From: Michael on

>
> "Michael" <Tempr...(a)hotmail.com> wrote in message
>
> news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com...
>
> > About 6 days ago my avast AV that I had used for years suddenly
> > refused to connect me to its update server.
>
> > I uninstalled Avast had a clean download of Avira but it too refused
> > to updated AV files (leaving me frozen protection wise back in
> > November, 2009).
>
> > I have disabled both my Sygate Firewall and my Spybot Real Time
> > Protection with no luck.
>
> > Something has clearly infected the dialer (or other connect) on my
> > computer (Firefox/XP) preventing it from connecting with and receiving
> > updates for two otherwise fine Free Antivirus programs.
>
> > Any assistance greatly appreciated.


Response::

I scanned my PC with various detect devices (everything from my Avast
AV before I uninstalled it and replaced it with Avira, to
Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever is
identified as even possibly dangerous I delete.

My fear is that whatever got me--and I have no idea how it slipped
through my many levels of protection--first installed itself on my
computer before all the AV and malware databases even knew about "it"
and as an integral part of its malicious code it blocked all AV and
similar engines from being able to access updaters..

I had no idea the basic updaters(s) all run through the same path thus
all can be disabled or intercepted by this thing. It was my hope that
once I updated any AV file to date I could then identify and remove
the "thing" because by now I'm sure it has been identified. But I'm
frozen to AV files known as of one week ago before "it" struck me.

It appeared first as a "fake" Antivirus Scan Screen (I knew it was not
Avast) on Startup. I did NOT access or use any of the options this
fake thing offered me on Startup, rather deleted it and tried to
delete any file I could find on my computer bearing its suspicious
name [the "fake" AV called itself "glensftav. exe; as stated I thought
I caught it in time but by the time it was there it had already
blocked my ability to find it or have the removal tools to TOTALLY
eradicate it].

Is there any back-door for "updater" connections? I'm really
technically ignorant as you all can tell but I never had anything get
me like this (used AVG, then Avast for years--no issues at all).

I knew I was in big trouble when I uninstalled Avast, substituted
avira but then the brand new AV could not get me updated files despite
propmting me that I needed to update.

I'll look for the "hosts" file as suggested, but to be candid I won't
know what it is or what to do with it even if I find it/them.

Thanks again. .

From: Buffalo on


Michael wrote:
>> "Michael" <Tempr...(a)hotmail.com> wrote in message
>>
>> news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com...
>>
>>> About 6 days ago my avast AV that I had used for years suddenly
>>> refused to connect me to its update server.
>>
>>> I uninstalled Avast had a clean download of Avira but it too refused
>>> to updated AV files (leaving me frozen protection wise back in
>>> November, 2009).
>>
>>> I have disabled both my Sygate Firewall and my Spybot Real Time
>>> Protection with no luck.
>>
>>> Something has clearly infected the dialer (or other connect) on my
>>> computer (Firefox/XP) preventing it from connecting with and
>>> receiving updates for two otherwise fine Free Antivirus programs.
>>
>>> Any assistance greatly appreciated.
>
>
> Response::
>
> I scanned my PC with various detect devices (everything from my Avast
> AV before I uninstalled it and replaced it with Avira, to
> Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever is
> identified as even possibly dangerous I delete.
>
> My fear is that whatever got me--and I have no idea how it slipped
> through my many levels of protection--first installed itself on my
> computer before all the AV and malware databases even knew about "it"
> and as an integral part of its malicious code it blocked all AV and
> similar engines from being able to access updaters..
>
> I had no idea the basic updaters(s) all run through the same path thus
> all can be disabled or intercepted by this thing. It was my hope that
> once I updated any AV file to date I could then identify and remove
> the "thing" because by now I'm sure it has been identified. But I'm
> frozen to AV files known as of one week ago before "it" struck me.
>
> It appeared first as a "fake" Antivirus Scan Screen (I knew it was not
> Avast) on Startup. I did NOT access or use any of the options this
> fake thing offered me on Startup, rather deleted it and tried to
> delete any file I could find on my computer bearing its suspicious
> name [the "fake" AV called itself "glensftav. exe; as stated I thought
> I caught it in time but by the time it was there it had already
> blocked my ability to find it or have the removal tools to TOTALLY
> eradicate it].
>
> Is there any back-door for "updater" connections? I'm really
> technically ignorant as you all can tell but I never had anything get
> me like this (used AVG, then Avast for years--no issues at all).
>
> I knew I was in big trouble when I uninstalled Avast, substituted
> avira but then the brand new AV could not get me updated files despite
> propmting me that I needed to update.
>
> I'll look for the "hosts" file as suggested, but to be candid I won't
> know what it is or what to do with it even if I find it/them.
>
> Thanks again. .

Open Avira, click on the Update tab on the top and then choose Manual.
See if that works for you.
Did you try the latest MBAM and the latest SAS?
Buffalo


From: Michael on
On Feb 7, 11:00 am, "Buffalo" <E...(a)nada.com.invalid> wrote:
> Michael wrote:
> >> "Michael" <Tempr...(a)hotmail.com> wrote in message
>
> >>news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com....
>
> >>> About 6 days ago my avast AV that I had used for years suddenly
> >>> refused to connect me to its update server.
>
> >>> I uninstalled Avast had a clean download of Avira but it too refused
> >>> to updated AV files (leaving me frozen protection wise back in
> >>> November, 2009).
>
> >>> I have disabled both my Sygate Firewall and my Spybot Real Time
> >>> Protection with no luck.
>
> >>> Something has clearly infected the dialer (or other connect) on my
> >>> computer (Firefox/XP) preventing it from connecting with and
> >>> receiving updates for two otherwise fine Free Antivirus programs.
>
> >>> Any assistance greatly appreciated.
>
> > Response::
>
> > I scanned my PC with various detect devices (everything from my Avast
> > AV before I uninstalled it and replaced it with Avira, to
> > Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever is
> > identified as even possibly dangerous I delete.
>
> > My fear is that whatever got me--and I have no idea how it slipped
> > through my many levels of protection--first installed itself on my
> > computer before all the AV and malware databases even knew about "it"
> > and as an integral part of its malicious code it blocked all AV and
> > similar engines from being able to access updaters..
>
> > I had no idea the basic updaters(s) all run through the same path thus
> > all can be disabled or intercepted by this thing. It was my hope that
> > once I updated any AV file to date I could then identify and remove
> > the "thing" because by now I'm sure it has been identified. But I'm
> > frozen to AV files known as of one week ago before "it" struck me.
>
> > It appeared first as a "fake" Antivirus Scan Screen (I knew it was not
> > Avast) on Startup. I did NOT access or use any of the options this
> > fake thing offered me on Startup, rather deleted it and tried to
> > delete any file I could find on my computer bearing its suspicious
> > name [the "fake" AV called itself "glensftav. exe; as stated I thought
> > I caught it in time but by the time it was there it had already
> > blocked my ability to find it or have the removal tools to TOTALLY
> > eradicate it].
>
> > Is there any back-door for "updater" connections? I'm really
> > technically ignorant as you all can tell but I never had anything get
> > me like this (used AVG, then Avast for years--no issues at all).
>
> > I knew I was in big trouble when I uninstalled Avast, substituted
> > avira but then the brand new AV could not get me updated files despite
> > propmting me that I needed to update.
>
> > I'll look for the "hosts" file as suggested, but to be candid I won't
> > know what it is or what to do with it even if I find it/them.
>
> > Thanks again. .
>
> Open Avira, click on the Update tab on the top and then choose Manual.
> See if that works for you.
> Did you try the latest MBAM and the latest SAS?
> Buffalo

Buffalo...

I DL what I think is the latest MBAM (I'll scan again soon) and if
SAS=Spybot that has always been updated with real time "protection"
enabled too.

Right now I was able to get the Avira AV "Removal Tool" to do a scan
(presently underway). If I am lucky the Avira removal tool DOES have
everything updated to date, it will find this "thing" and show me how
to get rid of it. IF I'm lucky!!!Thanks for your other suggestions too.
From: Bad Boy Charlie on
On Sun, 7 Feb 2010 09:00:09 -0700, "Buffalo" <Eric(a)nada.com.invalid>
wrote:

>
>
>Michael wrote:
>>> "Michael" <Tempr...(a)hotmail.com> wrote in message
>>>
>>> news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com...
>>>
>>>> About 6 days ago my avast AV that I had used for years suddenly
>>>> refused to connect me to its update server.
>>>
>>>> I uninstalled Avast had a clean download of Avira but it too refused
>>>> to updated AV files (leaving me frozen protection wise back in
>>>> November, 2009).
>>>
>>>> I have disabled both my Sygate Firewall and my Spybot Real Time
>>>> Protection with no luck.
>>>
>>>> Something has clearly infected the dialer (or other connect) on my
>>>> computer (Firefox/XP) preventing it from connecting with and
>>>> receiving updates for two otherwise fine Free Antivirus programs.
>>>
>>>> Any assistance greatly appreciated.
>>
>>
>> Response::
>>
>> I scanned my PC with various detect devices (everything from my Avast
>> AV before I uninstalled it and replaced it with Avira, to
>> Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever is
>> identified as even possibly dangerous I delete.
>>
>> My fear is that whatever got me--and I have no idea how it slipped
>> through my many levels of protection--first installed itself on my
>> computer before all the AV and malware databases even knew about "it"
>> and as an integral part of its malicious code it blocked all AV and
>> similar engines from being able to access updaters..
>>
>> I had no idea the basic updaters(s) all run through the same path thus
>> all can be disabled or intercepted by this thing. It was my hope that
>> once I updated any AV file to date I could then identify and remove
>> the "thing" because by now I'm sure it has been identified. But I'm
>> frozen to AV files known as of one week ago before "it" struck me.
>>
>> It appeared first as a "fake" Antivirus Scan Screen (I knew it was not
>> Avast) on Startup. I did NOT access or use any of the options this
>> fake thing offered me on Startup, rather deleted it and tried to
>> delete any file I could find on my computer bearing its suspicious
>> name [the "fake" AV called itself "glensftav. exe; as stated I thought
>> I caught it in time but by the time it was there it had already
>> blocked my ability to find it or have the removal tools to TOTALLY
>> eradicate it].
>>
>> Is there any back-door for "updater" connections? I'm really
>> technically ignorant as you all can tell but I never had anything get
>> me like this (used AVG, then Avast for years--no issues at all).
>>
>> I knew I was in big trouble when I uninstalled Avast, substituted
>> avira but then the brand new AV could not get me updated files despite
>> propmting me that I needed to update.
>>
>> I'll look for the "hosts" file as suggested, but to be candid I won't
>> know what it is or what to do with it even if I find it/them.
>>
>> Thanks again. .
>
>Open Avira, click on the Update tab on the top and then choose Manual.
>See if that works for you.
>Did you try the latest MBAM and the latest SAS?
>Buffalo
>
Have you considered installing Norton Internet Security 2010 - 30 day
trial version just as an aid in this matter? It may well uncover
something the other products have overlooked.
From: Buffalo on


Michael wrote:
> On Feb 7, 11:00 am, "Buffalo" <E...(a)nada.com.invalid> wrote:
>> Michael wrote:
>>>> "Michael" <Tempr...(a)hotmail.com> wrote in message
>>
>>>>
news:d8f789ef-be90-49ed-b515-9fdfae5a7568(a)o28g2000yqh.googlegroups.com...
>>
>>>>> About 6 days ago my avast AV that I had used for years suddenly
>>>>> refused to connect me to its update server.
>>
>>>>> I uninstalled Avast had a clean download of Avira but it too
>>>>> refused to updated AV files (leaving me frozen protection wise
>>>>> back in November, 2009).
>>
>>>>> I have disabled both my Sygate Firewall and my Spybot Real Time
>>>>> Protection with no luck.
>>
>>>>> Something has clearly infected the dialer (or other connect) on my
>>>>> computer (Firefox/XP) preventing it from connecting with and
>>>>> receiving updates for two otherwise fine Free Antivirus programs.
>>
>>>>> Any assistance greatly appreciated.
>>
>>> Response::
>>
>>> I scanned my PC with various detect devices (everything from my
>>> Avast AV before I uninstalled it and replaced it with Avira, to
>>> Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever
>>> is identified as even possibly dangerous I delete.
>>
>>> My fear is that whatever got me--and I have no idea how it slipped
>>> through my many levels of protection--first installed itself on my
>>> computer before all the AV and malware databases even knew about
>>> "it" and as an integral part of its malicious code it blocked all
>>> AV and similar engines from being able to access updaters..
>>
>>> I had no idea the basic updaters(s) all run through the same path
>>> thus all can be disabled or intercepted by this thing. It was my
>>> hope that once I updated any AV file to date I could then identify
>>> and remove the "thing" because by now I'm sure it has been
>>> identified. But I'm frozen to AV files known as of one week ago
>>> before "it" struck me.
>>
>>> It appeared first as a "fake" Antivirus Scan Screen (I knew it was
>>> not Avast) on Startup. I did NOT access or use any of the options
>>> this fake thing offered me on Startup, rather deleted it and tried
>>> to delete any file I could find on my computer bearing its
>>> suspicious name [the "fake" AV called itself "glensftav. exe; as
>>> stated I thought I caught it in time but by the time it was there
>>> it had already blocked my ability to find it or have the removal
>>> tools to TOTALLY eradicate it].
>>
>>> Is there any back-door for "updater" connections? I'm really
>>> technically ignorant as you all can tell but I never had anything
>>> get me like this (used AVG, then Avast for years--no issues at all).
>>
>>> I knew I was in big trouble when I uninstalled Avast, substituted
>>> avira but then the brand new AV could not get me updated files
>>> despite propmting me that I needed to update.
>>
>>> I'll look for the "hosts" file as suggested, but to be candid I
>>> won't know what it is or what to do with it even if I find it/them.
>>
>>> Thanks again. .
>>
>> Open Avira, click on the Update tab on the top and then choose
>> Manual. See if that works for you.
>> Did you try the latest MBAM and the latest SAS?
>> Buffalo
>
> Buffalo...
>
> I DL what I think is the latest MBAM (I'll scan again soon) and if
> SAS=Spybot that has always been updated with real time "protection"
> enabled too.
>
> Right now I was able to get the Avira AV "Removal Tool" to do a scan
> (presently underway). If I am lucky the Avira removal tool DOES have
> everything updated to date, it will find this "thing" and show me how
> to get rid of it. IF I'm lucky!!!Thanks for your other suggestions
> too.

SAS is SuperAntispyware.
Hoping for the best.
Buffalo