AVG problem

[Robert Reed]

I downloaded Free AVG about 2 years ago and last week I started getting popups telling me it can't make the connection to AVG to add updates. Tried to enter program from list and a window comes up saying access refused. Went on the internet and googled up AVG. On the web page, I can download all the cites except anything that has to do with Free AVG - same window - access refused. Cant get thru to them nohow, no way. Last couple of days a hidden icon is lurking in my task bar that comes up as "mIRC". I have no idea what the h*ll it is except it looks like some weird remote internet connection. Attempts to go into the control panel and delete this have failed as it says I must close that program first but i have not opened it. Computer seems slow on startup and occasonally monitor is blank screen. HELP!

[Bigglez]

I downloaded Free AVG about 2 years ago and last week I started getting popups telling me it can't make the connection to AVG to add updates.

From PC Magazine (review DATE:05.02.08)
Grisoft recently changed its company name to AVG Technologies in recognition of the popularity enjoyed by its free AVG antivirus. AVG Anti-Virus Free 8.0 is an especially significant new release because it integrates full-powered spyware protection and adds AVG's new LinkScanner Web-protection technology. This version is free for noncommercial home use only. It doesn't include any support from AVG, but if you run into trouble, you can get help from other users in AVG's discussion forums.

Grisoft
http://www.grisoft.com

[CeaSaR]

Robert,

Has anyone else been using your computer? mIRC sounds like an IRC
chat client.

An effective way to see all processes and also shut individual processes
off is to use Sysinternal's Process Explorer. I have a computer that
has seen the ravages of a young teen, and boy can it be a dog. Using
"PE", I can shut down everything that is not Microsoft or "necessary"
software such as AVG etc. and it comes back up to speed. Once the
offending program is shut down you may then remove it.

As for AVG, you probably need to upgrade to version 8. The free home
version can be found here, as well as updates for the free version.
The free and pay versions have 2 different sites, and usually they don't
link between.

Last, I would run a full scan with AVG and any other spy/mal/adware
scanners you may have in order to make sure your computer is clean.

CeaSaR

[Bigglez]

An effective way to see all processes and also shut individual processes
off is to use Sysinternal's

Or, use the Microsoft Windows Task Manager
bundled with the OS. On the tasks tab you can see
exactly what processes are running. Hit 'CPU' twice
and they are sorted in desending order of priority.
Hit the image name of any you're interested in and
it will be highlighted (easier to track activity).

A very common Windows OS problem is the
registry (don't be tempted to edit these yourself -
a single keystroke error will cripple your OS).

I have used RegCure to detect and remove errand
registry keys. These greatly slow the OS.

Follow that link to get a free scan of your OS.
(You'll need to buy it to remove any errors detected).

[CeaSaR]

Hi Bigglez,

I use Windows Task Manager for the simple stuff that I know is definitely
what I want to deal with. PE gives a lot more info in an easier to read style
that lets you quickly and easily determine what's going on. Since Robert
couldn't find mIRC to turn it off, I recommended it over Task Manager.
If, perchance Robert knows what it is called in Task Manager and can get
it to shut off, then he can forego PE. The nice thing about PE is that you
get it through MicroSoft's own website, so you can trust it just as you trust
MicroSoft.

Another helpful bit of software is Unlocker. From Download.com:

"Ever had such an annoying message given by Windows: Cannot delete
file: Access is denied. There has been a sharing violation. The source or
destination file may be in use or the file is in use by another program or
user. Make sure the disk is not full or write-protected and that the file is
not currently in use. Unlocker is the solution. Unlocker is an Explorer
extension that allows you with a simple right-click of the mouse on a file
or folder to get rid of error message such as error deleting file or folder,
cannot delete folder: it is used by another person or program."

Hope you get rid of the problem Robert.

CeaSaR

[Robert Reed]

Caesar
I called up"PE" and although I didn't understand all the gobbledegoop that went with it it, I did manage to ferret out -mIRC- and get a drop down menu to select 'Kill it'. Dis so and problem gone Thank you very much.
Funny thing is when I clicked on your "HERE", I immediately got a popup- ACCESS DENIED-, so I have to assume that was a link to the AVG sites I previously Googled up. This is getting creepy, almost as if AVG FREE has barricaded every door to keep me from entering
Ran an AVG scan on whole computer and nothing found except one of the categories called WARNINGS showed a figure of 190. Have no idea what that means, but it has the same icon attached to it as the INFECTIONS FOUND line.

Do you think if I just uninstalled AVG and the went to their website that I could download and start all over? Been wanting to do this, but if I still get 'Access Denied' window, I wont have any protection at all!

[Robert Reed]

Oh Rats!!
I spoke too soon. Upon booting up my computer again that #@**%$ mIRC is back again. Went back to PE and clicked on KILL & ALL ITS DECENDANTS - same thing,went away again and then on the next bootup its back.
I use DSL, but tried to get AVG site by switching to dial up and same "Access Denied" window pops up.
I uninstalled my current AVG program and went to the web and found the latest AVG (80.176) version from Hippo something or other. Download was succesful and installed in my computer. Update manager is saying it is active and will be daily at 12 Pm. Will see what happens. Not to confident though as I tried to open the help menu and same deal "Access Denied".
Now I am also wondering If Windows XP firewall may be blocking something out.

[CeaSaR]

Ok Robert, at least you know how to get to mIRC. Once you shut it off, go
to control panel and uninstall it. That will at least prevent it from coming
back.

The link to AVG comes directly from my version of AVG free. I went back
through and followed all the links and it took me to CNET/Download.com.
The link to that site is here. Download the new version there and install
it. You should be able to get back on the straight and narrow after that.

Let us know the outcome.

CeaSaR

[SETEC_Astronomy]

Robert Reed I'm afraid to inform you that you're computer is most likely heavily infected and is part of a botnet. Most/all botnets use IRC as their primary command and control channel. If it were me I would backup all the data I wish to keep and wipe the drive so I can get a fresh start as it's virtually impossible to reverse an infection beyond all doubt some infection remains. If you're unwilling or unable to do so I would get the latest AVG, AVAST (also free to home users) or ClamAV (Free to all and open source) and install it/them. Once you have the new Virus scanner, update the software and immediately remove your computer's Internet connection until you've cleaned the machine of all malicious software. If a virus scanner doesn't pickup what you've got you may want to try a program called Malware Bytes or Spyware search and destroy. If you need a more in-depth walk through let me know as I'd be glad to provide the assistance.

[Robert Reed]

Caesar & Setec
First of all I would like to thank you for your efforts to help me resolve this problem. I hope you will forgive this rather lengthy post, but I thought all details might be helpful, so here is the sequence of events as it stands now:

1-02-09 Daily AVG updates failed and remain so. Attempts to get into AVG gives popup "Access Denied".

On or about that time computer bootup slowed down and a curios blank area between two icons on the right side of the desktop's taskbar tray appeared. By placing the mouse pointer over it, a message came up - "mIRC". had no idea what it was or how it got there. Left click on mouse produced a menu and appears that it was some sort of weird internet connection with choices that I did not understand.

Went to control panel, located and attempted to uninstall
Popup says cannot do this as program is running and have to shut down before uniinstall. No can do as I can't seem to shut it down.

Used Caesars suggestion for a web site to show programs running on my computer. "mIRC" being one of them. After much confusion I ferretted out an option called KILL, and this shut it down. Now able to go into control panel and uninstall. operation successful exept for one thing - computer says that one item could not be removed.

So I thought OK it is not hidden on the task bar anymore and not running, problem solved. Next time I boot up, a window appears on the desktop with the "mIRC" complete with toolbar and such. This can be scratched and I am on my merry way. But I did return to the control panel and there it is awaiting another 'Uninstall' operation. Apparently it is reloading the program every time it boots up - or - it never completely went away.

Next I uninstalled my AVG program and attempted to down load a new one from various AVG sites on the webpage. Any sites referring to FREE AVG gave popup - "Access Denied". However the pay for AVG program sites came through loud and clear!

Went to other websites that offered AVG FREE such as Caesar suggested, exept the one I used was Hippo something. They offer a variety of free antivirus programs and I clicked the FREE AVG, down load was successful and so was install. Ran a scan on whole computer and (3) viruses were detected. two were from a year ago and were locked in a virus vault (some sort of a jail?). the third one was a Trojan horse that was sitting there waiting to be moved, but more importantly was detected on the now infamous date of ----1-2-09------. Moved this to virus vault.

Went to my sever Home page and clicked on anti- virus sites. All sites clicked on came up with the same message - PAGE NOT FOUND, about like the "Access Denied" messages I got from AVG.

Setec, it looks like you have called it right (a virus associated with "mIRC") and here is where I am at today:
The "mIRC" program window comes up at every bootup, but can be closed and put out of the way. Trying to uninstall it only seems to work during that session.
The AVG still will not update and denies me access to any information in regards to that.
Many free sites for bug detection 'cannot be found'.
The "mIRC" can be stopped and cleared from the desktop by clicking appropite buttons.
The rest of computer operation is and has been relativly fast and error free, other than the fact it is not quite as fast and the bootup loading is much slower, and also get frequent popups that' Windows has encountered a problem and has to shut down'. Desktop loads fast, but any time pointer is moved to an icon (i.e. E-Mail; browser) it sits there with an hour glass for quite a while before any operation can proceed.

Wait a minute, I just got a message that daily update was performed successfully (first time since 1-02-09). Let me check this out before I proceed.
OK , A scan started and finished without failure. Results are (4) infections found and and healed or removed.
An over view of AVG shows UPDATE MANAGER WORKING, ANTIVIRUS is out dated and Anti SPYWARE is out dated

Well, I hope I have not bored you guys to death, but I wanted to include all pertainant details hoping they would help you. I am going to submit now and the restart computer to see if anything has changed - will edit post if it has.
New edit - good scan must have been a fluke as 'update now' back to not funtioning condition.
Rescanned whole computer with AVG and no infection found, but about 100 or so warnings(all related to cookies) - put the whole batch in the virus vault. Later went to defragment C drive and popup says this progam won't load. Being "Computerly impaired" this is really getting frustrating. Is it time to drag out the old double barrel 12 guage?

[evahle]

evahle

[reloadron]

Hi Robert

I think what you have is actually Agobot Trojan.

Agobot Trojan is a malicious program that uses its own algorithms for the purpose to damage its vitcim's computer. Agobot Trojan may modify your Internet settings and disables the function of automatic security updates. Once security settings are lowered, Agobot Trojan will scan for IRC client with a reason to infects it. Therefore, the hacker gets access over the infected computer and may control it via IRC network. The opened security hole allows attacker to install aditional malware and steal personal information.

Just for the heck of it why not give this a read:

http://www.geekstogo.com/forum/Help-mIR ... 41325.html

The post in the link are a few years old but running HJT (Hijack This) may reveal a few key elements. I would run it. HJT can be downloaded from here:

http://www.download.com/Trend-Micro-Hij ... 27353.html

Ron

[Robert Reed]

Well Ron
This gets stranger and stranger. First website - popup says "Access Denied"
Second website tried two downloads and one would not download correctly. The other one (hijack) downloaded install on desktop but will not install in my computer - just sits there and does nothing! After awhile I tried to delete it and I get a popup - Access Denied due to Write protection or in use!
Does the anti-virus have a virus? What do I do now?

[kheston]

RR,

I fixed a PC a few weeks ago with symptoms similar to yours that was rootkit-based. Very nasty. It shut down the virus and spyware checkers that were loaded and redirected all Internet traffic (including virus def updates) to places the user didn't want to go.

After spending more time than the computer was worth, I finally landed here:
http://www.bleepingcomputer.com/combofi ... e-combofix

The ComboFix utility was the only thing that worked. Be sure and follow their instructions carefully if you decide to use it. Used correctly, it actually replaces all of the affected windows components with originals from Redmond. Use with care.

HTH

[SETEC_Astronomy]

Sounds like you've got a real nasty one. The nasty ones disable Anti-Virus programs so it's very difficult to remove the malicious code. It's obliviously in the bad guys interest to keep you infected or to direct you to a fake site to "fix" your problems when really you just install more bad software. You do have a few options and the better of which require you have access to a second un-infected computer with Internet access. If you just have your heart set on cleaning things up rather than starting fresh I would personally go about resolving the issue by booting up a Linux live CD (Good one to use is Ubuntu), installing ClamAV (in the Ubuntu repository) and doing a scan of your Windows drive. You can try running the previously mentioned malware/virus scanners in safe mode (press F8 repeatedly before you see the Windows Logo boot screen) and see where that gets you. Unless you just have years of programs that are irreplaceable or hard to find plus tons of data you can't backup I would like to strongly suggest a drive wipe with a fresh OS install. It will take some time but so would a scan of your entire drive and the scan isn't guaranteed to fix your problem. It's possible you have a rootkit on your computer which can only be cleaned with a full drive format. AVG has a rootkit scanner that's free but telling you that when you can't access their site is kind of pointless. I'm not sure if there is a Windows varient but if you use the Ubuntu live cd there is a package in the repos called rkhunter which will scan for possible rootkits. If you're leaning a certain way in how to fix your computer just post it and I'll try to help you to that end.

Edit: kheston beat me to the punch. I've never heard of a successful cleaning of a rootkit or of combofix but if it works fantastic. I'll have to add it to my "toolkit".