, so I finally got Mbam downloaded and installed. Now my computer will not restart. I have to manually reboot. I am unable to get into "safe mode". I went ahead and manually restarted the computer again, this time a screen came up saying that a threat had beed detected in C:\WINDOWS\system32\drivers\asyncmac
The name of the threat is: Virus identified Worm/Generic AQVG I am also getting "Low virtual memory" alert.

I have run an AVG scan and it is coming back virus and error free. I'm completely baffled. I have no clue... And it's NOT just because I'm blonde. Am I going to have to take my 'puter to my tech? Please tell me there's a relatively simple way to fix this.

More replies
Relevance 56.99%
Question: Threat detected

Hello and thanks for this wonderul service. I got a Resident Shield Alert from AVG saying I have been infected with Win32/Patched.DX. The file name is C:\WINDOWS\system32\drivers\netbt.sys. It's noted as white-listed and a critical file. I am running Windows Home XP SP2. I would appreciate any help you can send my way.

Thank you

Answer:Threat detected

Hi,Yes netbt.sys is a legitimate file. However, it may be that malicious software has modified the file and it is now infected or patched. You should update and then run a full scan with AVG. You may also wish to try other anti-malware products such as MBAM.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Q... Read more

8 more replies
Relevance 56.99%
Question: Threat Detected

Hi,
Whilst using my Computer a Computer infection alert filled the screen a balloon said click here to fix the problem, so i did, I have AVG free 9.0. What followed was an advert for A V Security Comuter Protection which looked like an American company, the only thing was no matter whow hard I tried I could not get out of the advert - the only apparent way was to buy to software $40+. Not going to do that!
Six hours later I had removed the advert by deleting temp internet files (I think), but my Computer Firewall is permanently switched off, I can't system restore and a windows wizard says I have a remote computer but will not give me the address.

Please Help
Alan.
ps I have run a full Computer scan with AVG and no infections found, and I can't seem to cut/paste a copy of DDS file!

Answer:Threat Detected

Hello MOW,

Can you attach the dds.txt?

13 more replies
Relevance 56.99%

Good day.
 
I hope I can request some help.
I have read and followed the Preparation Guide, and performed the FRST scan and have saved the 2 .txt files.
 
I have a laptop that I use with Internet service through my Iphone as a personal hotspot. Each and everytime I plug into it, within a few seconds Avast Free announces a"A threat has been detected". I get a call and it happens once again. Any break in service, however brief, causes a new threat announcement. One of the threats is Http://bestdriver.star.net.. URL  MAL , another http://simplesitescan, etc. A couple of other addresses show up as well at different times.
These do not show up with the full system scans.
 
I also have run MBAM multiple times and it reports system is clean.
 
I am not being redirected or anything that I can see, but, I am concerned that my security has been breached and perhaps data is being mined(?).
 
 
Thank you ahead of time for helping!
 
SS369
 
Here is my FRST.txt file.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by SS (administrator) on SS-HP on 11-06-2015 18:00:05
Running from C:\Users\SS\Downloads
Loaded Profiles: SS (Available Profiles: SS)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use... Read more

Answer:Threat has been detected

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Run this tool to clean your Temporary files/Folders.Download TFC to your desktopClose any open windows.Double click the TFC icon to run the program.TFC will close all open programs itself in order to run.Click the Start button to begin the process.Allow TFC to run uninterrupted, it should not take long to finish.Once it's finished, click OK to reboot.If it does not reboot, reboot your system manually.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CloseProcesses:
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 OATool; \??\C:\Windows\TEMP\OAToolx64.sys [X]

End
Save the files as fixlist.txt in the same folder where the... Read more

14 more replies
Relevance 56.99%

Mod Edit:  Split from  http://www.bleepingcomputer.com/forums/t/499879/infected-with-virus-that-puts-add-links-on-sites-i-visit/#entry3093720 - Hamluis.
 
 
URL: http://ad.adtegrity.net/st?ad_type Process: C:\Program Files (x86)\Google\Chrome\App... Infection: URL:Mal
 
Hi I think I have an infection.  My avast free anti virus keeps giving me pop ups saying as above.  I first noticed the virus on my own blog, when I noticed words had been turned into links that I had not made links of. When hovering on those words, a pop up add would come up.
 
I have windows 7 operating system.
 
I have been through all downloads and not noticed anything sus there, I have no updates to do.  I did try and download a movie a few weeks ago, so I guess that has been what caused it.
 
Silly me.  Please help, from Sharon.
 
I've been getting, "threat has been detected," pop-ups from avast! while playing Mafia Wars at the Facebook website.
Here is the detail:
Infection Details
URL: http://ad.adtegrity.net/st?ad_type
Process: C:\Program Files (x86)\Google\Chrome\App...
Infection: URL:Mal
Infection Details
URL: http://ad.adtegrity.net/st?ad_typeProcess: C:\Users\Dad\AppData\Local\Mozilla Firef...Infection: URL:Mal
Even if Zynga thinks it's okay to partner with a company that wants to put destabilizing malware on our computers, why would Facebook tolerate it?My Google Chrome, Firefox and Java versions are all up to date.
Th... Read more

Answer:Threat Has Been Detected

Hi,while facebook has had many problems with malware lately, this seems to be a false positive from Avast!: http://forum.avast.com/index.php?topic=128772.0Do you also get the popups on other sites? Yahoo is mentioned a lot.regardsmyrti

4 more replies
Relevance 56.99%
Question: Threat Detected

Hi,

Would appreciate your help in resolving this issue. My AVG anitvirus has come up with a message of
Threat detected in File Name c:\Users\John\Policies\Catsrv.exe.

Threat name: Trojan Horse Generic15.TFF Detected on Open.

Process Name C:\Windows\System32\svchost.exe PID 1136.
When I try to heal it or Move it to vault the following message is displayed. "The virus valut has reached the maximum file count limit. Do you want to delete the object?" Trying to delete it comes up with a mesage that some files cannot be healed.

Emptying the vault does not help in anyway.

I have tried to search for the file Catsrv.exe in the above folders but with no success. My folder options are set to show all hidden files including system files.

Note: I do not have any boot or installation CD for my Vista Home Premium as my laptop came with it pre instaled.. Also I had to run GMER in safe mode as my laptop came up with BSOD every time I ran it,

My DDS log is shown below:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Bhavna at 18:32:29.79 on Thu 10/29/2009
Internet Explorer: 7.0.6000.16643
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1013.366 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-5... Read more

More replies
Relevance 56.99%

The message says.Threat detected file.
C/Windows/system32/services Exe.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by user at 10:35:36 on 2013-01-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.1033.18.1978.711 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Managem... Read more

Answer:Keep getting pop up saying threat detected.

Sorry forgot to mention. The last bit on the message said.Win64/Patch A.Thanks.

15 more replies
Relevance 56.99%
Question: threat detected

As soon as I open my computer I get these : Threat detected and it continues endlessly. I do have an antivirus installed though!What to do to remove it?
 

Answer:threat detected

When I plug in an external hard drive none of the ports respond and do not show off. I bought a new external drive thinking that the old one was not responding but the new one also does not.
What to do?
I have uninstalled each and every one and re-installed them but nothing works.
 

1 more replies
Relevance 56.99%

When I open Google Chrome browser, I immediately get this Avast warning:

Threat Detected:
Object URL:Mal
C:/Users/Keith/App Data/Local/Google/i.tnkjmp.com/ cross domain.xml

I can open Internet Explorer, Maxthon, and Sandboxed Web Browser without any problems. My computer has been slowing down lately. I have ran anti-virus scans, malware scans with MalwareBytes, and SuperAnti-Spyware.
My specs are:
Dell Studio 1749
Processor Intel Core i5 CPU M520 @ 2.40 GHz
Installed Memory 4.00 GB
System Type: 64-Bit Operating System
Windows 7 Home Premium

Here is the HijackThis Logs and the Att. and DDS:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:27:34 PM, on 9/17/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17051)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\keith\AppData\Local\Google\Chrome\Applic... Read more

Answer:URL: Threat Detected!

16 more replies
Relevance 56.99%
Question: threat detected

Hi, I am running Windows 7. I have A.V.G antivirus. I have started to get a warning with A.V.G resident shield, saying Threat Detected File c/Windows/system32/
services exe.There is nowhere i can see to remove the threat. Is it something to worry about. Thanks

Answer:threat detected

It looks like ZeroAccess rootkit.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

5 more replies
Relevance 56.99%

Avast is doing its task well. But what is going on? Every time I go browsing with AVG/Yahoo, or sign onto sundry sites I get the notice from AVAST that a threat has been detected and blocked. I am getting my money's worth. It would seem everything I want to access has a malicious attached to it.
I ran Avast boot scan, so anything it recognized was bid Sayanora. But is there a way to determine why or what keeps trying to get into my system?

Sarge
 

Answer:Threat detected for everything?

Hmm myself and my partner had an issue with avast very recently too. It was flagging almost everything as being infected. Luckily, it didn't manage to quarantine these items and leave my machines unbootable. (!)

I don't know what had happened for this to occur but the result was I uninstalled avast from both machines and now we run with different AV. I should have posted at the avast forums but lack of time prevented me. I have always loved avast but this I couldn't put up with. Despite a fresh install, it still did the same. I ran all the scans on my machines and they were fine. Avast lied.

I am not saying it is wrong in your case, but we do need many more opinions than just avast so, I would advise you to run these procedures:

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 56.99%

Whenever I open and have Firefox opened, this

"Malicious URL Blocked" Threat has been detected pops up.

Infection: URL:Mal
Process: globalroot/systemroot/svchost.exe

Like what is this? :o Any solution? I did run Avast already. :3

"avast! saved your computer from crashing
You just dodged a bullet"

When I click on it, it says "Infection Details
URL: Fast Search Engine
Process: \\.\globalroot\systemroot\svchost.exe
Infection: URL:Mal

Answer:Threat has been detected

Hi,

We require a comprehensive set of logs to identify and begin the removal of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 56.58%

For the last week or so, my sister's computer (Windows 7) has been bombarded by Avast alertingn her that a threat has been blocked. It happens for various different processes, but most consistently when a browser is opened (tried both IE and firefox). Here are a couple examples of what it says:
 
Infection Blocked
URL: http://52.74.169.204/wpad.dat
Infection: URL:Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Infection Blocked
URL: http://119.9.89.71/wpad.dat
Infection: URL:Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
We have run the virus scan in Avast and nothing was found. Also, Malwarebytes found nothing.
 
I am not sure if she is infected or its an Avast problem. Any ideas?
 
 
 
 
 

Answer:Avast constantly alerting of blocked threat, nothing shows up in scans...

If an infection trying to come in from the outside, trying to get into your computer -- was blocked, then scans of your hard-drive are not going to find said infection, because it was blocked from ever getting into your computer.

6 more replies
Relevance 56.58%

Is there a way to remove it, because avast comes up with an error message and can't move it either after scan or in the boot scan. Thank you.
 

More replies
Relevance 56.58%

Cleaning up my daughters computer - Dell Vostro 260 - Intel I5-2400, 4GB RAM, Windows 7 Home Premium 64bit.
 
Ran Malwarebytes, adwcleaner and CCleaner.  Installed avast free and ran boot time scan.   
 
Now receive continuing popups from avast stating:
 
avast! Web Shield has blocked a harmful webpage or file. 
Object:  hxxp://on-bend.com/b/opt/CB8F9...............
Infection:  URL:Mal  Process: c:\Windows\explorer.exe
 
Also appears that MS Update does not work and some downloads are being blocked.
 
Ran DDS as directed.  Only produced Attach.txt file (Below).  Rechecked and the DDS.txt box was checked - reran but did not produce this file.
 
Thanks in advance!!
 
********************************************
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2012 10:44:31 AM
System Uptime: 1/7/2005 6:12:05 PM (83176 hours ago)
.
Motherboard: Dell Inc. |  | 0GDG8Y      
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 332.036 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C6300 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\I... Read more

Answer:avast! Web Shield has blocked a harmful webpage or file - explorer.exe

Hi there,this is malware for sure. Please run the following scans:Step 1Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options (except "Loaded modules") are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).Copy and paste its contents in your next reply.Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

11 more replies
Relevance 56.58%

Hi there, My laptop and i are in deep trouble. 2 days ago, i was trying to download a game from the internet and it got me to this. i was opening a lot of links and pages, installing and uninstalling a lot of stuffs and right now, im in big trouble. There is an ads keep popping up on the bottom right corner of my desktop, and it keep on popping up throughout the day. at first it was a chinese game ads and then it becomes a chinese shopping ads and others. it pops up everytime i turn on my computer, and i wasnt even on the browser and it pops up. soon after that, my antivirus which is avast keep on giving this message 'Avast! Web Shield has blocked a harmful webpage or file URL: hxxttp://js.union001.com/PClick.aspx?AID=19927&KEY=CF3C8B99B339869B0A2895A79B102D884535DEAF40EC8624Infection: URL:MalProcess: C:\Program Files (x86)\t_201601210117\201601210117\lsas.exe.it is so annoying and i dont know how to fix this. I have read through some of the forum here, but still i do not understand what should i do first. would someone please help me. i do not wish to format my laptop please. im running windows 7 X64bit. im very grateful if someone could provide me steps by steps instruction so that i could catch up on what to do and im new here. thank you very much for any of your help.

Answer:'Avast! Web Shield has blocked a harmful webpage or file' with ads keep popping

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

6 more replies
Relevance 56.58%

I keep getting messages from avast saying it is blocking a webpage or file. My task manager shows there are a lot of processes running. My computer is acting really slow now, and it started making buzzing noises, and on startup the fan is making an incredible racket as well. Malwarebytes hasn't found anything. What should I do? I saw other people post, but there were warnings not to repeat these things. 
 
Each warning has three fields, object: infection: and Process: 
usually says http;//f0fff0...... or fa8072 or maybe go.wymedia
 
infection is always url mal
 and process is generally windows syswow64/dllhost or program files....iexplores/exe

Answer:Avast popup - web shield has blocked harmful webpage or file

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

20 more replies
Relevance 56.58%

I recently had to restore from a system image (full restore of C:\ drive where my program and system files are kept, no changes to D:\ so my personal files weren't reset, and probably some temp files and preferences weren't either) and after doing so, and then reinstalling avast onto this system image (the image was made at a time when I had a different antivirus) I encountered a problem with firefox which seems to be something to do with conflicts with it and avast.
Immediately after the system imaging firefox worked fine, and immediately after avast's installation avast worked fine too. The I updated both of them to the latest state, restarted and logged back on. This time when I opened avast to go to google I got a warning about a certificate on google's page being unrecognised (Unfortunately I can't remember the exact wording), But I was able to follow some of the options on the dialogue brought up by firefox and see a certificate related to avast was causing the issues. I tested by temporarily disbaling avast's web and mail shields and opening firefox again, that time it went to google.co.uk without issues. I turned the web and mail shields of avast back on and I got the same certificate problem again.
Eventually I used the "I know the risks button" in firefox and created an exception, which I think might not have been the best way to solve this. Because I still had problems loading other https pages (for exmaple the links to google plus or gmail from the google home pa... Read more

Answer:Conflicts involving avast's web/mail shield certificates and firefox

It's a known issue with avast! from my experience, take a look.https://support.mozilla.org/fr/questions/981937https://forum.avast.com/index.php?topic=161376.0http://kb.mozillazine.org/SSL_Security_Errorhttps://support.mozilla.org/fr/questions/1032509I think the instructions you are looking for are in the first link.

16 more replies
Relevance 56.58%

I have gotten an error message from Avast when downloading email.

The message says that Avast mail shield cannot scan the emails because
I have an SSL secure connection configured in the mail client, Outlook Express 6.

Both incoming and outgoing server ports have "This server requires a secure connection (SSL)" ticked ON.

I think this setting may be required for att.yahoo.com servers. :confused

Should I just disable the mail guard in Avast?

Thanks
 

Answer:Avast Mail Shield not working with AT&T account and Outlook Express

Have you read this?
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
 

1 more replies
Relevance 56.58%

Hi, My laptop keeps getting a popup from avast stating this below Avast web shield has blocked a harmful webpage or file Object:  http://weath4us.info/qOxXS:f<GM///Infection:  URL:MalC:\users\joseph\AppData\Roaming\CrashRep\GUP.exe Joseph is the user of this laptop.  This popup come up whether I'm browsing the internet or just on my desktop in word or something similar.  I have run spybot and only thing it finds is Browser:cache for internet explorer.  I have windows 10 home on a Toshiba Satellite.  What do I need to do?  Do I have a virus on my laptop? Thanks,Joseph   Here is the log info  --------------------------------------------------------------------------- SecurityCheck by glax24 v.1.4.0.32 [01.11.15]WebSite: www.safezone.ccDateLog: 24.12.2015 00:27:43Path starting: C:\Users\Joseph\AppData\Local\Temp\SecurityCheck\SecurityCheck.exeLog directory: C:\SecurityCheck\IsAdmin: TrueUser: JosephVersionXML: 2.20is-21.12.2015___________________________________________________________________________Windows 10(6.3.10586) (x64) Core Lang: English(0409)Installation date OS: 21.12.2015 01:01:20LicenseStatus: Office 15, OfficeO365ProPlusR_Subscription1 edition Timebased activation will expire :84194 minutesLicenseStatus: Windows®, Core edition The machine is permanently activated.Boot Mode: NormalDefault Browser: C:\WINDOWS\system32\LaunchWinApp.exeSystemDrive: C: FS: [NTFS] Capacity: [... Read more

Answer:Avast Web Shield has blocked a harmful webpage or file.... am I infected

Uninstall Spybot from your machine. Then Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.
 
Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next m... Read more

5 more replies
Relevance 56.17%

Hello. i received a prompt that my pc was under severe threat. ca you please have a look an see if clean?
Many thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:35:48, on 19/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\mg53895\AppData\Local\mhn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mi... Read more

Answer:Severe Threat Detected. please help.

10 more replies
Relevance 56.17%

Hi There,

I think my computer is infected with Trojan Horse Dropper.Generic.BHFP. It is trying to access 91.212.226.178/inst_n82.exe.

My AVG found it. But I can't heal it.

Every 5-10 minutes AVG window shows above message.

What should i do now ?
 

Answer:best-sale.us/bot.exe threat detected

i used some ortl software it cleaned it.
 

2 more replies
Relevance 56.17%

Hi
 
I am on my moms computer right now.  She wanted me to run her AVG for her because she accidentally clicked a link and I wanted to make sure nothing was wrong on the laptop.  After scanning, I found a warning from AVG suggesting that there was a new driver rootkit.  I looked on Google and found you guys at this specific link: http://www.bleepingcomputer.com/forums/t/195169/avg-found-hidden-driver/
 
I did what Buda suggested and downloaded that Malware program.  In doing so, it found nothing malicious on her laptop lol.  So now what do I do?  It should also be mentioned I restarted the laptop after AVG supposedly removed the virus (or whatever it is).  It's still there, but for some reason MalwareByte is not finding it.  What else can I do?
 
She has a laptop
Windows 7 
AVG is updated to the newest version
MalwareBytes is updated as well
 
The exact details were: 
 
"";"Hidden driver, \Device\mfeavfk01.sys";"Infected"
 
Ah, please help.  I have no idea how else to remove this.  Thanks.
 
Kristi

Answer:AVG has detected a driver threat

Welcome aboard
 
Upload the file here: https://www.virustotal.com/en/ for security check.
It looks like false positive to me. Not a stranger to AVG

1 more replies
Relevance 56.17%

I have avast.  I am getting "threat detected" with various different items.  I have run the security check and attached the file below.   Results of screen317's Security Check version 0.99.89  Windows Vista Service Pack 2 x86 (UAC is enabled)  Internet Explorer 9  Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! avast! Antivirus   Antivirus up to date!  `````````Anti-malware/Other Utilities Check:````````` SpyHunter 4    Adobe Flash Player  15.0.0.152  Adobe Reader 10.1.12 Adobe Reader out of Date!  Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````

  Also run MiniTool Box:  Results below.MiniToolBox by Farbar  Version: 21-07-2014Ran by Lisa (administrator) on 01-11-2014 at 19:07:22Running from "C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQRDNCK1"Microsoft® Windows Vista™ Business  Service Pack 2 (X86)Boot Mode: Network****************************... Read more

Answer:Threat Detected. Am I infected.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

39 more replies
Relevance 56.17%

On startup, I get a popup from AVG saying "Threat detected!" and that the film name is C:\WINDOWS\System32\drivers\tcpsr.sysUsing AVG to 'Heal' or 'Move to Vault' doesn't do anything, as the threat returns when the PC is restarted.I ran Spybot and SDFix to try and get rid of it, but it keeps returning.Spybot log:"Win32.Winlagons.co: [SBI $C599E67C] Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpsrWin32.Winlagons.co: [SBI $6A30ABB6] Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tcpsr"SDFix log:"Trojan Files Found:C:\WINDOWS\system32\drivers\tcpsr.sys - Deleted"I ran DSS.exe but it only produced a main.txt report - there was no extra.txtThe main.txt:Deckard's System Scanner v20071014.68Run by Stuart on 2008-07-03 23:52:26Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 1.7 GiB (less than 15%) free.-- HijackThis (run as Stuart.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:53:29, on 03/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.... Read more

Answer:Threat Detected - Tcpsr.sys

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.Post the fresh HijackThis log and the uninstall list in the body of your... Read more

2 more replies
Relevance 56.17%

A window popped up with this message:
Threat Detected!
File Name: C:\Windows\system32\drivers\rasptii.sys
Threat Name: Trogen horse Agent.UKR
I ran hijack this and below is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:44 PM, on 9/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Soft... Read more

Answer:Solved: Threat Detected

8 more replies
Relevance 56.17%

whenever i start up my pc, i get a spoolsv.exe-application error because of which i cannot use the MS word print option, according to google search results spoolsv.exe is a virus

I ran an avg antirootkit tool, root repeal, panda rootkit tool they don’t detect any rootkits

Whenever i run a spybot-s&d 1.6.2 scan it detects Win32.delf.uc Trojan
Whenever i run an ad-aware scan it detects 10 suspicious objects and the recommended action taken by ad-aware is allow once

Earlier whenever I used to connect my PC to the Internet, my avg 8 free
Would detect a Trojan backdoor, but now along with avg 8 free I am also
Using threatfire, so now whenever I connect my PC to the Internet my avg
doesn't detect anything but its my threatfire which gives me a potentially
unwanted threat alert according to threat fire the message displayed is "some Program is trying to inject into some other program and modify it" and the
location marked is always displayed as C:\windows\temp\vrt<with some random characters>
.tmp
Eset online scanner detects nothing

Anti malware scan doesn’t find any malware but very sometimes it finds some few Trojans

But do you know why I am more worried?????????????????????????????????

That's only becoz, recently 3 times I have found out my PC has automatically restarted, so only rarely it restarts

1. Can a virus damage my hardware and make my PC to restart automatically?
(I think my CPU usage is also increasing)
2. Can an increase in CPU... Read more

More replies
Relevance 56.17%

Firstly I'd just like to say, thanks for having such a fantastic resource avaliable. I've had a good read and this site is fantastic!My problem is similar to a lot of others posted on here. Blue desktop background with the link telling me I have spyware and a red box that pops up in the middle of my screen that i can't avoid.Task manager is disabled, McAfee, spybot and ad-aware aren't fixing anything, network access has also been disabled.Hijack this log as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:22:13 AM, on 5/04/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=auR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=auR1 -... Read more

Answer:Spyware Threat Detected

Hello monkeybot22,

Welcome to Bleeping Computer

Could I please see a HijackThis log made in Normal Mode? I can't see everything I need to see when the log is made in Safe Mode.

Thanks,
tea

14 more replies
Relevance 56.17%

My laptop had a problem with Vista Security 2012 (or something like that) and I think I got rid of it by using FixNCR.reg, RKill, MBAM.

After that MBAM scan provided clean log and while before that I couldn't do anything with the laptop (e.g. access files, Internet), after that "treatment" it went back to normal.

However, AVG full scan showed 3 infections - all with - Trojan horse Agent_r.AWW.

One of them was moved to the vault :

file c:\WINDOWS\winsxs\x86_microsoft-windows-nbsmb.....(long string of characters\smb.sys

but these 2 can't be moved - note in the results says -"object is white-listed (critical/system file that should not be removed):

file c:\WINDOWS\System32\drivers\smb.sys
file c:\WINDOWS\system32\DRIVERS\smb.sys

And now from time to time I'm getting "AVG Threat detected" message:

"File: c:\WINDOWS\System32\drivers\smb.sys
Threat: Trojan horse Agent_r.AWW.
Detected on open."

How can I get rid of this Agent_r.AWW trojan?

Thanks in advance for help.

pumex

Answer:Agent-r.AWW threat detected by AVG

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the d... Read more

5 more replies
Relevance 56.17%

Today when AVG ran it's sceduled anti-virus scan it detected a threat which it said that it deleted.
I did a Google search and someone posted on CNET that they had gotten the exact same thing (I copied the name and where it was located).
They were told there because it appeared to be in the Java cache to clear that (so I did that, too).
I am now running SpySweeper.
Is there anything else that I ought to be doing?
Thanks!
 

Answer:Solved: AVG detected threat - what else needs to be done?

Sounds like you did the right thing.

Post back if you are still having problems.
 

3 more replies