Jump to content

Behaving as infected.


glivo1

Recommended Posts

I would say that Malwarebytes is not reliable at this time, you will need to install an AV program asap.. I note you mention AVG, any thoughts on AVAST..? have a read at the following link,

https://rejzor.wordpress.com/avast-protection-tweaks/

The guy seting this up is totally legit and trustworthy......

To clean up you will need to uninstall RogueKiller, Tweaking can just be deleted.... Use the following to uninstall RogueKiller, is a good tool to have..

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option
 
I guess you should be good to go after that, I will add that I have Malwarebytes Premium version 3.0.6 and have no problems whatsoever....
 
Cheers,
 
Kevin
Edited by kevinf80
typing error
Link to post
Share on other sites

  • Replies 170
  • Created
  • Last Reply

Top Posters In This Topic

I added to my previous post just as you posted.  System performance is much better. Thank you so much.  I will do as advised above.

I have no loyalty to AVG and I was considering other options prior to starting this thread. Avast was definitely a consideration after reading several "Best Free Antivirus" review articles.

I only wish I knew all this myself.  I used to be an IT teacher but have been left behind since my medical retirement. I just don't have time to sit at a PC all day anymore.  Also, since it's what I used to do every day, I've avoided it.

I can't fully recall but I think AVG just happened for me as, from memory, it evolved from the old F-Prot. I may be wrong.  I used to run a secondary school network site licence for 100 machines with F-Prot when networking / internet first started.  Among others Anticmos varients and then Sasser caused us huge headaches at the time. We wasted so much time with a lot of re-formatting disks and re-installing and tail chasing.

There are 4 laptops in the house belonging to my kids and no doubt they are infected with something so as time permits I will get to each of those as well.

Link to post
Share on other sites

Avast absolutely kills this machine.  I've tried it twice. The first time, as downloaded only, because I then couldn't use my browsers to access any further instructions or downloads. The second time, with the additional download as instructed in the above link, because I did all the preparation before installing.  Disastrous both times.  CPU max out, web browsers unusable and the whole system slower than when I first contacted you in regards to a possible infection. 

Did I do something wrong?  AVG was still installed so should I have uninstalled that first?  I'm happy to just leave it be as I'm working fine at the moment without Avast.

What of the claim on the MBAM page, here , that now says Makes Antivirus Obsolete?  Does this mean that running MBAM Premium alone, without other AV, is enough?

Link to post
Share on other sites

mmmm Not sure why Avast reacts the way you mention,  go to  the following link and use the removal tool to clean Avast from your system:

https://www.avast.com/uninstall-utility

Regarding the latest versions of Malwarebytes, yes it can be used to protected your system instaead of usual AV tools such as Avast, AVG, Kaspersky etc etc.... You will need windows own Firewall...

I use MB version 3 on my working laptop in conjunction with Windows Defender and windows Firewall. I also have UNChecky and McShield. I also have 2 systems running on VM`s, Windows 10 Pro and Windows 7 Pro, both run Malwarebytes version 3 and Windows Firewall only... No issues at present...

Link to post
Share on other sites

No worries. Thanks. It is all good at the moment after I got rid of Avast earlier using that Geek program.

Do you have any idea why Avast has somehow changed my Internet Explorer to give this message about "This Page can't be displayed"? TLS 1.0, 1.1 and 1.2 are turned on and if I click the link after RC4 it goes into some explanation of out dated security.  This happened as soon as I installed Avast and now I can't get rid of it without telling it to use RC4 (I think).  The pages that give this error in IE I can get to in Chrome. I don't know what's happened.

Link to post
Share on other sites

I do not use Avast, what you post seems to be indicative of some kind of website protection. I suppose if Avast deems a site insecure it will respond accordingly.

As you`ve removed Avast probably Internet Explorer will need restting to defaults to amend changes made with Avast.....

https://support.microsoft.com/en-gb/help/17441/windows-internet-explorer-change-reset-settings

Link to post
Share on other sites

No worries.

It is my internet banking site that is blocked so I doubt it is insecure.  I'd say it's possibly the other way around somehow.

I've reset it now so I'll just work with what I've got.  Thanks for your help.  I really do appreciate your knowledge and effort.

Link to post
Share on other sites

Download and run the following diagnostic scanners, no changes are made to your system from these scans...

Farbar scanner, for use when connection or redirect issues:

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Next,

Please download Security Analysis by Rocket Grannie from here: http://rocketgrannie.spywareinfoforum.org/RGSA.exe
 
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.



There maybe a Warning from Windows about running the program, if so click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.


Note: The link to the most current version of the program will always be in the first post of this topic.
Note: (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run to continue.)
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

Please post your feedback in this topic.

 

Thank you,

Kevin.....

 

Link to post
Share on other sites

I can't navigate to Rocket Grannie in either IE or Chrome by using the link provided. I'm told to use a "search" to find the site, but this doesn't work either.  Google search finds the site but I still cant get to it. I can only get a text only saved version of the home page from 2 days ago.

I Reset IE 11 settings but it didn't fix the problem with secure sites in relation to RC4.  Without AVAST the computer has returned to running quite well.

Here is the FSS log.

FSS.txt

Link to post
Share on other sites

Yep, I can try that.

RGSA wont run. AVG stopped it then scanned it then sent it away to the lab. Said "You've captured a very rare file."  I then had another message saying it was clean but thanks for sending it in.

Windows wont allow it to run. Saying I need Admin privileges.  I'll try right click / run as admin.

Link to post
Share on other sites

Here they are.

Addition.txt

FRST.txt

Forgot to ask, Should AVG be off to run RGSA?  AVG was telling me I'd "Captured a very rare file". It then scanned it local and sent it away to "the lab".  Message came back that it was OK.  Also Windows wouldn't allow it to run anyway.

Edited by glivo1
Question from prior post.
Link to post
Share on other sites

Weird shit happening here. Stuff I've never seen before.

I just woke my machine up and there was a message down the bottom right task console area thing that said.  "Additional log information required. Click here to open browser."  (or something similar).  When I clicked the little X box to close it (on the X) it opened IE.  No apparent mal effect and the computer is running better than before I contacted the forum, but there is something going on.

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

There are registry issues that are stopping other entries from starting (running) one very obvious system is the Security Center, not sure why or how this happened but can only assume Avast has had some kind of influence...

Go back to Reply ID35, from that reply run the Windows Repair Tool (by tweaking.com) exactly as listed. When that is complete run FRST again and post the two fresh logs

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Let me see those logs in your reply....

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.