Spybot & Avast users, Attention! Jaace...please.

[drazenn]

OK,first,I have convinced myself more then once,that my joking on English classes,cheating on tests and making fun of quite well oriented English language teacher which was usually ended with expelling from classes,was one of my biggest misstakes in my schooling,and as time passing by I feel it on my skin even harder and harder.
So,I have a problem with Avast,Spybot(hopefully,it isn't pandemic because I haven't read anything about something similar in SevenForum),Malwarebytes,and few other security related things here,and I'll try to explain it with my limited English vocabular(so please,forgive me on misstakes).
It starts approximately like this:"Once upon a time.....":shock:...sorry,not Cinderella,but also "smells" like Charles Perrault,Grimm brothers or Hans Christian Andersen wrote it.
Let's start:came home,PC was on as I left it,DSL lamp blinks-internet connected,mouse move and monitor is up from stand by.
Arghhh,picture I never like to see blinks at the center of the screen,but OK,it's just report that Avast blocks some nasty parasite from the net,and require my further reaction.BTW,Avast Proffessional is running as it does all the time,Spybot is running also,Malwarebytes residental protection also running,and Windows 7(Vista) firewall is also running till we find something like ZoneAlarm smoothly runs in full win7 compatibility mode,BUT(there has to be BUT,or there is no story,right?).....
Action Center reports that Windows firewall is NOT running
OK,easy boy,we'll deal with that soon as we fix the Avast thing,so let's see what Avast has?
Avast found trojan(Win32/tralalala) in Spybot updates,and it's called:GREEKFIX.EXE ! :huh:
Once again,it is(is it?) Spybot's update:SpybotSnD(checkout "SnD",not "S&D")/updates/Greekfix.exe(is it REALLY Spybot's update??)
No matter,blah,"Move to chest" is my friend.Upss,can't process it first time so delete it(even on first reboot if necessary).:shock:Access denied???
OK,I think disconnect is necessary at the moment I think,so let's do it.
First successfull command by now.Now we should stop Spybot's Tea Timer and residental protection so we can access the process and kill it in Taskbar manager,and let Avast do it's job.Maximize Spybot from task bar first....beeeep:Access denied (code nr.5 something),and I dont have Admin rights to do this??Actually,I AM the only one who uses this PC,and this is the only account,but OK,I can still access it through desktop-run as an administrator,and kill it then.It starts to open,again message"code 5-Access denied....(something)",and a second or two after:"Windows are shutting down in a 60 seconds,please save your work",and it did shutted down without any reason!
OK,what is done,is done,maybe it'll be better after boot up,or maybe Avast will clean infected file..
Hell no!!!:mad2:
Everything boots up(almost everything) and let's see now.
1.Action Center reports that Windows firewall is down.
2.There is no Malwarebytes&Avast icons in the corner taskbar,but empty spaces instead.
3.Avast suddenly DEMANDS registration when I run it through desktop icon,even if it is normally registered,and it shows the date of expiration in "About Avast".
4.Simple UI shows automatic updates manage database only(That's not true!)
5.Avast also shows that virus recovery database(VRDB) is not done yet(You guess?)
6.More then half options are in joyfull "grey" colour and aren't accessible.
7.I run Malwarebytes scan,and guess what?Found NOTHING!
8.Managed to run SpybotS&D through desktop and "run as an administrator" option,but when tried to update,guess what?Access denied!
9.Managed to run Spybot scan,and guess what?Found NOTHING(with few days old definitions tough)and even cogratulates:roflmao:
10.Suddenly decided to install Trojan Remover,which was sitting somewhere in Setups folder,run it and here comes something new:FOUND malicious s**t,but guess what(this part you know)?Can't deal with it because it can't access the process.
11.By the time I am writing this,see some with nothing caused unusual activities,refreshings,NETWORK activity,etc.

Now I am preparing to run Avast scan if will be possible in state Avast is.

So,what do you think after I presented you just some of the simptoms which gave me reason to be concerned(from my point of view)?:huh:
Am I overreacting or maybe there really is a tiny possibillity that I am infected?

Upss,almost forgot,Jaace,please,I am lurking this Security section for a while now,and it seems that you are almost a security guru here,do you have any advice,and recommendation of online scanner?

And of course,I hope that you have understood what I was writing,and my apologies because of my bad language,but it ain't my fault,you can suspect my English teacher for that

Cheers

 

[limneos]

Hello drazen....

Give me a couple of minutes to calm my head from all these....and...here we go:

1st. Good point referring to Jaace, she does a great job.

2nd. I think you shouldn't be using 2 anti-malware resident programs in the same time, but I'm not sure you said you did, just that you also had Malwarebytes antimalware installed.

Now, let's see a few solutions:

1. Turn off UAC so that Spybot can access what it needs to access.I believe this is what is blocking it, and no, I don't think any possible infection would take advantage of turning UAC off , since probably most of the harm is done, if any.

2. Update MBAM and do a smart/quick scan again.

3. Update Spybot and scan for problems again.

4. Try all of the above in safe mode too, if you don't see any difference.

5. Last resort, get rid of Avast which is really nice indeed and works smoothly with Se7en, and try Avira instead:
Avira AntiVir Personal - FREE Antivirus

You might be surprised but it found almost 2 times more stuff than all the others did (including Avast) in times of infection.

I must mention that it is not sure you're infected.
It could be just an application crash or conflict, so try all the above, and if nothing fixes the situation, I'm leaving you to Jaace's hands.

Cheers

 

[Jacee]

Hi drazenn
From your description, it sounds like you may have a 'Backdoor Trojan', a 'Bot' that might have brought along and installed a 'rootkit'.

What was the last thing you downloaded? Was it from a P2P program/application?
Have you recently used a flashdrive to install any files on your machine?
Are you still running Win7 build 7000?

 

[drazenn]

1. Turn off UAC so that Spybot can access what it needs to access.I believe this is what is blocking it, and no, I don't think any possible infection would take advantage of turning UAC off , since probably most of the harm is done, if any.

2. Update MBAM and do a smart/quick scan again.

3. Update Spybot and scan for problems again.

4. Try all of the above in safe mode too, if you don't see any difference.

5. Last resort, get rid of Avast which is really nice indeed and works smoothly with Se7en, and try Avira instead:
Avira AntiVir Personal - FREE Antivirus

Hi,there
First of all,thank you on your spended time.Seems that I'm on good lead,but I'll wait with the party.Avast did about 40% of its job by now so I'll wait.

And yes,I am actually making misstake,and running two antimalwares simoultaneusly.Spybot to keep my startup and registry untouched mostly,and Malwarebytes because it is Malwarebytes.Yea,I know,I know,but I run them together for I don't know how long by now(since XP,according I didn't like Vista),and had never problems with compatibility.

1.I disabled UAC,but still can't update Spybot.
2.Updated MBAM,but found nothing.
3.Can't update Spybot.
4.Will give a try,of course,how could I forgot that
5.Yep,I heard so many good things about AVIRA,and actually tried it,but PRO edition with firewall,and had problems with firewall and uninstall it(If I didn't mixed Antiviruses,I think it was AVIRA)

What actually helped me?(I think and really hope it is).
As I wrote before,I installed a tiny piece of antimalware software,Trojan Remover,and that's just a shareware 30-day version.Nothing special,it isn't even nowhere in top 5 picks on software sites,but I updated it and it does its job quite well.

It found 3 rootkits and 3 processes,and marked them as malicious and in description that they have masked and hidden something(can't remeber the actual words) inside.
It cleaned them but from second shot after it requiered reboot.Thank God I didn't delete the setup after I realised that it is shareware 30-day version.
After I reboot,Avast and MBAM suddenly showed again in taskbar,and Avast didn't "behave" anymore,so I started a thorough scan.It found 4 problems and solved them by now(two of them require reboot to be cleaned completely,but I'll deal with that at the end),and it finished about 45% now.I'm pretty sure that I have never heard for them before,and I am doing malware scans daily(complete),and scanning for viruses at least once in a week or two.Two names are quite interesting:SpybotSnD.exe(not S&D) and Greekfix.exe which were found in Spybot folder.Maybe that is what Trojan Remover calls masked and hidden.
So,there is nothing more than wait,reboot again,and then run updated Spybot again if it could be possible.
Thanks everybody who wasted their time just to read this.
I'll try to finish this as I said now,and let you know the results at the end.

Cheers

 

[drazenn]

Hi drazenn

O,hi,my Godess...

From your description, it sounds like you may have a 'Backdoor Trojan', a 'Bot' that might have brought along and installed a 'rootkit'.

Just answered Limneos,Trojan Remover,one tiny piece of software,nothing representative,found some rootkits and "something" what has also "something" masked and hidden(few of each,but didn't remember the names).

What was the last thing you downloaded? Was it from a P2P program/application?

Last things I downloaded were some divx installers,and some pictures,but last last I played a poker,and watched the movie online,and had to include some add on in firefox so I can watch it online.
Apparently,last few things weren't from p2p,but I actually use p2p and torrents pretty much

Have you recently used a flashdrive to install any files on your machine?

Yes,I used a flash drive,and before that I used it in a friends pc which was recovering fom viruses 2-3 days ago,to install some software

Are you still running Win7 build 7000?

Yes
I actually have all builds burned on DVD's but I was to lazy to make clean install because first time I installed 32-bit version,and can't just upgrade it to 64-bit now.
And now,when we are less then 24 hours away to download RC from official servers,I can get that long not to install build 7100 from torrents,and save myself of always thinking about was it my version that one with trojan or not.

 

[chev65]

Honestly when I see this many programs along with obvious spam bots I can only say one thing...reinstall your Op system and start over again but be more careful where you go and what you download this time.

It will probably be faster than trying to fix all the problems you have.

 

[drazenn]

Honestly when I see this many programs along with obvious spam bots I can only say one thing...reinstall your Op system and start over again but be more careful where you go and what you download this time.

Probably I should.
Lil bit help,please?Can you give me an advice?Which two of those many(three) programs I should uninstall,because Trojan Remover is already down?
Avast-antivirus and one of the antimalwares(Spybot or MBAM),or is better to leave Avast and uninstall both antimalwares?

It will probably be faster than trying to fix all the problems you have.

Yep,probably it will.
Cheers

 

[Jacee]

I agree with Chev65. A clean install of Win RC 7100 should help your situation.

Last things I downloaded were some divx installers,and some pictures,but last last I played a poker,and watched the movie online,and had to include some add on in firefox so I can watch it online.
Apparently,last few things weren't from p2p,but I actually use p2p and torrents pretty much

Were these divx installers, such as some type of 'codecs'?
You definitely have to watch what you're downloading .... so many fake things to download to watch a movie or play a game or clean up viruses and such, can lead you to one heck of a nasy infection.

Yes,I used a flash drive,and before that I used it in a friends pc which was recovering fom viruses 2-3 days ago,to install some software

Oopsie! :shock:

Avast is free, you can keep that along with Malwarebyte's Antimalware.
Also get SpywareBlaster and SpywareGuard (both made by javacool)
SpywareBlaster and SpywareGuard:
Products
Spyware Guard is a real-time malware scanner

 

[drazenn]

Uhh,have falled in sleep

I agree with Chev65. A clean install of Win RC 7100 should help your situation.

I just rebooted and everything seems OK(I mean as it was before this incident).I got some report about cleaned files and registry keys,but forgot to save it.There was few rootkits and registry keys corrupted also.

Were these divx installers, such as some type of 'codecs'?

It was requiered on this site: NinjaVideo.net ,and then redirects you on some divx site ,and I overlooked danger because that divx installer&web helper has divx 7.0 something in its name,and I know last version of divx player is 7.0 even I don't have it.But even that is big possibility,maybe it wasn't from that site at all,I'm still not sure.

You definitely have to watch what you're downloading .... so many fake things to download to watch a movie or play a game or clean up viruses and such, can lead you to one heck of a nasy infection.

Yes,I know,I made big misstake somewhere.I'm not that big newb in security related things,but never got so nasty infection and my attention disappeared

Avast is free, you can keep that along with Malwarebyte's Antimalware.
Also get SpywareBlaster and SpywareGuard (both made by javacool)
SpywareBlaster and SpywareGuard:
Products
Spyware Guard is a real-time malware scanner

Thank you very much,Jacee.I was bit sarcastic one post earlier.I know that I have to have antivirus and at least one residental and one on demand scanner,in case first one let something in.Never even had in mind to get rid of Avast,and that is Avast professional,and it serves me quite well.

But antimalwares are on the other side.I think I tried them all in every possible combination,and thought that MBAM & Spybot are the real deal,but apparently are not.I think I collected and have almost all antimalwares and antiviruses(and if there is possible choice between free & pro version,I definitely have payed pro version).I have Spyware Blaster & Spyware Guard setups somewhere also,but they definitely need to be updated.I'll try Spywareguard as a residental real time scanner in my RC installation,which I am going to download from the official Microsoft site right about now,or in day or two when this rush is over if servers are overloaded.

Once again,thank you all just for reading this.

Cheers

 

[limneos]

Hello again drazenn

I will only quote my suggestion for Avira Antivir Personal Edition Free.

I particularly suggested this one and not the PRO for 2 reasons:

1. It's free , no need to get a cracked version or buy it. Still it protects in an amazing scale.

2. There is no firewall included in this version. It has been checked with Windows 7 and works perfectly.

I would also like to suggest not to run any other firewall program as Windows 7's built-in firewall is more than enough.

Cheers

 

[RST101]

Yes Avira free edition is ALL that you will ever need, been running it for ages and the baby catches anything that comes within one hundred yards of this doorstep. See em of lad.......

Custom install + Avira an you cant go wrong.