1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

avast error 10050

Discussion in 'Virus & Other Malware Removal' started by laa73, Dec 7, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    hello. last night i got a popup from one of my anti malware programs saying that a rootkit had been blocked.

    today, when i started up my computer, it would not connect to the internet and i got a popup from avast giving me the 10050 error saying that it could not protect outgoing mail. i tried everything, no luck. i ran avast and avg, they said there were no infected files.

    i downloaded malwarebytes on my other computer and transferred it to the desktop with a flashdrive. i ran the quick scan. it found 4 infected files, which i "resolved." i ran the full scan with no problems. internet still not connecting, still getting the 10050 error. i know i have malware, i just don't know how to get it off.

    please help!
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya laa73,

    Run this and let me see the log, download to your clean PC and transfer to the infected one:

    Please download Farbar Service Scanner and run it on the computer with the issue.

    [​IMG]

    Check "Include All Files" option.
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.
    Kevin
     
  3. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    thanks, here it is:

    Farbar Service Scanner
    Ran by Lyssa (administrator) on 08-12-2011 at 15:47:56
    Microsoft Windows XP Professional Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    afd Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

    Connection Status:
    ==================
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

    **** End of log ****
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya laa73,

    The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

    • Download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    • Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    • Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    • Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    • Make sure that at least the first two check boxes are ticked
    • Press OK
    • Press YES to create the folder.
    [​IMG]

    Ive attached afd.zip to this reply, unzip that file to your Desktop. Double click the file, agree the merge when prompted.

    Re-boot your computer and check your connection. if successful run the following:

    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.
     

    Attached Files:

    • afd.zip
      File size:
      670 bytes
      Views:
      7
  5. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    you did it!!! i have no idea how you did, but i think you fixed it! i thought i must have misunderstood you when you said check your connection, but i followed your steps exactly and my internet was up again when you said it would be. i didnt have any problems with running the roguekiller. it also didnt seem to turn up anything interesting. here is the file:

    RogueKiller V6.1.12 [12/02/2011] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Lyssa [Admin rights]
    Mode: Scan -- Date : 12/08/2011 20:45:18

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 1 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 secure. discsoft.com


    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  6. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    ps. thank you so much! is there anything else i need to do? thank you, thank you, thank you!
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya laa73,

    You had a damaged registry key, the file you unzipped and merged rebuilt that registry key. OK do the following:

    Step 1

    Quit all running programs and run RogueKiller once again.

    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type [Enter Option] and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.

    Step 2

    We need to see some additional information about what is happening in your machine.
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE

    Let me see the following:

    • Log from RogueKiller
    • DDS.txt
    • Attach.txt

    Kevin...
     
  8. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    "We need to see some additional information about what is happening in your machine."

    Is there still a problem then? I figured because the internet was working again and my anti virus scans were coming up clean that everything was solved. :[

    I haven't done any of the steps you've listed yet, but if you think it's necessary, I absolutely will.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya laa73,

    If you`re happy with your system hit the "Mark Solved " tab at the top of your thread. Delete RogueKiler and its logs, also delete Farbar Service Scanner and its logs, you can also delete the reg fix file you downloaded.
    The registry back up you made with ERUNT can also be deleted because that was done before we fixed the registry. Either uninstall or keep ERUNT, your choice.

    One scan I recommend that you complete and follow is this:

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Kevin
     
  10. laa73

    laa73 Thread Starter

    Joined:
    Dec 7, 2011
    Messages:
    6
    thank you so much!
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You`re welcome....
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030181

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice