Solved Virus stops anti-virus from updating

November 30, 2011 at 02:03:02
Specs: Windows Vista , 1GB
Hi guys,

Got a bit of an issue. I opened a .exe that did nothing - or so it seemed... A few minutes later the laptop slowed to a crawl and I knew it was some sort of virus/worm/trojan. Shut down and restarted in safe mode with networking immediately I deleted the .exe from the drive then installed MalwareBytes and SpyBot Search and Destroy to do a search as well as Avast...

Now the thing is - the software installs fine - but when it comes to update the databases it returns a networking error and won't update. I scanned using MWB and SpyBot but it returned nothing.

I get the feeling that the software is blocking the update of the database and also hiding itself somehow.

When I start the machine normally - I get to log in, but nothing opens and all I get is the working spinning circle thing Vista has.

Any ideas guys? Any help would be apprecated.


See More: Virus stops anti-virus from updating

Report •

✔ Best Answer
November 30, 2011 at 15:10:15
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,


O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

How do you know when a politician is lying? His mouth is moving.



#1
November 30, 2011 at 05:59:49
Run hijack this & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
November 30, 2011 at 06:11:41
I will do - do you have any requirements for the log? E.g. upload to an external hosting site or is a copy/paste of the log enough?

Report •

#3
November 30, 2011 at 06:30:09
Copy & paste is ok. pastebin is ok too.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
November 30, 2011 at 10:13:24
Hey

Bit of an UPDATE - had an issue because the internet is only working in safe mode - I get no access to any websites when I start up normally.

Here is the log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:11, on 30/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\M2I\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\M2I\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\M2I\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eo...
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Security\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Security\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4573 bytes


Report •

#5
November 30, 2011 at 15:10:15
✔ Best Answer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,


O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

How do you know when a politician is lying? His mouth is moving.


Report •

#6
December 1, 2011 at 00:42:24
Hey,

Thanks for getting back - but I am unsure what I should do with the information you have given.

Should I use Hijack This to remove them from the list?

Again, thanks!


Report •

#7
December 1, 2011 at 01:08:29
Yes, that's what guapo means. Incidentally, you seem to have Avast and Comodo Security on your system - have you tried running a scan with either of those?

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd


Report •

#8
December 1, 2011 at 01:18:52
Thanks John,

Yes - I have done a full scan with Avast, MalwareBytes and SpyBot but they don't seem to find anything. Also - because once installed they will not update they are using old data bases so I am not sure if that's the problem. I am at work just now so I will try this when I get home and report back.

As for Comodo - I uninstalled that when I installed Avast - is there a reason it might still be around?


Report •

#9
December 1, 2011 at 04:06:31
It's listed in the HijackThis log so obviously hasn't uninstalled completely. You can download updates for malwarebytes as an executable file from HERE, on another machine and then run it on the poorly one to update it, you may be able to do the same with Avast but not too sure.

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd


Report •

#10
December 1, 2011 at 05:22:38
Thanks for your help - deleting / fixing those entries in the HijackThis log has helped and it turns out that Comodo was still installed - its possible I never completed the install.

All in all problem solved - great servce here! Managed to download an update for Avast and running a search now.


Report •

#11
December 1, 2011 at 06:05:17
It's worth running Malwarebytes anyway - it finds things that other programs don't.

"I've always been mad, I know I've been mad, like the most of us..." Pink Floyd


Report •

Ask Question