Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus-- This prog is blocked by group policy.


  • This topic is locked This topic is locked
29 replies to this topic

#1 geridear

geridear

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 03:00 PM

Hi I am a silversurfer new to this site and not very technical, my problem is

 

Yesterday I noticed something was stopping me activating AVG I dont know how long I have had the virus as the laptop seemed to be working ok.

 

A popup would say "This program is blocked by group policy. For more information contact your system administrator."

 

I downloaded Avast and done a scan nothing, then Malaware nothing, all day I searched the internet trying different things but nothing will remove the virus.

 

Tonight I have been trying to uninstall AVG but it wont, even on the AVG site it will not uninstall., Avast was finally done by going to the site. I thought I would install Mcafee as I have it free from Plusnet.

 

Can anyone help me get rid of this virus.

 

Thanks

 

Geridear


Edited by hamluis, 14 May 2014 - 03:39 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 14 May 2014 - 03:15 PM

Hello, and Welcome The virus added a path to a registry key , specifically this key.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths

 

This key is used by Microsoft's Software Restriction Policy

 

And possibly this key.

 

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows

 

Follow the instruction in this post but look for AVG in the Paths folder. You will need to delete that subkey that contains the path.

 

You may also want to read this thread.

 

After you can get AVG running again, I would run a malware scan with Malwarebytes and TDSS killer.



#3 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:05 PM

I deleted the first key and retarted the laptop and had 2 popup

 

auguix.exe

The application was unable to start correctly (0xc0000142).

 

The program cant start because mfc110u.dll is missing from your computer. Try installing the program to fix the problem.



#4 JohnC_21

JohnC_21

  • Members
  • 24,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 14 May 2014 - 04:07 PM

Can you uninstall AVG in safe mode?



#5 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:07 PM

I deleted the first key, Avg path would not delete I then restarted the laptop and had 2 popup

 

auguix.exe

The application was unable to start correctly (0xc0000142).

 

The program cant start because mfc110u.dll is missing from your computer. Try installing the program to fix the problem.

 

 



#6 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:10 PM

I dont know how to uninstall AVG in safe mode.



#7 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:16 PM

I am going to try and install McAfee as this may delete AVG.



#8 JohnC_21

JohnC_21

  • Members
  • 24,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 14 May 2014 - 04:18 PM

I believe the file that is trying to run is avguix.exe, not auguix.exe, which is part ot a Trojan. See this page.

 

When executed, TrojanDownloader:Win32/Banload.YK copies itself to <system folder>\avguix.exe.
 
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
 
The malware modifies the following registry entries to ensure that its copy executes at each Windows start:
 
Adds value: "avguix"
With data: "c:\windows\system32\avguix.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

If you go to the above HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key, is avguix.exe listed? If it is, I cannot help further and somebody with Malware Removal Experience should try to disinfect the computer.

 

To uninstall AVG in safe mode, tap F8 at boot and select Safe Mode. Login to your account and to to Control Panel Remove Programs. But, first see if you can now uninstall AVG in normal mode.



#9 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:18 PM

No good McAfee still unable to uninstall AVG.



#10 JohnC_21

JohnC_21

  • Members
  • 24,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 14 May 2014 - 04:24 PM

So AVG is a virus and not the AVG antivirus program? If no one replies to this topic in three days, click here.

 

You cannot use Mcafee to Uninstall AVG antivirus unless this is some malware that names itself AVG. You have to uninstall AVG in the Remove Programs section of Control Panel.

 

Question: is data: "c:\windows\system32\avguix.exe" located in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 



#11 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 14 May 2014 - 04:38 PM

Try this:

Boot the computer to safe mode with networking (Reboot, tapping F8)

Download and run Rkill http://www.bleepingcomputer.com/download/rkill/

Then Run: http://www.eset.com/us/online-scanner-popup/



#12 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 04:40 PM

I cannot find  avguix.exe listed.  



#13 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 05:59 PM

Try this:

Boot the computer to safe mode with networking (Reboot, tapping F8)

Download and run Rkill http://www.bleepingcomputer.com/download/rkill/

Then Run: http://www.eset.com/us/online-scanner-popup/

I have done this and no threats were found.

I also then tried to delete the two AVG progams in the control panal and they still wont delete, even in safe mode.



#14 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 14 May 2014 - 06:04 PM

Try this

http://www.bleepingcomputer.com/download/avg-remover-2012/



#15 geridear

geridear
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 PM

Posted 14 May 2014 - 06:12 PM

It wont work I alse went to avg site and it still wont delete.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users