[Nedklaw]

Hi.

You need to attach sysinfo.zip to your next reply. You can do this by finding the Attachments section below the Post box.

• Click on the Browse button.
• Find C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\AVZ\sysinfo.zip.
• You then need to click Attach This File.
• Then click the Add Reply button.

[Advertisements]

Sorry about the delay. The file wasn't showing up when I clicked "browse" to attach and after spending an embarassing amount of time trying to find it, I realized I could just copy it and paste it to the desktop, then attach it from there. I'm not the sharpest tool in the shed... which is why I need your help.


Thanks,
Teresa

Attached Files

•  sysinfo.zip   15.86KB   318 downloads

[drmandich]

Sorry about the delay. The file wasn't showing up when I clicked "browse" to attach and after spending an embarassing amount of time trying to find it, I realized I could just copy it and paste it to the desktop, then attach it from there. I'm not the sharpest tool in the shed... which is why I need your help.


Thanks,
Teresa

Attached Files

•  sysinfo.zip   15.86KB   318 downloads

[Nedklaw]

Hi.


Step 1

• Launch Kaspersky.
• Click the Support link in the down left part of the window.
• Click Support Tools in the down left part of the Support window.
• Click the button Execute AVZ script.
• Copy and paste the text below into the Specify script to execute field.
  
  

  begin
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
  BC_DeleteFile('C:\Program Files\Grisoft');
  DeleteFile('C:\Program Files\Grisoft');
  BC_DeleteFile('C:\WINDOWS\system32\MsSip1.dll');
  DeleteFile('C:\WINDOWS\system32\MsSip1.dll');
  BC_DeleteFile('C:\WINDOWS\system32\MsSip2.dll');
  DeleteFile('C:\WINDOWS\system32\MsSip2.dll');
  BC_DeleteFile('C:\WINDOWS\system32\MsSip3.dll');
  DeleteFile('C:\WINDOWS\system32\MsSip3.dll');
  RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1','$DLL');
  RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2','$DLL');
  RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3','$DLL');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

• Click the Next button.
• Wait until the work of the AVZ utility is over.
• Click Finish.
• Close all windows.

Step 2

• Launch Kaspersky.
• Click the Support link in the down left part of the window.
• Click Support Tools in the down left part of the Support window.
• Click the button Create system state report.
• Wait until the report is formed.
• Close all windows.

Once your system has been analysed, click on "View" in order to open the logfile location.
The logfile should be located in C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\AVZ folder and will be called sysinfo.zip. Please find this file, and attach it to your next post.


Step 3

After performing Steps 1 and 2 do you still have the internet problem? Can you now update Kaspersky?


Things I want to see in your next reply

• sysinfo.zip
• Update on problems

[drmandich]

Hello,

I still can't update Kaspersky, and I still need to run the diagnostic to connect to the internet after a restarts. I followed your instructions and have attached the new version of sysinfo.zip.

Thanks again,
Teresa

Attached Files

•  sysinfo.zip   15.56KB   280 downloads

[Nedklaw]

Hi.


Step 1

Delete this folder, C:\Program Files\Grisoft and empty it from your Recycle Bin.


Step 2

Do you have your activation code for Kaspersky handy?
It is a unique set of characters that comes in 4 blocks of 5, separated by a hyphen. Each block comprises of 5 characters which can be a combination of letters and numbers, which comes to a total of 20 characters (XXXXX-XXXXX-XXXXX-XXXXX).

Application box versions

The activation code for all box versions or products bought from retail stores can be found printed on the CD sleeve. European box products will have the code on the Quick Start Guide which is included in the box.

If you have purchased a DVD-box version of Kaspersky Internet Security 2011, the activation code can be found printed on the inner part of the left cover.

Application purchased via E-Store

If you have purchased Kaspersky Internet Security 2011 via E-Store, the activation code will be sent to you via e-mail you have specified when making the order.



Things I want to see in your next reply

• Answer to question

[drmandich]

I deleted the file that you asked me to and yes, I do have the activation code for Kaspersky.

[Nedklaw]

Hi.
I'm going to get you to uninstall then reinstall Kaspersky. Could you tell me after reinstalling Kaspersky if you can update the program.


Step 1

Please follow the procedure below to uninstall Kaspersky Internet Security 2011:

• In order to avoid incorrect uninstallation, exit from the application:
  
  • Right-click the K icon on the left bottom right hand corner of the desktop (in the Taskbar notification area).
  • Select Exit.
  
  
  
• Remove the application using the Setup Wizard. To do this, perform the following:
  
  • Click Start.
  • Click All Programs.
  • Choose Kaspersky Internet Security 2011.
  • Click Repair or Remove.
  
  
  
• Click on the Remove icon on the Setup Window.
• You will then be given two options:
  
  • Select the following option: Save application objects
  • Make sure the following box is checked: Activation data
• Click next to confirm and proceed with the uninstallation process.
• Wait until the program files and registry keys are removed.
• It is necessary to uninstall the application system drivers correctly. This is possible once the uninstallation process is complete. It is therefore important to restart the machine in order to complete the uninstall process. A restart can be performed immediately after the procedure. This option is presented after the program features you have selected have been removed. Another option is to delay the restart of the computer, this can be done manually later on.

Step 2

Follow the instructions here to reinstall Kaspersky.


Things I want to see in your next reply

• Answer to my question

[drmandich]

I reinstalled Kaspersky and am still unable to update it.

[Nedklaw]

Hi.
Try disabling your firewall temporarily to see if it affects Kaspersky's updates.

[drmandich]

I think Kaspersky is updating. I'm not getting the same result when I open the main window. It used to say that I might not be protected and offer me a "fix it now" option. However, I'm still getting the little yellow triangle on the K icon at the bottom of my screen. I'm not sure why that is, so I took a screen shot of what it tells me when I mouse over it, as well as a screen shot of the Kaspersky window after I updated. It says the database is obsolete, but it list today as the release date. This is confusing me. I'm not sure if I'm up to date or not.

Thanks.
Teresa

Attached Thumbnails

• 
• 

[Nedklaw]

Hi.


Step 1

Lets allow Kaspersky through the firewall.

• Click Start then click Control Panel.
• Click Security Center.
• Select Windows Firewall.
• Click on the Exceptions tab.
• Click on the Add Program button.
• Click on Kaspersky Internet Security 2011.
• Finally, click OK then OK again.

Step 2

After restarting your computer, does the yellow triangle still appear on the Kaspersky icon?
After updating Kaspersky manually, does it still say the database is obsolete?


Step 3

• Run Malwarebytes' Anti-Malware.
• Update Malwarebytes' Anti-Malware.
• Once the program has updated, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 4

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start.
• When asked, allow the ActiveX control to install.
• Click Start.
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
• Click Scan. (This scan can take several hours, so please be patient).
• Once the scan is completed, you may close the window.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

• Answer to my questions
• MBAM Log
• log.txt

[drmandich]

I actually had the Windows Firewall disabled, but followed your directions anyway. I was not able to add Kaspersky as an exception. I'm attaching a screen shot with the error message. Do you want me to continue on with the other steps anyway?

Attached Thumbnails

• 

[Nedklaw]

Yes, you can do for now.

[drmandich]

I ran Malwarebytes and ISET, as you suggested and both came up with no threats. It was when I was searching for log.txt that I realized it had the created date as "Today, November 10, 2011". I corrected the date and the obsolete warning disappeared. I think that Kaspersky was probably fixed when we reinstalled it last week, but somehow the date got changed, so I was still getting the little yellow triangle. I am so sorry to have wasted the last week or so of your time. Kaspersky appears to be completely fixed. I really appreciate all of your help.

Internet Explorer is still not connecting automatically, but this is just an inconvenience compared to the antivirus issue. If you have any additional suggestions for this problem, I'd appreciate them... but if not, I'm more than happy with the help you provided for my Kaspersky problem.

Again, thank you so much!
Teresa

[Nedklaw]

Hi.
You could visit the forum here and start a new topic to see if one of the Techies could help you with your internet problem.


Congratultions your logs look clean!
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Cleanup

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands 
  [purity] 
  [resethosts] 
  [emptytemp] 
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS] 
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
• Close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, press the CLEANUP button.
• Say Yes to the prompt and then allow the program to reboot your computer

Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

• Click on Start.
• Right-click My Computer.
• Select Properties.
• Click on the Automatic Updates Tab.
• Place a checkmark in the circle next to Automatic (recommended) near the green shield.
• Click Apply > OK.

Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

• Open Adobe Reader.
• On the menu bar click on Help then Check For Updates.
• The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.0.1.152) and Adobe Shockwave Player (11.6.1.629) so you can view all of the latest content on websites.


Make Internet Explorer more secure

• Click Start > Run.
• Type Inetcpl.cpl & click OK.
• Click on the Security tab.
• Click Reset all zones to default level.
• Make sure the Internet Zone is selected & Click Custom level.
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:

Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!!