Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 AVG Hacked?


  • Please log in to reply
21 replies to this topic

#1 JC8865

JC8865

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 November 2014 - 09:52 PM

New member today and having issues running AVG,I had been web surfing when I got security threats..I went ahead and "removed" them with AVG after about 10 minutes of supposedly removing them I rebooted and now AVG no longer opens or runs..I get this message:'This Program is Blocked By Group Policy' wich isn't true because I am the only one who uses the computer and always log in as admin..I also tried to uninstall AVG with no success saying I didn't have privalages witch I should have and have always had..looking for some help..I don't dare open web browser on the desktop now til this is fixed..am currently typing this from my laptop.

Any advice/help would be great as I really don't want to re-install everything..I use the dektop mainly for gaming so their are quite a few GB of files on their.

 

 

OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD Processor model unknown, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 8190 Mb
Graphics Card: AMD Radeon R7 200 Series, -2048 Mb
Hard Drives: C: Total - 953765 MB, Free - 780883 MB; P: Total - 953765 MB, Free - 780883 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA790X-DS4
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled   <----cant use or delete this.

 

 

Any help would be great..Thanks!

 

 

JC



BC AdBot (Login to Remove)

 


m

#2 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 09 November 2014 - 11:29 PM

***Please boot the computer into safemode w/networking***

 

If you haven't already, please try using the AVG Remover

 

Run that as admin, it'll go through removing all the bits of avg, make you restart, then finish up upon reboot. I've seen avg being all wonky and strange lately, but only on others computers :P

 

If you're not in a domain and or anything I'd suspect its some sort of infection

 

Try Running

 

1. TDSS Killer    ( I always run this first, because from my past experiences, if there is a rootkit, and its not removed beforehand, all the stuff you remove with the other programs will just come back )

2. Rkill

3. JRT

4. Adwcleaner

5. ESET Online Scanner

 

Then see if you're able to reinstall avg. I'd also go ahead and look at your browsers settings, search engines, addons, etc...


Edited by wishmakingfairy, 09 November 2014 - 11:39 PM.

Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


#3 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 November 2014 - 11:42 PM

I'll run the Programs you suggested and post back what happens..I appreciate the reply.

 

 

JC



#4 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 November 2014 - 12:26 AM

Ran all the programs and tried to re-install AVG..still getting the same error "this program is blocked by group policy" and I cant run it even tho I am the admin.



#5 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 November 2014 - 12:54 AM

I am having issues with AVG and Admin rights (in another thread) but I may have somehow deleted a .dll file..now when I start my desktop up I am getting this error..C:Users\DIESEL\Appdata\Local\IVsoft\hrxvid.dll failed to load don't know if this is related to that or an actual Win7 file.
 
Any help with this would be great as a google search came up empty for the file.
 
 
JCAttached File  dll error.jpg   39.59KB   1 downloads

Edited by Queen-Evie, 10 November 2014 - 09:54 AM.
Originally in Windows 7 with topic title "hrxvid.dll error at start up". merged into this topic.


#6 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 10 November 2014 - 11:52 AM

You can also try running msconfig and see if the Ivsoft has an entry in the startup somewhere

 

Another thing you can do to get rid of that message is download autoruns and look for that entry, if it says something like file not found and is colored yellow, you can right click and delete it from the list, it should make it go away permenantly.

 

And i found this youtube video that might help you with your avg issue:


Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


#7 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 November 2014 - 03:27 PM

Thanks for the replies...will try these today in between shoveling 16" of snow we are getting...lol..thanks again for the replies..much appreciated.

 

 

 

JC



#8 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 November 2014 - 11:34 AM

I ran the programs you suggested and followed the youtube video..I re-installed AVG and now it works so I did a scan with it and it didn't find anything.

I also got rid of that pop up I was getting by following that video..now the only issue is I am blocked from admin rights even though I always sign in as admin.

 

Thanks for all of the replies,I appreciate it.

 

 

JC



#9 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 11 November 2014 - 12:24 PM

I can't promise this will help, but it might. Its the windows repair all in one tool.

 

http://www.bleepingcomputer.com/download/windows-repair-all-in-one/

 

Just follow all the steps provided, even the malwarebytes scan and system file check.


Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:19 AM

Posted 11 November 2014 - 04:54 PM

Hi JC,
 
 

Please Download Rkill by Grinler and save it to your desktop.

Link 1

Link 2

Link 3

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Please post the log generated by the tool.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 November 2014 - 05:10 PM

I ran the windows repair all in one and also the Rkill..

 

Rkill Log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/11/2014 04:05:53 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\DIESEL\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe (PID: 3132) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   "DisableSR" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/11/2014 04:06:44 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)



#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:19 AM

Posted 11 November 2014 - 05:31 PM

Hi,
 
Let's do some checks to see if the malware is gone...
 
9OoOKtajgSmoOAS611kOcmffOCc4Sw.pngInstall and Run Malwarebytes
  • Please download Malwarebytes' Anti-Malware from here or here
  • Double Click the mbam-setup-2.x.x or mbam-setup MBAM2.jpg to install the application.
  • On the last step of installation make sure you uncheck the box Enable free trial of Malwarebytes Anti-Malware Premium then click Finish.
    MBAM2_Trial.png
  • If an update is found, it will download and install the latest updates automatically if not click Update Now »
    MBAM2_Updating.png
  • Click the Settings tab, and check the box next to Scan for rootkits:
    MBAM2_Settings.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM2_Scan.png
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, it will show the results:
    MBAM2_threat-detected.jpg
  • Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    MBAM2_RestartPrompt.png
  • After restarting the computer, copy and paste the mbam.log in your next reply.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information
  • The log is automatically saved by MBAM and can be viewed by going to the History tab, clicking on Application Logs:
    MBAM2_Log.png
  • Select (check) the box next to Scan Log. Choose the most current scan, and click on the View button:
  • In the bottom of the Scanning History Log window that opens, click on Export > Save to Text file (*.txt) button. Save the report to your Desktop.
  • Copy & Paste the entire contents of the report log in your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 November 2014 - 05:52 PM

Malwarebytes Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2014
Scan Time: 4:36:35 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.11.09
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DIESEL

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349117
Time Elapsed: 8 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Looks good and the comp seems to be back to its old self again.

Cant tell you all how much I appreciate the replies and the tons of help.

I have to say I really like this site..lots of Info and tech articles..been browsing through some articles to help the performance of my Win8 Laptop...Thanks again for all of the help

 

 

JC



#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:19 AM

Posted 11 November 2014 - 05:58 PM


Good :) And the "blocked from admin rights" problem is gone? if not can you tell us in what situation you see that error?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 JC8865

JC8865
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 November 2014 - 06:16 PM

The only thing that seems odd is that the system restore is blocked by administrator..even though I always sign in as admin.

When I go into Control Panel and then system properties and click the System Protection tab is greyed out and says its blocked.

I wanted to set up a restore point now that everything seemed ok.

 

 

JC






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users