Tweet
Originally posted by bernie lamb
-
No big deal, just Avira doing it’s job. FRST was removing the Hosts file to set it to default, Avira was trying to protect it. -
AVZ still churning awayComment
-
About 11mins left. Whereabouts in the States are you?Comment
-
Ok, after the scan is done…
Remove Avira with Geek Uninstaller.
Then reboot.
Run the Avira RegistryCleaner
Reboot again.
Then install one of the following antivirus, these offer the same if not better protection, & they are much lighter on your system!!
SecureAplus
360 Total Security
Panda Cloud Free.
Edit: I’d make a full virus scan with whatever you decide to install…
Just a side note and a nice program to have on your machine, Everything Search Engine. Get the portable version…
In the south Georgia…Originally posted by bernie lambComment
-
Nice. I lived for 3 years in Raleigh, NC. Travelled around a lot, but only saw Atlanta in GA.Comment
-
Lived there for a bit. Not a nice place unless you have money…Originally posted by bernie lambComment
-
The green scan indicator has gone, so I assume it is finished. Does the blue slider at the bottom have to be all the way over to the right to indicate end of op?Comment
-
AVZ log bel
AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 16.02.2017 14:47:16
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 16.02.2017 16:00
Heuristic microprograms loaded: 410
PVS microprograms loaded: 10
Digital signatures of system files loaded: 857539
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 “Microsoft Windows XP”, install date 17.07.2012 07:46:38 ; AVZ is run with administrator rights (+)
System Restore: enabled- Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=085700)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055C700
KiST = 80504570 (284)
Function NtClose (19) intercepted (805BC564->BA74D644), hook not defined
Function restored successfully !
Hook code blocked
Function NtCreateKey (29) intercepted (8062426A->BA74D5FE), hook not defined
Function restored successfully !
Hook code blocked
Function NtCreateSection (32) intercepted (805AB3FC->BA74D64E), hook not defined
Function restored successfully !
Hook code blocked
Function NtCreateSymbolicLinkObject (34) intercepted (805C3A2E->BA74D626), hook not defined
Function restored successfully !
Hook code blocked
Function NtCreateThread (35) intercepted (805D1068->BA74D5F4), hook not defined
Function restored successfully !
Hook code blocked
Function NtDeleteKey (3F) intercepted (80624706->BA74D603), hook not defined
Function restored successfully !
Hook code blocked
Function NtDeleteValueKey (41) intercepted (806248D6->BA74D60D), hook not defined
Function restored successfully !
Hook code blocked
Function NtDuplicateObject (44) intercepted (805BE03C->BA74D63F), hook not defined
Function restored successfully !
Hook code blocked
Function NtLoadDriver (61) intercepted (80584172->BA74D62B), hook not defined
Function restored successfully !
Hook code blocked
Function NtLoadKey (62) intercepted (8062648E->BA74D612), hook not defined
Function restored successfully !
Hook code blocked
Function NtOpenProcess (7A) intercepted (805CB486->BA74D5E0), hook not defined
Function restored successfully !
Hook code blocked
Function NtOpenSection (7D) intercepted (805AA420->BA74D621), hook not defined
Function restored successfully !
Hook code blocked
Function NtOpenThread (80) intercepted (805CB712->BA74D5E5), hook not defined
Function restored successfully !
Hook code blocked
Function NtQueryValueKey (B1) intercepted (8062248E->BA74D667), hook not defined
Function restored successfully !
Hook code blocked
Function NtReplaceKey (C1) intercepted (8062633E->BA74D61C), hook not defined
Function restored successfully !
Hook code blocked
Function NtRequestWaitReplyPort (C8) intercepted (805A2DAA->BA74D658), hook not defined
Function restored successfully !
Hook code blocked
Function NtRestoreKey (CC) intercepted (80625C4A->BA74D617), hook not defined
Function restored successfully !
Hook code blocked
Function NtSetContextThread (D5) intercepted (805D2C4A->BA74D653), hook not defined
Function restored successfully !
Hook code blocked
Function NtSetSecurityObject (ED) intercepted (805C0662->BA74D65D), hook not defined
Function restored successfully !
Hook code blocked
Function NtSetSystemInformation (F0) intercepted (8060FE98->BA74D630), hook not defined
Function restored successfully !
Hook code blocked
Function NtSetValueKey (F7) intercepted (806227DC->BA74D608), hook not defined
Function restored successfully !
Hook code blocked
Function NtSystemDebugControl (FF) intercepted (8061823E->BA74D662), hook not defined
Function restored successfully !
Hook code blocked
Function NtTerminateProcess (101) intercepted (805D2308->BA74D5EF), hook not defined
Function restored successfully !
Hook code blocked
Function NtWriteVirtualMemory (115) intercepted (805B4400->BA74D5EA), hook not defined
Function restored successfully !
Hook code blocked
Functions checked: 284, intercepted: 24, restored: 24
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete- Scanning RAM
Number of processes found: 29
Number of modules loaded: 356
Scanning RAM - complete - Scanning disks
- Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected - Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
- Searching for opened TCP/UDP ports used by malicious software
In the database 317 port descriptions
Opened at this PC: 4 TCP ports and 10 UDP ports
Checking - complete; no suspicious ports detected - Heuristic system check
Checking - complete - Searching for vulnerabilities
Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
Services: potentially dangerous service allowed: Schedule (Task Scheduler)
Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
Security: disk drives’ autorun is enabled
Security: administrative shares (C$, D$ …) are enabled
Windows Explorer - show extensions of known file types
Checking - complete- Troubleshooting wizard
owHDD autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
HDD autorun is allowed - fixed
Network drives autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Network drives autorun is allowed - fixed
Removable media autorun is allowed
[malware removal microprogram]> parameter changed NoDriveTypeAutoRun of key HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Removable media autorun is allowed - fixed
Checking - complete
Files scanned: 68076, extracted from archives: 43986, malicious software found 0, suspicions - 0
Scanning finished at 16.02.2017 15:24:49
!!! Attention !!! Restored 24 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:37:36
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address Kaspersky Security Cloud - Kaspersky Support Forum
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/Comment
- Searching for Rootkits and other software intercepting API functions
-
It was complete, go ahead and remove Avira. The only reason I suggest that you remove it is because the amount of Ram on your system. Once you have removed that and ran a full virus scan with the antivirus of your choosing, please tell me how the machine is running and if you are happy to call this solved.Comment
-
I’m downloading SecureAPlus. It’s taking a while, though!Comment
-
The initial scan of SecureAplus does take a long time, after that scans are fast!!Comment
-
It’s just the intial installation, I thought! Yes, it says 'Downloading setupOriginally posted by MalnutritionComment
-
Or is it scanning whilst setting up (installing)?Comment
-
Hard to tell, unless I had a screen shot.Comment
-
Here is the setup file.Comment
Comment