System Security Issue

Solved/Closed
Kandiek - Feb 5, 2011 at 09:56 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Feb 16, 2011 at 04:18 PM
Hello,

I use a Windows 7 Home Basic desk top computer and I don't really know much about the technical side of computers however I bought my computer with Avast version 4 already installed and recently I kept getting a pop-up that said that I needed to upgrade to version 5.

I was able to remove the old version and install the newer version however about a week and a half later I turned on my computer but it was saying I had no internet connection. I however was able to play Ares and I had linked an online hip hop music site to it and I had no problems receiving and hearing the music.

I remembered a few weeks back that I had trouble with my speaker. I could hear nothing on the web however I could hear when Avast gave a verbal notification of a virus update. So I went on Google and found I could do a System Reset which solved the issue.

I did the same thing this time and I got back the internet with no problems however I wondered if it would affect the recent Avast download however it did not remove it. But a day later when I logged onto my computer, it was saying that I did not have an anti-virus program on my PC even though I got my daily Avast updates and it says that it's working normally.

I did not attempt any recent system scans with the updated version however but I'm wondering if it's possible that I will still have the Avast icon but it would not work if I did get an infection on my PC.

My system is also routinely scanned by McAfee and when I get that pop-up and it does it's quick scan, it also says I don't have any virus protection on my computer. I now have a permanent red flag to the bottom right of my screen that says that I need to download a virus protection online.

I don't know what to do at this point. Please help. I love my computer so much. I worked so hard to be able to buy it. It's only 7 months old. I don't want anything happening to my baby :)

I would appreciate any advise. Thankyou!

4 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 6, 2011 at 04:38 AM
Greetings

You issue can probably be solved quickly but I would like to see what is in your system first.

Please download, install and request a scan and save a log. Copy the log and post it here.


http://free.antivirus.com/hijackthis/

Regards
0
Thankyou so much again! I did the scan and it found over 30 items!! I was awe struck, I thought I was being so careful. I deleted all the viruses and adware (mostly click potato) and I was promted to re-start to complete the process which I did. Should I launch it again and have it scan a 2nd time?

....and just one more quick question. I had McAfee site advisor installed which comes in so useful when I browse the web as it lets me know which sites potentially has a virus. If I choose to keep Avast and remove McAfee, will I need to also remove the site advisor?

....oh, I'm not a Gone with the Wind type of girl, more like Project Runway or something like that :] You're an angel. Keep up the good work!!
0
Hi Ambucias,

Thankyou so much for your response! Here are the details of the scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:55 PM, on 2/6/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Feenixx1\Desktop\Ares\Ares.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://downloads.phpnuke.org/en/search-results?q=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ClickPotatoLiteSA] "C:\Program Files\ClickPotatoLite\bin\10.0.523.0\ClickPotatoLiteSA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.2.18\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [ares] "C:\Users\Feenixx1\Desktop\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 6, 2011 at 03:59 PM
Hello Kandiek

First, the bad news.

1. Your system is infected by a trojan horse

2. The amalgamation of both Avast and McAfee created a conflict. Each have their own scanning engines and they may come to scan the same files at the same time. Hence not only will they let viruses go by but cause your system to fail. Having two antiviruses is very risky and ill advised

Your solutions

1. You must first uninstall either Avast or McAfee, the choice is up to you. I would keep McAfee.

2. To destroy the Trojan Horse and send it to the glue factory:

Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

There is no need to keep Malwarebyte on your system.

Good luck
0
(sorry I posted this in the wrong box)

Thankyou so much again! I did the scan and it found over 30 items!! I was awe struck, I thought I was being so careful. I deleted all the viruses and adware (mostly click potato) and I was promted to re-start to complete the process which I did. Should I launch it again and have it scan a 2nd time?

....and just one more quick question. I had McAfee site advisor installed which comes in so useful when I browse the web as it lets me know which sites potentially has a virus. If I choose to keep Avast and remove McAfee, will I need to also remove the site advisor?

....oh, I'm not a Gone with the Wind type of girl, more like Project Runway or something like that :] You're an angel. Keep up the good work!!
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 7, 2011 at 05:50 AM
Hello Kandiek,

I am really happy for you.

Yes, you must continue the scan with Malwarebyte.

If you may keep the site advisor because it's not an antivirus application.

1. I also recommend, after uninstalling McAfee, that you clean the registry. McAfee always leaves traces even after uninstall.

Download, install and run this totally free yet very efficient registry cleaner :

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

2. Defragment your hardisk.

3. Remember to create a new restore point after you finish the task.

Best regards

P.S. Keeping the good work? This is not work, I am a volunteer like everyone else on this forum.

I am often told by my wife that I could be an Angel, but actually in mythology, Ambucias is the one who conducted hell's orchestras and commands 30 legions.:-)
0
Hi Ambucias!

I'm sorry I didn't get back to you sooner...life happened you know? I decided everything got a little too technical for me so I opted to get someone to help me out, which I think would be best, I don't want to press the wrong thing and cause anymore problems.

I did download the free registry but I didn't know what to delete. I didn't even see anything with McAfee anywhere so...yeah...best to get someone that knows a little bit more about computers.

Thankyou so much for your help. And no matter where you got your pet-name from, I still pray that you're blessed.

Thanks once again! and take care =]
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Feb 16, 2011 at 04:18 PM
You are quite welcome

God bless, so no need to wish you good luck.

You are always welcome on Kioskea.
0