From: Michael on
On Feb 7, 11:42 am, "Buffalo" <E...(a)nada.com.invalid> wrote:
> Michael wrote:
> > On Feb 7, 11:00 am, "Buffalo" <E...(a)nada.com.invalid> wrote:
> >> Michael wrote:
> >>>> "Michael" <Tempr...(a)hotmail.com> wrote in message
>
> news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com...
>
>
>
>
>
> >>>>> About 6 days ago my avast AV that I had used for years suddenly
> >>>>> refused to connect me to its update server.
>
> >>>>> I uninstalled Avast had a clean download of Avira but it too
> >>>>> refused to updated AV files (leaving me frozen protection wise
> >>>>> back in November, 2009).
>
> >>>>> I have disabled both my Sygate Firewall and my Spybot Real Time
> >>>>> Protection with no luck.
>
> >>>>> Something has clearly infected the dialer (or other connect) on my
> >>>>> computer (Firefox/XP) preventing it from connecting with and
> >>>>> receiving updates for two otherwise fine Free Antivirus programs.
>
> >>>>> Any assistance greatly appreciated.
>
> >>> Response::
>
> >>> I scanned my PC with various detect devices (everything from my
> >>> Avast AV before I uninstalled it and replaced it with Avira, to
> >>> Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever
> >>> is identified as even possibly dangerous I delete.
>
> >>> My fear is that whatever got me--and I have no idea how it slipped
> >>> through my many levels of protection--first installed itself on my
> >>> computer before all the AV and malware databases even knew about
> >>> "it" and as an integral part of its malicious code it blocked all
> >>> AV and similar engines from being able to access updaters..
>
> >>> I had no idea the basic updaters(s) all run through the same path
> >>> thus all can be disabled or intercepted by this thing. It was my
> >>> hope that once I updated any AV file to date I could then identify
> >>> and remove the "thing" because by now I'm sure it has been
> >>> identified. But I'm frozen to AV files known as of one week ago
> >>> before "it" struck me.
>
> >>> It appeared first as a "fake" Antivirus Scan Screen (I knew it was
> >>> not Avast) on Startup. I did NOT access or use any of the options
> >>> this fake thing offered me on Startup, rather deleted it and tried
> >>> to delete any file I could find on my computer bearing its
> >>> suspicious name [the "fake" AV called itself "glensftav. exe; as
> >>> stated I thought I caught it in time but by the time it was there
> >>> it had already blocked my ability to find it or have the removal
> >>> tools to TOTALLY eradicate it].
>
> >>> Is there any back-door for "updater" connections? I'm really
> >>> technically ignorant as you all can tell but I never had anything
> >>> get me like this (used AVG, then Avast for years--no issues at all).
>
> >>> I knew I was in big trouble when I uninstalled Avast, substituted
> >>> avira but then the brand new AV could not get me updated files
> >>> despite propmting me that I needed to update.
>
> >>> I'll look for the "hosts" file as suggested, but to be candid I
> >>> won't know what it is or what to do with it even if I find it/them.
>
> >>> Thanks again. .
>
> >> Open Avira, click on the Update tab on the top and then choose
> >> Manual. See if that works for you.
> >> Did you try the latest MBAM and the latest SAS?
> >> Buffalo
>
> > Buffalo...
>
> > I DL what I think is the latest MBAM (I'll scan again soon) and if
> > SAS=Spybot that has always been updated with real time "protection"
> > enabled too.
>
> > Right now I was able to get the Avira AV "Removal Tool" to do a scan
> > (presently underway). If I am lucky the Avira removal tool DOES have
> > everything updated to date, it will find this "thing" and show me how
> > to get rid of it. IF I'm lucky!!!Thanks for your other suggestions
> > too.
>
> SAS is SuperAntispyware.
> Hoping for the best.
> Buffalo

Buffalo, Bad Boy...

I finally realized SAS=Super AS. Yes I had it but its updater too is
blocked. Found an interesting site/DL called "Remove Fake Anti-
Virus" (V. 1. 56) which I just DL'd from majorgeeks. I will run a scan
with that tool, and then perhaps try Norton's 30 day Free Trial.

Of course the key remains whatever DAT files I can access are
completely updated AND will recognize and/or completely remove this
"thing". if detected. Ongoing thanks (I hope I'm not violating posting
rules by my repetitive but 100% sincere thank yous!!)
From: Buffalo on


Michael wrote:
[snip]
>> SAS is SuperAntispyware.
>> Hoping for the best.
>> Buffalo
>
> Buffalo, Bad Boy...
>
> I finally realized SAS=Super AS. Yes I had it but its updater too is
> blocked. Found an interesting site/DL called "Remove Fake Anti-
> Virus" (V. 1. 56) which I just DL'd from majorgeeks. I will run a scan
> with that tool, and then perhaps try Norton's 30 day Free Trial.
>
> Of course the key remains whatever DAT files I can access are
> completely updated AND will recognize and/or completely remove this
> "thing". if detected. Ongoing thanks (I hope I'm not violating posting
> rules by my repetitive but 100% sincere thank yous!!)

Hopefully it will work out well.
Now, sit back and enjoy the Super Bowl.
Buffalo


From: David H. Lipman on
From: "Michael" <Temprock(a)hotmail.com>

| Buffalo, Bad Boy...

| I finally realized SAS=Super AS. Yes I had it but its updater too is
| blocked. Found an interesting site/DL called "Remove Fake Anti-
| Virus" (V. 1. 56) which I just DL'd from majorgeeks. I will run a scan
| with that tool, and then perhaps try Norton's 30 day Free Trial.

| Of course the key remains whatever DAT files I can access are
| completely updated AND will recognize and/or completely remove this
| "thing". if detected. Ongoing thanks (I hope I'm not violating posting
| rules by my repetitive but 100% sincere thank yous!!)

Please do NOT install Norton 360.

You have already noted you had Avast and then went to Avira. If you keep installing and
uninstalling software willy-nilly like that you will introduce instability in your
computer.

Choose ONE anti virus application and stick with it. If you have problems accessing
security sites deal directly with that problem NOT installing and subsequently removing
fully installed anti virus applications. Your choise og Avira AntiVir is a good one. IFF
and you can't get updates, the objective is to resolve that issue.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Michael on
On Feb 7, 8:27 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net>
wrote:
> From: "Michael" <Tempr...(a)hotmail.com>
>
> | Buffalo, Bad Boy...
>
> | I finally realized SAS=Super AS. Yes I had it but its updater too is
> | blocked. Found an interesting site/DL called "Remove Fake Anti-
> | Virus" (V. 1. 56) which I just DL'd from majorgeeks. I will run a scan
> | with that tool, and then perhaps try Norton's 30 day Free Trial.
>
> | Of course the key remains whatever DAT files I can access are
> | completely updated AND will recognize and/or completely remove this
> | "thing". if detected. Ongoing thanks (I hope I'm not violating posting
> | rules by my repetitive but 100% sincere thank yous!!)
>
> Please do NOT install Norton 360.
>
> You have already noted you had Avast and then went to Avira.  If you keep installing and
> uninstalling software willy-nilly like that you will introduce instability in your
> computer.
>
> Choose ONE anti virus application and stick with it.  If you have problems accessing
> security sites deal directly with that problem NOT installing and subsequently removing
> fully installed anti virus applications.  Your choise og Avira AntiVir is a good one.  IFF
> and you can't get updates, the objective is to resolve that issue.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Dave

Good suggestion. I will focus on the problem of can't download updates
for any AV or Anti-Malware Product (rather than constantly Installing/
Uninstalling).

****IF I can manually get completely updated AV dat files from avira's
website burned onto a CD from another computer--assuming you guys
think that might work--do I simply insert CD with updated files from
the other (clean) computer into this (compromised) CD drive to
identify and eradicate the invader or is not that "simple"?*****

Once I somehow get the updated files--by now I assume they have all
identified this "thing" --I hope it will then be completely removable
and in the future I will be able to get updates routinely when
prompted(or automatically). Please let me know your thoughts.

I guess I'm still having trouble realizing that ALL update functions
from all AVs and all A-Malwares can be completely blocked from
working. I had just assumed they all are updated via different paths/
protocols/urls or whatever. Ongoing thanks guys.
From: Buffalo on


Michael wrote:
[snip]
> I guess I'm still having trouble realizing that ALL update functions
> from all AVs and all A-Malwares can be completely blocked from
> working. I had just assumed they all are updated via different paths/
> protocols/urls or whatever. Ongoing thanks guys.

Have you tried to manually update from the Avira Desktop? Clicking on the
Update tab on top and then selecting Manual after going to the Avira site
and manually downloading the latest definitions?
Buffalo

If you dl and install the latest version of MBAM, it should contain about
the latest updates.

Buffalo

PS: http://www.avira.com/en/support/kbdetails.php?id=95

tells you how to update manually.