You are not logged in.

Wednesday, April 16th 2014, 9:21am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "segumpal_tanah" started this thread

Date of registration:
Feb 3rd 2010

  • Send private message

1

Wednesday, February 3rd 2010, 3:12am

AntiVir Guard - Unknown & Online Protection - Disabled. What should I do?

Hi, guys!

I've just purchased the Premium Security Suite yesterday and it worked just fine at the beginning. I managed to do an update and did a complete system scan. However, when I opened up the main dialog I noticed that the AntiVir Guard status is 'unknown' and the Online protection has been disabled (Refer attached image). I tried to manually enable it but to no avail.



Then I decided to get tech support from the avira website but the page just wouldn't load. This is strange considering that I have no problems opening other websites except for avira's. By the way, I'm using my office's PC. That's why I'm able to get here.

Can you tell me what's the problem and how to solve it?


Thanks.

  • "Alexandru Frigioiu" has been banned

Date of registration:
Dec 8th 2008

Operating System:
XP and VISTA

  • Send private message

2

Wednesday, February 3rd 2010, 8:15am

Hi,
I need a HiJackThis log. from the PC with the problem.

  • "segumpal_tanah" started this thread

Date of registration:
Feb 3rd 2010

  • Send private message

3

Friday, February 5th 2010, 3:16am

Thanks for replying!

Anyway, I've installed HijackThis as instructed but the program wouldn't work. It closes by itself immediately after launching it.

Then I installed other spyware programmes such as Malwarebyte's Anti-Malware & Spybot but all of them closes immediately after launching. Just like HijackThis. What is going on?

I read on the various forums that this is caused by a vicious virus/trojan/malware which automatically closes any antivirus/spyware/malware programs. It prevents browsers from visiting antivirus websites too (like Avira.com). Is this true?

Because of this, I'm unable to provide you with a log from HijackThis. Is there any other way to solve this?

I'm considering formating my PC but would it solve the problem? Or would the virus/trojan/malware sneak into my PC again?

p/s: Oh, I'm using Windows XP Service Pack 2 if it helps.

avon

Community member

Date of registration:
Apr 15th 2008

Version:
Avira Antivirus Suite

Operating System:
Windows 8.1 Pro 32bit & Win XP Home SP3 32bit

  • Send private message

4

Friday, February 5th 2010, 6:58am

....
Then I installed other spyware programmes such as Malwarebyte's Anti-Malware & Spybot but all of them closes immediately after launching. Just like HijackThis. What is going on?

I read on the various forums that this is caused by a vicious virus/trojan/malware which automatically closes any antivirus/spyware/malware programs. It prevents browsers from visiting antivirus websites too (like Avira.com). Is this true?
.....

Hi segumpal_tanah,
Regarding MBAM downloading & installation, please try this:

Quoted

Post#22
Try installing MBAM again but rename the install setup file as install.exe. MBAM can be installed in safe mode and run, reboot windows and tap F8 key as windows boots just before the Windows logo appears. If this does not work make a copy of the MBAM file from the C:\Program Files\Malwarebytes' Anti-Malware folder (it has the MBAM logo) and rename it and then try and run it.
http://forum.avira.com/wbb/index.php?pag…4035#post894035

Quoted



Please try also this:
Conficker: Check to see if you are infected

http://www.confickerworkinggroup.org/wiki/

Conficker Removal Tools

avon.

This post has been edited 3 times, last edit by "avon" (Feb 5th 2010, 7:01am)


  • "Alexandru Frigioiu" has been banned

Date of registration:
Dec 8th 2008

Operating System:
XP and VISTA

  • Send private message

5

Friday, February 5th 2010, 8:53am

Hi,

Quoted

p/s: Oh, I'm using Windows XP Service Pack 2 if it helps.

Service pack 3 is available from a long time, for security reasons you should install it.

Quoted

I'm considering formating my PC but would it solve the problem? Or would the virus/trojan/malware sneak into my PC again?

If you choose this option, then the best option would be to connect to the internet after you install Avira and perform a manual update (you can copy the Avira setup, HBEDV.key and ivdf file from another PC to a removable drive).

  • "segumpal_tanah" started this thread

Date of registration:
Feb 3rd 2010

  • Send private message

6

Tuesday, February 9th 2010, 2:23am

For some unknown reason I can get HijackThis to run. Here's the log like you've asked for:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:30, on 09/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 68.235.209.253 msnfix.changelog.fr
O1 - Hosts: 68.235.209.253 www.incodesolutions.com
O1 - Hosts: 68.235.209.253 virusinfo.prevx.com
O1 - Hosts: 68.235.209.253 download.bleepingcomputer.com
O1 - Hosts: 68.235.209.253 www.dazhizhu.cn
O1 - Hosts: 68.235.209.253 foro.noticias3d.com
O1 - Hosts: 68.235.209.253 www.spybotupdates.com
O1 - Hosts: 68.235.209.253 club.myce.com
O1 - Hosts: 68.235.209.253 www.k7computing.com
O1 - Hosts: 68.235.209.253 softwaresecuritysolutions.com
O1 - Hosts: 68.235.209.253 www.nabble.com
O1 - Hosts: 68.235.209.253 lurker.clamav.net
O1 - Hosts: 68.235.209.253 lexikon.ikarus.at
O1 - Hosts: 68.235.209.253 research.sunbelt-software.com
O1 - Hosts: 68.235.209.253 www.virusdoctor.jp
O1 - Hosts: 68.235.209.253 www.elitepvpers.de
O1 - Hosts: 68.235.209.253 guru.avg.com
O1 - Hosts: 68.235.209.253 downloads.sophos.com
O1 - Hosts: 68.235.209.253 share.skype.com
O1 - Hosts: 68.235.209.253 myantispyware.com
O1 - Hosts: 68.235.209.253 www.computerhilfen.de
O1 - Hosts: 68.235.209.253 www.superuser.co.kr
O1 - Hosts: 68.235.209.253 ntfaq.co.kr
O1 - Hosts: 68.235.209.253 v.dreamwiz.com
O1 - Hosts: 68.235.209.253 cit.kookmin.ac.kr
O1 - Hosts: 68.235.209.253 forums.whatthetech.com
O1 - Hosts: 68.235.209.253 forum.hijackthis.de
O1 - Hosts: 68.235.209.253 avg.vo.llnwd.net
O1 - Hosts: 68.235.209.253 ftp.drweb.com
O1 - Hosts: 68.235.209.253 www.zonealarm.com
O1 - Hosts: 68.235.209.253 smadaver.com
O1 - Hosts: 68.235.209.253 support.emsisoft.com
O1 - Hosts: 68.235.209.253 www.huaifai.go.th
O1 - Hosts: 68.235.209.253 www.mostz.com
O1 - Hosts: 68.235.209.253 www.krupunmai.com
O1 - Hosts: 68.235.209.253 www.cddchiangmai.net
O1 - Hosts: 68.235.209.253 forum.malekal.com
O1 - Hosts: 68.235.209.253 tech.pantip.com
O1 - Hosts: 68.235.209.253 sapcupgrades.com
O1 - Hosts: 68.235.209.253 www.elguruinformatico.com
O1 - Hosts: 68.235.209.253 forums.avg.com
O1 - Hosts: 68.235.209.253 zastita.com
O1 - Hosts: 68.235.209.253 support.kaspersky.com
O1 - Hosts: 68.235.209.253 www.247fixes.com
O1 - Hosts: 68.235.209.253 forum.sysinternals.com
O1 - Hosts: 68.235.209.253 forum.telecharger.01net.com
O1 - Hosts: 68.235.209.253 sophos.com
O1 - Hosts: 68.235.209.253 foros.softonic.com
O1 - Hosts: 68.235.209.253 avast-home.uptodown.com
O1 - Hosts: 68.235.209.253 dr-web-cureit.softonic.com
O1 - Hosts: 68.235.209.253 heavenward.ru
O1 - Hosts: 68.235.209.253 forum.smadav.net
O1 - Hosts: 68.235.209.253 www.forum.kaspersky.com
O1 - Hosts: 68.235.209.253 www.f-secure.com
O1 - Hosts: 68.235.209.253 www.chkrootkit.org
O1 - Hosts: 68.235.209.253 diamondcs.com.au
O1 - Hosts: 68.235.209.253 www.rootkit.nl
O1 - Hosts: 68.235.209.253 www.sysinternals.com
O1 - Hosts: 68.235.209.253 z-oleg.com
O1 - Hosts: 68.235.209.253 espanol.dir.groups.yahoo.com
O1 - Hosts: 68.235.209.253 ftp01net.telechargement.fr
O1 - Hosts: 68.235.209.253 modelayu.com
O1 - Hosts: 68.235.209.253 vaksin.com
O1 - Hosts: 68.235.209.253 bbs.kaspersky.com.cn
O1 - Hosts: 68.235.209.253 www.castlecrops.com
O1 - Hosts: 68.235.209.253 www.misec.net
O1 - Hosts: 68.235.209.253 safecomputing.umn.edu
O1 - Hosts: 68.235.209.253 www.antirootkit.com
O1 - Hosts: 68.235.209.253 www.greatis.com
O1 - Hosts: 68.235.209.253 ar.answers.yahoo.com
O1 - Hosts: 68.235.209.253 www.elhacker.org
O1 - Hosts: 68.235.209.253 research.pandasecurity.com
O1 - Hosts: 68.235.209.253 www.tpu.ro
O1 - Hosts: 68.235.209.253 www.pinoyden.com
O1 - Hosts: 68.235.209.253 forum.avira.de
O1 - Hosts: 68.235.209.253 www.rootkit.com
O1 - Hosts: 68.235.209.253 www.pctools.com
O1 - Hosts: 68.235.209.253 www.pcsupportadvisor.com
O1 - Hosts: 68.235.209.253 www.resplendence.com
O1 - Hosts: 68.235.209.253 www.personal.psu.edu
O1 - Hosts: 68.235.209.253 foro.ethek.com
O1 - Hosts: 68.235.209.253 foro.elhacker.net
O1 - Hosts: 68.235.209.253 download.zonealarm.com
O1 - Hosts: 68.235.209.253 spywarehammer.com
O1 - Hosts: 68.235.209.253 www.codelain.com
O1 - Hosts: 68.235.209.253 www.thaicert.org
O1 - Hosts: 68.235.209.253 vil.nail.com
O1 - Hosts: 68.235.209.253 search.mcafee.com
O1 - Hosts: 68.235.209.253 wwww.mcafee.com
O1 - Hosts: 68.235.209.253 download.nai.com
O1 - Hosts: 68.235.209.253 wwww.experts-exchange.com
O1 - Hosts: 68.235.209.253 www.bakunos.com
O1 - Hosts: 68.235.209.253 www.darkclockers.com
O1 - Hosts: 68.235.209.253 www2.gmer.net
O1 - Hosts: 68.235.209.253 ariefew.com
O1 - Hosts: 68.235.209.253 www.emsisoft.com
O1 - Hosts: 68.235.209.253 forum.romeonet.ro
O1 - Hosts: 68.235.209.253 www.Merijn.org
O1 - Hosts: 68.235.209.253 www.spywareinfo.com
O1 - Hosts: 68.235.209.253 www.spybot.info
O1 - Hosts: 68.235.209.253 www.viruslist.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe
O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9131 bytes

  • "Alexandru Frigioiu" has been banned

Date of registration:
Dec 8th 2008

Operating System:
XP and VISTA

  • Send private message

7

Tuesday, February 9th 2010, 9:23am

Hi,
Fix these entries using HiJackThis - check the entries and press "Fix checked":
O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe
O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete these files if found:
O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe
O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\Documents and Settings\Bang Tong & Cik Put\imPlayok.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Empty the Recycle Bin.

Update Avira, boot in safe mode and perform a complete system scan.