Antivirus Download Problem

[golfnut]

I am having trouble downloading free antivirus software, both AVG and SpyBot. I get the below error message. Can anyone tell how I can correct this. Looks to me like I may have developed a virus? Please help if you can, I would really appreciate it. Thank you.

[Dv8ted2]

Are you logged in as an admin or a restricted user? Usually you will get that kind of message if you are logged in as a restricted user.

[golfnut]

Logged in as admin, thank for the advice though.

[golfnut]

38 views, 1 reply, need help guys, pleeeeeeeeeeeeeeeeeeeeeze

[JohnnyMalaria]

Try this Google search: http://www.google.com/search?as_q=%22Local+machine%3A+installation+failed%22&hl=en&new...ndow=1&num=100

It comes up with a number of hits re. AVG. They might help...

[GKar]

I would try Symantec's online scan here:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym


A brief google of your message leads to a possible infection. Good luck!

[golfnut]

Guys I really do appreciate the replies and advice but after trying each and every suggestion here I am still dead in the water. Guess I will have to do the dreaded erase and reformat the hard drive, what a pain!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thank again.

[budz]

I am having trouble downloading free antivirus software, both AVG and SpyBot. I get the below error message. Can anyone tell how I can correct this. Looks to me like I may have developed a virus? Please help if you can, I would really appreciate it. Thank you.

Before you reformat and reinstall windows where did you download AVG & Spybot from? Try scanning for viruses/malware at www.trendmicro.com they have a free online scanner.

[golfnut]

Budz thank you for the reply. I downloaded both from the original home website for each program. I have tried to scan using trendmicro but I can only get about half way through it and it just "hangs" and will not compete the scan and allow me to fix the problems. I have tried 3 times now on this. Thanks again.

[Dr_Layne]

This may help:

http://forum.grisoft.cz/freeforum/read.php?1,83613,83988

[GKar]

Guys I really do appreciate the replies and advice but after trying each and every suggestion here I am still dead in the water. Guess I will have to do the dreaded erase and reformat the hard drive, what a pain!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thank again.

If after you tried everything that has been suggested, pick up a copy of Norton Ghost or some other disk imaging program and always keep a backup of your latest working setup on hard disk and DVD, it will save you the dreaded reformat and install....

Last thought, if all else has failed, have you tried using Sytem Restore to revert to your last working setup? Restore back to before you think the problem may have begun.

[budz]

Budz thank you for the reply. I downloaded both from the original home website for each program. I have tried to scan using trendmicro but I can only get about half way through it and it just "hangs" and will not compete the scan and allow me to fix the problems. I have tried 3 times now on this. Thanks again.

your welx.
as suggested try using system restore to revert your pc to what it was before you installed AVG. if that doesn't work then a clean install of the operating system. then before you do the windows updates go to cnet.com download section and download avg and spybot search. install the avg first before doing the windows updates. just a hunch maybe that process would work.

[GKar]

If you decide to "get into" system partition imaging using Norton Ghost or something like it:

1) Image a clean install
2) Image after updating with all the latest Windows updates
3) Image after all the above and all your drivers
4) Image after all the above and your apps have been installed

Partition your hard drive:
c:\ System
d:\ files, downloads, email backups
e:\ norton ghost backups
f:\ games
g:\ video rips, etc......

Backup all important files to DVD-RW

This will keep you fairly bullet proof.

I like flexibility and redundancy

[INFRATOM]

http://housecall.trendmicro.com run and clean computer. empty your temp folder, download new avg download try again make sure firewall doesn't block installation. If same boot into safemode and run the file.

[golfnut]

Thanks to all who have tried to help but unfortunately after spending 4 days on all of your suggestions it looks like my only alternative is to reformat. Thanks again and have a great day.

[Scorpion King]

Have you tried "HijackThis v1.99.1". I have used it to find virus programs that start with Windows before. The program also gives you a way to 'stop' the virus from running on next boot.

Any programs Hijackthis shows up as being started with Windows that you don't know what it is simply run a google.com search for the program name and usually you can find out exactly what it is quickly.

Good luck.

[golfnut]

Scorpion King thank you for the suggestion. Below is the scan produced by HiJack. I am totally lost when it gets this technical with computers and do not know what to or not to delete. Any help would be appreciated. Thank you.

hijackthis.log

[Scorpion King]

Ok, I looked at the logfile and you look to be infected (hope it's not catching )

Download my list below - run HiJackthis.exe and put a checkmark next to each of the lines that are in my file - then click "Fix Checked". When done reboot the computer and run HiJackthis.exe again and look for any of on my list that may of came back if so check them again then click on "Fix Checked".

Run Windows Explorer and do a search on C:\ for the file names that are in those lines in my list and delete them.

Reboot the computer and run the test again.

-------

With all the toolbars and other stuff you have on there (and these problems) I would really consider doing a format and reinstall from scratch. The system is probably due. lol

Good luck.

I do hope Nelson37 will get in on this first. I trust his judgment more than my own.

delete_these.txt

p.s. = at your own risk of course.

[GKar]

Scorpion King thank you for the suggestion. Below is the scan produced by HiJack. I am totally lost when it gets this technical with computers and do not know what to or not to delete. Any help would be appreciated. Thank you.

hijackthis.log

I googled DR.EXE and it looks like a dialer...thought I recognized it...

http://www.google.com/search?client=opera&rls=en&q=dr.exe&sourceid=opera&ie=utf-8&oe=utf-8

all 3 items in your windows temp are possibly suspect:

C:\WINDOWS\TEMP\673140825.exe
C:\WINDOWS\TEMP\RarSFX0\dr.exe
C:\WINDOWS\TEMP\RarSFX0\drweb\drwebwcl.exe

Try here for removal help...great post to use hijackthis! scorpionking!

http://www.greatis.com/appdata/d/_/_windir__dr.exe_Removal.htm

Hopefully golfnut hasn't done a format c: yet.

[fatbloke88]

Hi,
ewido now known as AVG ANTISPYWARE run in safe mode normaly removes most nasties,just a thought.

[TBoneit]

Pretty much anything HiJack This shows as running from the temp folder can be considered malicious.

One thing also to do, open My computer, click Tools, Folder Options, View, check "Show Hidden FIles", Uncheck "Hide Extensions for known file types".

Then Open My computer, Select Documents and Settings, Select each users name one at a time, then Local Settings, Temp, Clear all the files, Then select Temporary Internet Files, Content.IE5 and clear all the files out. You'll free up space and hopefully delete any malware running from there.

BTW AVG Antispyware, and AVG Antivirus and Spybot, Try installing and running them in safe mode.

[Scorpion King]

The dialer isn't by itself on there.

My dealings with Hijackthis is I can run it on my computer and I have did it enough that I pretty much know what is supposed to be there and whats not. Finding something I don't know what it is I will do a google search for the filename and more than not I can find out if I want it on there or not. I will check and delete the entries and reboot to stop the processes but I don't stop there. I seek and destroy the old fashion way until I'm satified that junk is gone. But (knock on wood ) I've never had a virus or torjan on my computer. My serious seek and destroy missions have so far been on other peoples computers.... lol

As far as temp folders goes one of my routine install procedures is to change the system wide temp folder to windows\temp. That way all the temp junk is in one place and easy to keep track of. I guess that is just my preference from the old days. But its easier for me anyway.

Good luck.

[golfnut]

This is REALLY getting crazy now. First thank all of you, Scorpion King, Gkar, fatbloke88, and TBoneit. After trying each and everyone of your suggestions (took quite some time) here are the crazy results:

Scorpion King - I deleted you file list as suggested with HiJack except one which HiJack would not fix, 23 - Service Install Driver Table Manager (Driver t) Macrovision, etc.
I did find this file manually and deleted it, rebooted, and it is still up on HiJack, I know I deleted the correct file why would it not delete it? Could this be the file causing all the problems? If so how do I delete but here is something else that happend that is crazy.

I cleared both my temp file and temp internet files as Tboneit suggested. Right after the internet file was cleared I was able to download and open Spybot for about a minute and a half then it completely disappeared again, it was open long enough for me to do a back up file right at the beginning of opening Spybot when it disappeared. I immediately went back and cleared the temp internet files, tried to download Spybot again. This time it will download but will not open with the shortcut. Also the shortcut icon is a white square instead of being the normal Spybot logo. Its like something is blocking the shortcut or .exe file from loading or working. AVG anti virus will not even download period but Spybot will download, just will not open.

One other thing, my computer will not open in safe mode now. I have not done a reformat yet in hopes I can find and clean my files prior to saving them prior to the reformat. Hopefully this info will you so that you can help me further.

I can not tell everyone how much I really appreciate everyones advise and effort. Look forward to everyone's reply. Golfnut

[golfnut]

GKar I could not get the greatis.com website to open? Thank you.

[GKar]

This trojan is doing a DoS (denial of service) on you more than likely, keeping you from reaching certain domains or whatever.

I found this removal tip for your nasty, don't know if it will help.

If you cannot download the needed files because of the DoS problem, download the stuff on a friends computer and bring it to your computer.


Removing "Backdoor.irc.ratsou.b"

1)Download the following two items...

Trend Sysclean Package

http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.

http://www.trendmicro.com/download/pattern.asp

Create a directory.

On drive "C:\"

(e.g., "c:\New Folder")

or the desktop

(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.

Download the signature files (pattern files) by obtaining the ZIP file.

For example; lpt253.zip

Extract the contents of the ZIP file and place the contents in the same directory as

SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore

3) Reboot your PC into Safe Mode

4) Using the Trend Sysclean utility, perform a Full Scan of your platform and

clean/delete any infectors found

5) Restart your PC and perform a "final" Full Scan of your platform

6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any

System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

7) Reboot your PC.

8) If you are using WinME or WinXP, create a new Restore point

Good luck!

[MJA]

try Kaspersky online scan ,or try their 30 day trial.its one of the best AV I ever used

http://www.kaspersky.com/virusscanner

[TBoneit]

Another thing to look at is if your hosts file has been hijacked. That is a way to keep you off of malware removal sites and make sure you can get infected again.

In XP the hosts file should be in

\Windows\System32\Drivers\Etc\

And the file has no extension. IOWs open notepad and paste this into the open box

\Windows\System32\Drivers\Etc\Hosts

This is what it should show.


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Or you can just delete it. If it has a bunch of lines like the samples shown with the # sign in fron of them then it has been hijacked.
Also don't forget to open IE, go to tools, Internet Options and Security Tab and Advanced Tabs and set the settings back where they belong. Much of the Malware resets these to allow easy re-infection.

A program called HostsFileReader.exe can be used to easily view and reset the hosts file if needed.

[Scorpion King]

Like I said it's pretty bad. I'd do a format and reeinstall myself because of the length of the infection (more than 1 problem compounded).

If you try to do a backup of your files you need to remember this... make very certain you don't backup the source of these infections then infect your reinstall. I did that one time on a friends computer by getting in a hurry. The virus was hidden in My Pictures and I simply backed up the entire folder. Soon they were reinfected. So be careful ok.

best of luck.

[golfnut]

Thanks again everyone. Can anyone tell me how to open the windows\system32\drivers\etc\hosts folder mentioned by tboneit in below post. I can not find a working download of hostsfilereader.exe so is there another way I can open this file to edit it. Please be specific with your instructions as I am not overly computer literate. Thanks again all, you have been great.
Golfnut

[Jim44]

It should open in Notepad (or any text editor) just fine. Start Notepad, select "File->Open" and navigate to the folder where the hosts file is. You may need to change the box "Files of type" to "All files".

Done.

Jim