BACKUP WORK LAPTOP Not Allowing Updates on SAS or MBAM, Trying to Reinstall Avast

Discussion in 'Malware Help (A Specialist Will Reply)' started by AngelsWilliam, Apr 26, 2009.

  1. AngelsWilliam

    AngelsWilliam Private First Class

    I do a rotor of antimalware: Avast, SAS, Spybot S&D, and MBAM, repeat. When I did SAS yesterday, I was told it couldn't update because my firewall was blocking it from reaching the server. This has never been an issue before because I said yes the first time it asked for permission, but I decided I'd check. Nope, it was approved.

    So, I tried again. Same message. I decided to try reinstalling the program--you know, in an effort to repair the problem. Same problem was there. I tried MBAM and it just sat there and didn't even give me an error message. It just said, "Looking for malwarebytes.org." Last ditch effort, I downloaded both programs from your site again, uninstalled them, and reinstalled them. Same issues as before.

    While I was waiting to see if MBAM connected with its update site, I opened task manager and sorted the list by name, and there was a nice little item on the list called avastsetup.exe. As soon as I saw it, though, it disappeared.

    Well...isn't that just...!#$%&*!

    Like I said, this one is in much more peril than the desktop computer, I think. I had to run SAS and MBAM with whatever database version came with the most recent versions of the programs because they wouldn't update.

    Oh, also of note: Ever since I installed SAS this time, I keep getting a WinPatrol alert that says, "Scotty...has detected a change to one of your file type associations (.url). The program currently associated with this file type is: Run a DLL as an App, Microsoft Corporation, C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %|. A change was made to use the following program for this file type: Run a DLL as an App, Microsoft Corporation, rundll32.exe ieframe.dll,OpenURL %|." Actually, the request hasn't been the same one every time, sorry. I just noticed that. I have been saying no about whether the change was ok or not. Wanted to check with you folks first because something that keeps coming up about URLs sounds really fishy to me.

    Okay, attaching my logs. IMPORTANT CORRECTION: The logs from tonight's run of SAS and MBAM didn't even record. See what I mean? Something is really screwing around with my antimalware programs. Hope you have enough to work with, here. I've given you the last recorded logs, which are from the 23rd.

    Thanks again for your help!:wave
     

    Attached Files:

    AngelsWilliam, Apr 26, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Like your other PC, you are not having malware problems. Your logs are clean.

    Every time a change is made to a program that you have approved in your firewall in the past, you will have to reapprove it. Example: Supposed you had FireFox 3.0.0.7 installed and working. When you download and install version 3.0.0.8, the firefox.exe file will have to be reapproved because the contents of the executable file have changed thus to your firewall, it is no longer the same program. This is standard operating procedure and it applies to all programs/processes you have approved in your firewall.

    Either way this is not a topic for the Malware Forum. You can discuss this more in the Software Forum it you want to.


    Your Avast antivirus program was updating.


    There is nothing wrong with your setting to this file association. It was changed to be ieframe.dll when you updated to either IE7 or IE8. It has nothing to do with SAS. Your registry entry is set like below which is normal.


    Code:
    HKEY_CLASSES_ROOT\internetshortcut\shell\open\command
<NO NAME> REG_SZ          rundll32.exe ieframe.dll,OpenURL %l
    You need to learn how to deal with WinPatrol and your firewall better. I believe you just don't know when changes are being made that you need to allow like when you are installing or updating programs. Example: If you install a program, it will always need to make some modifications to the registry, if your protection software pops up and states something about a "change to the registry being detected" you have to realize that what you are doing is causing the change and you need to approve it. If you don't the program will not install properly or you will keep getting requests to allow the change each time you attempt to run the program.
    .
     
    chaslang, Apr 29, 2009
    #2
  3. AngelsWilliam

    AngelsWilliam Private First Class

    Can you suggest a place for me to learn more about that stuff? I always worry that I'm approving too much, not too little.

    There was something wrong with the laptop. I started using the limited-permissions user account and while I was, Avast came up with a warning that there was a trojan, which I deleted, and then it warned me something about a connection, which I forbade. I also deleted the IE add-on research via RegSeeker. (I had to do that via the administrative user account, of course.) The laptop has been behaving perfectly ever since. I even got notice of several MS updates that I hadn't before.

    I also unhid .NET framework on the update site and downloaded it...followed by 2-3 updates for it. Now, though...my harddrive is almost 1/2 full where it had been a little over 1/4 full. OUCH.

    So, anyway, that's the status on the laptop. It's all better, so at least I can start work again.

    I still would like a resolution to the desktop's harddrive space loss issues, if at all possible. I know Windows gets unstable when there's less than half of the space on the harddrive, and there's alreay much less. I can't afford to lose anymore at 0.1 per 2-4 hours.

    Is it possible that these scans don't catch/fix everything? :innocent:duck
     
    Last edited: Apr 30, 2009
    AngelsWilliam, Apr 30, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Software Forum would be a good place to ask questions. Also just add some common sense on what you are doing and also search on the process name or file name being mentioned to see if it valid.

    Unless you provide specific information, I cannot comment. "Something about a connection" means nothing to me. Also "a trojan" means nothing to me. What file and in what folder and what did it a call the trojan? All protection tools have false positives. Avast is pretty high on the list of FPs even though it is still a good program.


    Of course but when absolutely nothing is found, it is much less likely.
     
    chaslang, May 4, 2009
    #4
  5. AngelsWilliam

    AngelsWilliam Private First Class

    I don't have what the majority would call "common sense." I have my own brand of intelligence. I have Asperger syndrome, and specialize in English grammar, style, and usage; medical terminology and most of its uses; memorization by repetitive hands-on experience; and comprehensive information on any and all of my special interests.

    Anything else, and I need some guidance, except for those things I have learned by repetitive trial and error or, in some cases, reuse. I can, for instance, sit down to almost any form of office software (suite) and adjust in no more than a day or two to whatever slight differences there might be...even if it's a dumb terminal database program.

    Thank you for your help....

    I also noticed when I attempted to report a dead link on the download site that not only my GMail address, but also my SBC Yahoo address (I have no idea how you knew that one) have been blocked from your mail server. I don't know, maybe it's my IP you've blocked. I really don't care. I was trying to do something helpful, and I got blocked from all angles.

    Regrets,
    Carol
     
    AngelsWilliam, May 26, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The gmail account is all that this site knows about since that is what you registered with. I know of no reasons why your email addresses would be blocked but this is not a malware problem either. ;)

    Since you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. After doing the above, you should work thru the below link:
     
    chaslang, May 29, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds