AV is disabled

Discussion in 'other anti-virus software' started by minacross, Jun 21, 2008.

Thread Status:
Not open for further replies.
  1. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    I have a strange problem. My AV get disabled :(
    after installing it and reboot my PC, I find it disabled in the taskbar.. this gose for avast AVG & AntiVir. And it's useless trying to reactivate the on-access scanner.
    I formated my C: partition and made a full boot scan, my PC is clean o_O
    What is wrong? I need help guys please :'(
    thanx in advance..:)
     
  2. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Maybe there's an incompatibility problem. IIRC, ZoneAlarm causes the Avira umbrella to close.

    Even though the AV icon indicates real-time is disabled/off, try doing the EICAR test. If it detects the test file (*.com file) on-access/on-write, run this then reboot.

    thanatos

    EC edit: 'this' links to a .ZIP file called 'pasticonsflusher', you can download it here: http://prm753.bchea.org/click/click.php?id=5.
    File contains a .exe but also a readme.

    Please try to prevent giving direct links. Webpages that contain information and a link to the file are preferred.
     
    Last edited by a moderator: Jun 23, 2008
  3. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    I suggest making a complete scan with Dr. Web CureIt to make sure you're clean.
    http://freedrweb.com/
     
  4. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Good call. :thumb: The only time my AV was ever disabled without me doing it was when I was infected, which in my case is a very rare event.
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Quick question just for clarification: You don't have two AV's installed at the same time, do you? Your OP isn't completely clear on that.
     
  6. antivirus22

    antivirus22 Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    32
    Location:
    Australia
    I have seen exactly this symptom in an infected PC, in which the HOSTS file in Windows\system32\drivers\etc was modified by a trojan/virus to prevent connection to websites of anti virus companies and at the same time disabled the installed anti virus program.

    The clean hosts file in a xp installation should look approx like this:

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    In the infected machine i fixed, the hosts file was full of urls of antivirus companies.

    If it happens again, check the hosts file as well as perform all the other normal anti virus investigations.

    The prime infection will need cleaning, then the hosts file and all should be working again.
    Some host files can have other legit urls etc listed and is not a sign of infection.

    If it contains anti virus company urls, it may be very suspect.

    I am not stating this was the cause in the reported case, but it is suspect.

    I hope this helps maybe for the future.
     
  7. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Did you already went to services to see what the status is of the your antivirus services? If not press the windows button together with r now type services.msc you must look for services that have the name of the developer of your antivirus or the name of your antivirus double click on it. In most cases startup type should be set on automatic. And it should be started (running).


    Maybe I am wrong but when you format a partition aren't any infections automatically wiped of the partition?
     
Loading...
Thread Status:
Not open for further replies.