Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

avast error 10050

8K views 10 replies 2 participants last post by  kevinf80 
#1 ·
hello. last night i got a popup from one of my anti malware programs saying that a rootkit had been blocked.

today, when i started up my computer, it would not connect to the internet and i got a popup from avast giving me the 10050 error saying that it could not protect outgoing mail. i tried everything, no luck. i ran avast and avg, they said there were no infected files.

i downloaded malwarebytes on my other computer and transferred it to the desktop with a flashdrive. i ran the quick scan. it found 4 infected files, which i "resolved." i ran the full scan with no problems. internet still not connecting, still getting the 10050 error. i know i have malware, i just don't know how to get it off.

please help!
 
#3 ·
thanks, here it is:

Farbar Service Scanner
Ran by Lyssa (administrator) on 08-12-2011 at 15:47:56
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

**** End of log ****
 
#4 ·
Hiya laa73,

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


Ive attached afd.zip to this reply, unzip that file to your Desktop. Double click the file, agree the merge when prompted.

Re-boot your computer and check your connection. if successful run the following:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.
 

Attachments

#5 ·
you did it!!! i have no idea how you did, but i think you fixed it! i thought i must have misunderstood you when you said check your connection, but i followed your steps exactly and my internet was up again when you said it would be. i didnt have any problems with running the roguekiller. it also didnt seem to turn up anything interesting. here is the file:

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Lyssa [Admin rights]
Mode: Scan -- Date : 12/08/2011 20:45:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 secure. discsoft.com

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
#7 ·
Hiya laa73,

You had a damaged registry key, the file you unzipped and merged rebuilt that registry key. OK do the following:

Step 1

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type [Enter Option] and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Let me see the following:

  • Log from RogueKiller
  • DDS.txt
  • Attach.txt

Kevin...
 
#8 ·
"We need to see some additional information about what is happening in your machine."

Is there still a problem then? I figured because the internet was working again and my anti virus scans were coming up clean that everything was solved. :[

I haven't done any of the steps you've listed yet, but if you think it's necessary, I absolutely will.
 
#9 ·
Hiya laa73,

If you`re happy with your system hit the "Mark Solved " tab at the top of your thread. Delete RogueKiler and its logs, also delete Farbar Service Scanner and its logs, you can also delete the reg fix file you downloaded.
The registry back up you made with ERUNT can also be deleted because that was done before we fixed the registry. Either uninstall or keep ERUNT, your choice.

One scan I recommend that you complete and follow is this:

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....

...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Kevin
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top