Unable to load antivirus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by knownada, Jul 14, 2008.

  1. knownada

    knownada Private E-2

    Wednesday I couldn't get Windows Explorer to work and kept getting error message about couldn't write to xxx so did a restore. Now can't load any Antivirus. After restore I kept getting "access denied" so couldn't get in to C:\programs. Had to change admin rights in safe mode but still couldn't load AV, although now can load anything else. Manually removed old Norton and Grisoft files but no joy, can't load any AV and I have tried to install AVG free and PCTools AV but neither can finish install process without some error. I have no antivirus program running now.
    My hard disk needed a good cleaning so did that and ran malware removal procedure. It looked clean but I don't know if I have anything, I can't interpret the logs.

    Thanks for looking!
     

    Attached Files:

  2. knownada

    knownada Private E-2

    Here's the other log. Thanks!
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your problems do not appear to be related to malware. It is more like due to problems within your Window Opearting System. Perhaps registry corruption. You need to stop randomly installing things, especially antivirus program because you could just be making things worse. Antivirus programs can create many registry entries and you have installed a bunch of them and they all may have left many things laying around. You really need to work this issue in the Software Forum but I will get you started with a few things.

    First uninstall PC Tools Antivirus since it does show as installed even though it may not have installed properly.

    Now uninstall SUPERAntiSpyware since we are finished with it.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

    After clicking Fix, exit HJT.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run Ccleaner to clean temp files.
    • Then also select Issues and then click the Scan for Issues button.
    • When it finishes DO NOT just simply Fix everything!!! Right click in the results area and select Deselect All
    • Now slowly go thru the list (there may be a lot) and find all items related to AVG, PC Tools, Symantec...etc for all antivirus programs you may have installed at some time.
    • Select all of these and then click Fix selected issues...
    • Make sure you say Yes to the Do you want to backup changes to the registry? prompt and let it save the backup cc_2008xxxxxxx.reg file. (xxxxxxx is based on the date and time when saved).
    • It may prompt you again with messages about the things being fixed. Just click Fix All Selected Issues.
    Now click Start, Run, and enter sfc /scannow in the run box and click OK. There is a space after the sfc. This may ask for your Windows CD, so have it ready. Tell me if it does ask for your CD.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Again do not install anything yet. I want to see your log and I want you to tell me how the above steps went. Explain any error message or problems in detail. Include exact word for word error messages if you get any.
     
    Last edited: Jul 15, 2008
  4. knownada

    knownada Private E-2

    Chas, here is how it went.

    1st, uninstalled remnant of PC Tools AV. No problem. Then tried to uninstall SUPERAntispyware and had a problem, got this error message:

    "Error 1309 Error reading from Files\SuperAntiSpyware\detect.wav. Verify that the file exists and that you can access it."

    I went out and found the file and could play it - don't know what the problem was. I decided to leave SUPERAntispyware alone and went on with the rest of the instructions.

    Everything else went as it should - registry addition was successfully entered. I followed the rest of the steps and sfc /scannow ran without asking for the CD.

    The logs are attached. Thanks for your help!
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you find things to remove with CCleaner under the Scan for Issues selection? Did you get them all cleaned up?
     
  6. knownada

    knownada Private E-2

    Yes, sorry I didn't put that in my reply. I found a couple things related to Norton and a couple AVG things. I cleaned them up. I haven't tried to load antivirus.

    Thank You!
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay now follow the steps below in the order written;

    1. download this: AntiVir Personal Edition do not install yet
    2. unplug your cable to the internet
    3. shutdown your firewall
    4. install AntiVir
    5. reboot your PC (which should reactivate your firewall) and also as it is rebooting reinsert your cable to the internet
    6. get any updates for AntiVir and make sure you allow Antivir to work thru your firewall.
    Did it install properly? Does it run?
     
  8. knownada

    knownada Private E-2

    Chaslang,

    I downloaded and installed AntiVir per the instructions. It seemed to install properly and I got a successful installation message. However, when I tried to update I would get this message:

    "The following error occurred when trying to start the update:

    scheduler not loaded".

    I could see and configure the scheduler but I could not get an update using any of the settings.

    I also could not enable the "guard" setting. The option "antivir Guard enable" was grayed out and I couldn't get the guard working.

    I was able to run a scan with the definition file that downloaded with the program - it found a couple things (partial log attached). It seems like I still have some issues.

    Thanks for your time.
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but not with the things in that log. One is just a component of Spybot and the others are things you downloaded and are not issues. If you don't need the below then just delete them if AntiVir did not already quarantine them.

    C:\My Games\Posh Boutique\PoshBoutique.exe
    C:\Program Files\RngInterstitial.dll

    And the below is probably for a game you installed and would need to uninstall to really remove. Right now, the game may be broken if AntiViru actually removed the file.
    C:\Program Files\Diego`s Dinosaur Adventure\bfgt_silent_en.exe



    As stated earlier, your problems do not appear to be malware related. It appears that you have some kind of registry corruption or some other problem within your OS that is causing issues with installing programs. I suggest that you try creating a new user account with administrator priviledges. Then reboot (make sure you reboot) and then login to this new user account. See if you can reinstall AntiVir in this account and get it to update and run properly.
     
  10. knownada

    knownada Private E-2

    Hey chaslang,

    I tried the new user account and reloaded the AntiVir but the results are still the same. Is it time to re-format the drive and reinstall the OS?

    Thanks,
    knownada
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to say.... but yes! Since there are no remaining malware issues, it would be best to just start with a clean PC since the problems appear to be within the OS anyway.
     
  12. knownada

    knownada Private E-2

    Thanks for your help; I really appreciate it. I would have had no clue without it.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds