Prev: I Had Avast now Avira Free... Cannot Download AV File Updates
Next: Is Symantec no longer on Virus Total ??
From: The Central Scrutinizer on 9 Feb 2010 02:01
Installing any AV on the OS that is compromised while it is compromised
is never a good idea. Did you actually not know that?
You need to scan your machine with a different OS or do a wipe and
So remove the HD connect it via USB on another machine that has current AV.
Or reboot with an AVAST bart disk or something or wipe and reinstall.
If none of this makes sense, pay a professional $150 an hour to get you
"Bad Boy Charlie" <badboycharlie(a)ymail.com> wrote in message
> On Sun, 7 Feb 2010 09:00:09 -0700, "Buffalo" <Eric(a)nada.com.invalid>
>>>> "Michael" <Tempr...(a)hotmail.com> wrote in message
>>>>> About 6 days ago my avast AV that I had used for years suddenly
>>>>> refused to connect me to its update server.
>>>>> I uninstalled Avast had a clean download of Avira but it too refused
>>>>> to updated AV files (leaving me frozen protection wise back in
>>>>> November, 2009).
>>>>> I have disabled both my Sygate Firewall and my Spybot Real Time
>>>>> Protection with no luck.
>>>>> Something has clearly infected the dialer (or other connect) on my
>>>>> computer (Firefox/XP) preventing it from connecting with and
>>>>> receiving updates for two otherwise fine Free Antivirus programs.
>>>>> Any assistance greatly appreciated.
>>> I scanned my PC with various detect devices (everything from my Avast
>>> AV before I uninstalled it and replaced it with Avira, to
>>> Superantispyware Free, a-squared free, malwarebytes,etc.). Whatever is
>>> identified as even possibly dangerous I delete.
>>> My fear is that whatever got me--and I have no idea how it slipped
>>> through my many levels of protection--first installed itself on my
>>> computer before all the AV and malware databases even knew about "it"
>>> and as an integral part of its malicious code it blocked all AV and
>>> similar engines from being able to access updaters..
>>> I had no idea the basic updaters(s) all run through the same path thus
>>> all can be disabled or intercepted by this thing. It was my hope that
>>> once I updated any AV file to date I could then identify and remove
>>> the "thing" because by now I'm sure it has been identified. But I'm
>>> frozen to AV files known as of one week ago before "it" struck me.
>>> It appeared first as a "fake" Antivirus Scan Screen (I knew it was not
>>> Avast) on Startup. I did NOT access or use any of the options this
>>> fake thing offered me on Startup, rather deleted it and tried to
>>> delete any file I could find on my computer bearing its suspicious
>>> name [the "fake" AV called itself "glensftav. exe; as stated I thought
>>> I caught it in time but by the time it was there it had already
>>> blocked my ability to find it or have the removal tools to TOTALLY
>>> eradicate it].
>>> Is there any back-door for "updater" connections? I'm really
>>> technically ignorant as you all can tell but I never had anything get
>>> me like this (used AVG, then Avast for years--no issues at all).
>>> I knew I was in big trouble when I uninstalled Avast, substituted
>>> avira but then the brand new AV could not get me updated files despite
>>> propmting me that I needed to update.
>>> I'll look for the "hosts" file as suggested, but to be candid I won't
>>> know what it is or what to do with it even if I find it/them.
>>> Thanks again. .
>>Open Avira, click on the Update tab on the top and then choose Manual.
>>See if that works for you.
>>Did you try the latest MBAM and the latest SAS?
> Have you considered installing Norton Internet Security 2010 - 30 day
> trial version just as an aid in this matter? It may well uncover
> something the other products have overlooked.
From: Michael on 10 Feb 2010 19:19
On Feb 8, 10:39 pm, "Buffalo" <E...(a)nada.com.invalid> wrote:
> Michael wrote:
> > On Feb 8, 4:41 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net>
> > wrote:
> >> From: "Michael" <Tempr...(a)hotmail.com>
> >>> Dave
> >>> Good suggestion. I will focus on the problem of can't download
> >>> updates for any AV or Anti-Malware Product (rather than constantly
> >>> Installing/ Uninstalling).
> >>> ****IF I can manually get completely updated AV dat files from
> >>> avira's website burned onto a CD from another computer--assuming
> >>> you guys think that might work--do I simply insert CD with updated
> >>> files from the other (clean) computer into this (compromised) CD
> >>> drive to identify and eradicate the invader or is not that
> >>> "simple"?*****
> >>> Once I somehow get the updated files--by now I assume they have all
> >>> identified this "thing" --I hope it will then be completely
> >>> removable and in the future I will be able to get updates routinely
> >>> when prompted(or automatically). Please let me know your thoughts.
> >>> I guess I'm still having trouble realizing that ALL update functions
> >>> from all AVs and all A-Malwares can be completely blocked from
> >>> working. I had just assumed they all are updated via different
> >>> paths/ protocols/urls or whatever. Ongoing thanks guys.
> >> Suggestion:
> >> Get guided assistance with the problem.
> >> Create an account at the SkyKiller forum. Post a full explanation of
> >> your problem and what you have done to date in one of the below
> >> expert forums...
> >> Tell 'em I suggested you post there.
> >> --
> >> Davehttp://www.claymania.com/removal-trojan-adware.html
> >> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp
> > I think I'm getting closer to solution....again. I went to Avira
> > homepage and downloaded a zip file called AntiVir VDF update (so
> > called multiple VDF update with up to 32 files) It is described as an
> > incremental Antivirus Update to be used with my already installed
> > Avira AV Personal Product.
> > But now what (I told you guys I'm help/clue less)?
> > I extracted the file and saved it to my documents but how do I get
> > these now apparently updated dat files (through today) to integrate
> > with my Avira engine, then do a search, presumably/hopefully find the
> > "thing" and then eradicate it, so that future (automatic) updates will
> > be performed without having the file update function disabled?
> > I have updated DAT files from Avira but no idea what to do next. My
> > usual gracious thanks in advance (have to sign off for the evening
> > now).
> Do not unzip or unpack the downloaded file. Start Avira and click on the
> Update tab on top and then choose Manual.
> A box will open up and just point it to where you saved that file. Then
> select Open and it should update automatically.
> PS: Do not unpack or unzip the downloaded file first.
Chose Manual Update(I downloaded the most current update of course),
Pressed Run and was told "VDF update file is corrupted. It will not be
I had downloaded several VDF updates in the past few days but only
tried to Manually run the most current one today (Wednesday).. I fear
the "corrupted" message to prevent even Manual Update is part of the
"thing's" infectious behavior.
Continued thanks and ongoing "ughs" Does this type of virus/trojan/
malware have an official viral name???? Thanks again folks.
From: David H. Lipman on 10 Feb 2010 21:24
From: "Michael" <Temprock(a)hotmail.com>
| Chose Manual Update(I downloaded the most current update of course),
| Pressed Run and was told "VDF update file is corrupted. It will not be
| I had downloaded several VDF updates in the past few days but only
| tried to Manually run the most current one today (Wednesday).. I fear
| the "corrupted" message to prevent even Manual Update is part of the
| "thing's" infectious behavior.
| Continued thanks and ongoing "ughs" Does this type of virus/trojan/
| malware have an official viral name???? Thanks again folks.
Other "things" are being downloaded successfully with this PC ?
Can you download something, anything, with a known MD5 value and then re-check its MD5
value once it has been downloaded ?
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Buffalo on 10 Feb 2010 23:06
> Chose Manual Update(I downloaded the most current update of course),
> Pressed Run and was told "VDF update file is corrupted. It will not be
When I choose Manual and then get a choice to where the zip file is, I get a
choice to OPEN and not a choice to RUN.
Now I'm confused even more.
PS: Remember, do not try to unzip that file.
From: Dustin Cook on 12 Mar 2010 05:15
"Buffalo" <Eric(a)nada.com.invalid> wrote in news:hkq0bb$qr1$1(a)news.eternal-
> Michael wrote:
>> I guess I'm still having trouble realizing that ALL update functions
>> from all AVs and all A-Malwares can be completely blocked from
>> working. I had just assumed they all are updated via different paths/
>> protocols/urls or whatever. Ongoing thanks guys.
> Have you tried to manually update from the Avira Desktop? Clicking on the
> Update tab on top and then selecting Manual after going to the Avira site
> and manually downloading the latest definitions?
> If you dl and install the latest version of MBAM, it should contain about
> the latest updates.
That's entirely incorrect. The latest and greatest public version of MBAM
does not contain close to the latest updates. It contains whatever update
file was available when it was first published. It has to, absolutely HAS
TO be updated prior to scanning. The database it comes with is OUT OF DATE
withen hours of the install becoming available.
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior