Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Malware block messages - please help remove them! [Solved]

avast malware

  • This topic is locked This topic is locked

#1
dalexan

dalexan

    Member

  • Member
  • PipPip
  • 13 posts

Please help!  I'm helping a friend clean up what I suspect are multiple malware infections - Avast keeps blocking them but I don't know how to identify all of them and remove them.  I've downloaded FRST and attached the log files.

 

Thanks in advance for the help!

 

Devona

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you also appear to have Kaspersky installed. This is the one time when more is not better, I would highly recommend that you uninstall one of them

This will take at least one further run to clean

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#3
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thanks for the fast response - I'll run this fix this afternoon after I get off work.

 

Before I do, however - do you recommend removing Kaspersky before running this fix or after?  I have its service disabled so it's not currently running.

 

Thanks!


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The choice is yours but I would suggest before :)
  • 0

#5
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Attached File  Fixlog.txt   73.04KB   148 downloads

 

 

 

Okay - I removed Kaspersky then rebooted.  I've also completed the rest of these instructions, and have attached the log files.

 

I've rebooted the PC several times, and it does seem to be running better.  I'm not getting as many Avast warnings -  but am still occasionally getting them.  

 

Thanks for your help on this!

 

Devona

 

 

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I need to search for a replacement file before we can complete
  • Double click OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    /md5start
    rpcss.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window.

  • 0

#7
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here's the log file from OTL - thanks!

 

Attached Files

  • Attached File  OTL.Txt   99.86KB   134 downloads

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK found one.  Could you let me know how the computer is after this

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll|c:\windows\system32\rpcss.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I've rebooted several times, been using the computer, seeing if I can get the messages to re-appear - and NO MORE MESSAGES ARE COMING UP!  Yippee - yeah!!!!

 

Thanks so much!

 

I've attached the file, just in case there's something else that needs to be addressed.

 

 

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a final sweep for orphans and you should be good

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
  • 0

#11
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay - ran the scan; found two items that were quarantined.  Unfortunately, the option to view detailed log and download isn't available after a reboot (option was only available before).  However, I did find these two log files; I'm hoping that one of them is what you're looking for.

 

 

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK before I tidy you up..... Any further problems ?


  • 0

#13
dalexan

dalexan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

No - computer is running great!


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Download and run Delfix

delfix.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: avast, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP