Folder AVG Forums » Archive » Archive » AVG Home » AVG 2012 » Is This A Completely New Type Of Hijack?
January 19, 2012 17:42 Re: Is This A Completely New Type Of Hijack? #188093
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
AVG version..

Thank you very much for the clarification. Did you look at the pasted log please and what is the situation with GMER
Many thanks for the speedy reply
Albear
January 19, 2012 22:04 Re: Is This A Completely New Type Of Hijack? #188116
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
nemethste wrote
Hello albear2006,

Current version of AVG is 2012.0.1901. When you try to download the file from our website, you will see a version in a the name of downloaded file (for example avg_avct_stb_all_2012_1901_free.exe).

Please completely re-install AVG in order to fix the icon issue as described in AVG 2012 (incl. Previous Versions) Uninstall / Re-Install Instructions sticky post.

Do not forget to follow After restart section and make sure that you are using right version of remover (64 bit).

If you are suspecting that you are infected by some malicious software, please provide us with both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

Thank you


___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us

The icon error is not the issue, I am not worried about an icon error if that is what you say it is. Would I be wrong in thinking you have not looked at the text from the dll file? Reinstall at this stage may mask the problem. Before I reinstall could you please confirm that the text of this file is what you would expect?
I could not run GMER because of the greyed boxes are you suggesting that by reinstalling I would be able to run? GMER will I am sure find nothing.
My ACVG is configed to only connect direct to a Public profile, with only IVP4 allowed for safe DNS client for safe and DCHP for all; but logs are suggesting i am on a domain, I am a home user with all my machines on public settings with nothing shared. In area adapters I have blocked 8 x ISATAP 3# in adapter settings, AVG 'creates' a new one, each time I block one, how does AVG allow another to be created 'unassigned'.
What's the problem, do you want to prove I'm wrong or are you fair enough to say OK let's check in case this guy has actually got a problem, what is your slogan Protect us all?? At the moment it seems ignore this prat of a guy.
GMER will not pick up anything I have run them all. Is your perspective 'that proves there's nothing wrong'. It's the perspective of 'we've always done it that way so it must be right' , that's blinkered. I'm sorry if this is sour but I am angry, frustrated and in despair, the hijacker is laughing because 'it' has found a weakness in your principals of security. And you are sitting in your Ivory Tower thinking I'm an idiot, thanks guys, we're in this together? Yeah it feels that way NOT.
I feel like someone found guilty of something he never did and desperatley trying to find a way to prove my innocence.
Please look at what I pasted, your file has been tampered with. Why would your diagnostic say AVG is not on my machine??
January 20, 2012 07:45 Re: Is This A Completely New Type Of Hijack? #188131
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
Version no..

Thank you for your earlier explanation about versions. How do I check if I have a correct up to date version if when I click on 'support' if it does not show this, but the original download version?
And I am in 'support' presented with the facility to copy to clipboard the licence code, my licence code displayed is not the complete code, I thought perhaps it was some sort of security where when I click the full code would be copied. But when I copy it copies the incorrect code, could you explain how that works please? I'm assuming that I should be able to see and paste my full licence.
I've just looked at applications running through AVG firewall and it would appear your trusted database has allowed a program Tific client (4 times) (TIFIC.exe) through the firewall. I've done a search and see this has been raised before but the end of that thread says it was passed to your developers, do you know what this file is please?
January 20, 2012 09:01 Re: Is This A Completely New Type Of Hijack? #188138
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
GMER a threat???..

Because I could not run GMER on this ACER I decided to try and run on the TOSHIBA to see if the greyed out box problem would be removed. I copied the GMER zip file on to my memory stick and transferred the file to my Toshiba.
The greyed out box problem remained, the scan however started and then AVG popped up to tell me GMER was a threat ... now I am totally confused.
Oh yes removabe device scan is enabled on both machines for all folders and all types of files and the memory stick was clean according to both machines.
I attach a screenprint of the warning, is this normal? I should add that windows staed there was a critical error but I did not get that and that my machine would shut down in one minute, though it did not, in fact I had asked the AVG warning to shut it down and it just froze, I ended up switching off and as an afterthought windows started normally without telling me it had shut down wrongly, it did not offer me the option of safe mode etc
Thank you
Albear
yes.jpg
January 20, 2012 09:42 Re: Is This A Completely New Type Of Hijack? #188143
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello albear2006,

To check which version of AVG you have, please follow these steps:

1. Open AVG User Interface
2. Go to Help
3. Click on About AVG
4. Select Version tab.

Please follow steps mentioned in my previous post in order to resolve the issues you are experiencing

Also please note that Gmer logs may not be very user friendly to understand and even advanced user may not be able to identify some kinds of infection.

albear2006 wrote
In area adapters I have blocked 8 x ISATAP 3# in adapter settings

The Internet/Site Automatic Tunnel Addressing Protocol (ISATAP) connects IPv6 hosts/routers over IPv4 networks and it is legitimate part of system. ISATAP views the IPv4 network as a link layer for IPv6 and views other nodes on the network as potential IPv6 hosts/routers. ISATAP supports automatic tunneling and a tunnel interface management abstraction similar to the Non-Broadcast, Multiple Access (NBMA) and ATM permanent/Switched Virtual Circuit (PVC/SVC) models.

Should the issue with grey Gmer persists even after AVG re-installation, please temporarily disable AVG components then try to run Gmer again.

Thank you.

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
January 20, 2012 15:24 Re: Is This A Completely New Type Of Hijack? #188176
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
IPV6 etc..

I have IPV6 disabled on my adapter , I have it blocked on AVG, for connected directly to the internet, small office and domains, I have all my miniports and ISATAPS disabled in device manager both Isatap 1 and Isatap 2 are disabled, Isatap3 is hid, so wden and i've just disbaled as teredo tunnel and I've done the same with that. You are telling me that even though I have disabled all access to IPV6 that it will still automatically connect (and TCP/IP Netbois is disabled in Services). Can you confirm for me that no matter what I do IPV6 will connect?

I'm being thick here, you are suggesting if I disable AVG the dialogue box will no longer be greyed out is that right? And that AVG does not like GMER but you are using it as your main tool to say I do not have a problem?
You still do not mention the notation of the file I pasted, why is that? Now I've taken a look at the file and in properties it tells me it is opened by an 'unknown application' does this mean it is not an AVG file, it is in the AVG folder. I wonder how many files there are in the folder that aren''t AVG or is that AVG doesnot identify itself in file properties?
One thing that is again interesting to me, is the amount of XP files on my machine, there are many files especially in system32/drivers opened by 'unknown applications' when I google them they say they are part of the XP o/s, weird? I attach a screenprint of Taskmanager so you can see what it is listing as AVG files. I also paste the notation from another AVG file, V Protect, another corrupt file it seems? I would be delighted to have an explanation about these two files either to put me in my place or to help me understand, I don't mind your motivation, I'd just like to know how this is happening!

SQL logic error or missing database
This program cannot be run in DOS mode.
fofoNfoV fo0f
uVu uPu
uBuQu Iu4u.
qu ruyquyqu
string too long
invalid string position
regular expression error
Unknown exception
runtime error
TLOSS error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.Please contact the applications support team for more information.
This application has requested the Runtime to terminate it in an unusual way.Please contact the applications support team for more information.
Microsoft Visual C
program name unknown
Runtime Error
bad exception
trinidad tobago
south korea
south africa
pr china
great britain
spanishpuerto rico
spanishel salvador
spanishdominican republic
spanishcosta rica
englishtrinidad y tobago
englishsouth africa
american english
local static thread guard
managed vector copy constructor iterator
vector vbase copy constructor iterator
vector copy constructor iterator
dynamic atexit destructor for
dynamic initializer for
eh vector vbase copy constructor iterator
eh vector copy constructor iterator
managed vector destructor iterator
managed vector constructor iterator
placement delete
placement delete closure
omni callsig
local vftable constructor closure
local vftable
udt returning
copy constructor closure
eh vector vbase constructor iterator
eh vector destructor iterator
eh vector constructor iterator
virtual displacement map
vector vbase constructor iterator
vector destructor iterator
vector constructor iterator
scalar deleting destructor
default constructor closure
vector deleting destructor
vbase destructor
local static guard
Run, DefaultSearchProviderGUID
Microsoft\Internet Explorer\SearchScopes
Software\Microsoft\Internet Explorer\SearchScopes
OnRegistryKeyChanged, g_bUserChangedSettings
OnRegistryKeyChanged, bKeyChanged
OnRegistryKeyChanged, bGuardEnabled
OnRegistryKeyChanged, protecting.. let
OnRegistryKeyChanged, protecting..
OnRegistryKeyChanged, NOT protecting..
changeDefaultSearchProviderGUID Create CRegKey success
checkOriginalValue QueryStringValue failed
checkOriginalValue original value isn
KeyChangedfailed to read registry
KeyChanged key didn
KeyChanged key changed
Software\Microsoft\Internet Explorer\SearchScopes\
GetChangedName UrlEscape failed
GetChangedName QueryStringValue failed
GetChangedName Open failed
An attempt to change your default search provider was successfully blocked.
Start Page
Microsoft\Internet Explorer\Main
Software\Microsoft\Internet Explorer\Main
OnRegistryKeyChanged, current homepage host
OnRegistryKeyChanged, protect mode.
OnRegistryKeyChanged, not in Whitelist.
OnRegistryKeyChanged, protecting..
OnRegistryKeyChanged, popuping..
An attempt to change your homepage was successfully blocked.
bad allocation
Registry Default
vprot SetHandleMigration, start
vprot OnHandleMigration, bIsChromeRunning
vprot OnHandleMigration, bIsFirefoxRunning
vprot SetHandleMigration, ff or chrome are running. quit.
vprot SetHandleMigration, execute migration
vprot OnHandleMigration, timer interval
vprot OnHandleMigration, kill migration timer
vprot HandleSearchAssets, start
vprot HandleSearchAssets, bIsChromeRunning
vprot HandleSearchAssets, adding Chrome assets..
vprot HandleSearchAssets, Chrome assets already added.
vprot HandleSearchAssets, bIsFFRunning
vprot HandleSearchAssets, adding Firefox assets..
vprot HandleSearchAssets, Firefox assets already added.
vprot OnHandleSearchAssets, kill timer
vprot HandleRemoveFirefoxFromProfile, timer interval
vprot HandleRemoveFirefoxFromProfile, bIsFirefoxRunning
vprot HandleRemoveFirefoxFromProfile, ff is running. quit.
vprot HandleRemoveFirefoxFromProfile, XPI
vprot HandleRemoveFirefoxFromProfile, fnProfilesXpiUnInstaller, error
vprot HandleRemoveFirefoxFromProfile Last installation mode
vprot HandleRemoveFirefoxFromProfile, done.
vprot, StartMigration
vprot, StartMigration
vprot, StartMigration
vprot, StartMigration
AVG has successfully blocked an attempt by another program to change your homepage settings.
Allow 3rd party software to change my homepage
Keep my current default search provider
Allow 3rd party software to change my default search provider
GetRegistryKeyValue, fail attempt
GetRegistryKeyValue, failed.
vectorT too long
Microsoft\Internet Explorer\AboutURLs
CInternetExplorer RemoveSearchProvider, for guid
CInternetExplorer RemoveSearchProvider, removing
IsSearchProvider, guid
IsSearchProvider,guid empty
Software\Microsoft\Internet Explorer
EnableToolband, GUID
EnableToolband, GUID empty
EnableToolband, DeleteKey
CInternetExplorer EnableToolband
CInternetExplorer EnableToolband, guid
CInternetExplorer EnableToolband, show
RunProgram szFileName is empty.
GetConfigurationValue pinters are NULL
GetConfigurationValue sConfigurationFilename
GetConfigurationValue sTagName
GetConfigurationValue sConfigurationFilename doesn
GetConfigurationValue sIEFolderName empty.
Wait4AllProcesses, start.
Wait4AllProcesses, not valid process name.
Wait4AllProcesses, EXIT_ALLPROCCESS_ENDED.
KillAllProcesses, not valid process name.
KillAllProcesses, process name
KillAllProcesses, timeout
KillAllProcesses, about to kill..
KillAllProcesses, open process succeeded.
KillAllProcesses, Terminated result
KillAllProcesses, end.
GetSafeEnv, varName
GetSafeEnv, GetEnvironmentVariableA fails
GetSafeEnv, failed to read folder name
GetSafeEnv, using SHGetSpecialFolderPath, returns
GetSafeEnv, returns
Software\Microsoft\Internet Explorer\International
DetermineHostAndUrl, resource
DetermineHostAndUrl, Host
DetermineHostAndUrl, Url
SendString start
SendString userAgent
SendString InternetOpen failed.
SendString InternetConnect failed.
SendString HttpOpenRequest failed.
SendString HttpQueryInfo failed.
SetPreferencesPerUsers, browsers
SetPreferencesPerUsers, setting for IE, success
SetPreferencesPerUsers, setting for Chrome, success
SetPreferencesPerUsers, setting for Firefox
SetPreferencesPerUsers, setting for Firefox, success
SetPreferencesFromRegistry, start
SetPreferencesFromRegistry, CreateSearchProvider.
SetPreferencesFromRegistry, Failed to Init Search provider data from Registry.
SetPreferencesFromRegistry, partner
SetPreferencesFromRegistry, sp
SetPreferencesFromRegistry, hp
SetPreferencesFromRegistry , szHomepage before replace
SetPreferencesFromRegistry , szHomepage after replace
IsSearchAssetsAdded, Browser key
IsSearchAssetsAdded, Partner
IsSearchAssetsAdded, SearchAssetsAdded
IsSearchAssetsAdded, value if browser key
IsSearchAssetsAdded, Installation was done after this user assets
IsSearchAssetsAdded, Installation was done before this user assets
CompareTime, sTime1
CompareTime, sTime2
CompareTime, iTime1
CompareTime, iTime2
CompareTime, diff
AVG Secure Search\Initialize\
SQLite format 3
CREATE TABLE sqlite_master
CREATE TEMP TABLE sqlite_temp_master
out of memory
library routine called out of sequence
CIGearedToolbarHelper WasIGearedExists
CIGearedToolbarHelper WasIGearedExists, result
CIGearedToolbarHelper WasBackedUp
CIGearedToolbarHelper WasBackedUp, lBackedup
CIGearedToolbarHelper IsMigrationNeeded
CIGearedToolbarHelper IsMigrationNeeded,
CIGearedToolbarHelper ExecuteHandler exportSettings
CIGearedToolbarHelper ExecuteHandler unregister
CIGearedToolbarHelper ExecuteHandler szPath
CIGearedToolbarHelper ExecuteHandler params
SOFTWARE\Mozilla\Mozilla Firefox
SetDSPinAllProfiles failed to write Pref.js to profile
GetHomepage, homepage
SetHomepage, next profile
SetHomepage, success
SetHomepage, homepage
SOFTWARE\Mozilla\Mozilla Firefox\
Install Directory
RefreshSearchProviderSearchSqlite Sqlite path
DELETE FROM engine_data WHERE engineid like
RefreshSearchProviderSearchSqlite sql
RefreshSearchProviderSearchSqlite err
CFirefoxBrowser EnableToolband
CFirefoxBrowser EnableToolband
CFirefoxBrowser EnableToolband, id
CFirefoxBrowser EnableToolband, enabled
InsertUpdateAddonTable sql
InsertUpdateAddonTable err
UPDATE addon SET
badbit set
failbit set
eofbit set
bad cast
invalid _N_type d
SearchProviderExist GetIdFromMetaTable
GetDefaultSearchProvider GetIdFromMetaTable
SetDefaultSearchProvider SearchDB
security manager.jpg
January 20, 2012 15:38 Re: Is This A Completely New Type Of Hijack? #188179
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
GMER..

Just disabed AVG, GMER remained greyed out. In my log above why would firefox be enabled?? I don't have it?
What should I do please to provide the GMER scan you want?
Where the hell do i go from here!! Anyone Help please!
Thanks
Albear
January 20, 2012 16:41 Re: Is This A Completely New Type Of Hijack? #188194
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello albear2006,

Please make sure that you have latest version of AVG (update it if necessary) and Gmer. If you will still not be able to run Gmer, please download older version.

Should the issue persist even after update, please temporarily un-install AVG, run Gmer scans and provide us with results.

If you are suspecting that you are infected by some malicious software, scanning your computer with updated AVG Rescue CD may also help to get rid of many kinds of normally resilient infection.

albear2006 wrote
Can you confirm for me that no matter what I do IPV6 will connect?

In order to completely disable IPv6 protocol please follow this Microsoft article.

Thank you.

___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us
January 20, 2012 17:34 Re: Is This A Completely New Type Of Hijack? #188197
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 18.6.2009
Posts: 23779
@ albear2006

nemethste wrote
Please make sure that you have latest version of AVG

If you follow nemethste's previous post #188143 your AVG User Interface info should currently be showing version 2012.0.1901 & virus database 2109/4755.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
January 20, 2012 19:37 Re: Is This A Completely New Type Of Hijack? #188211
Reply with Quote | Quick Reply | Top
albear2006

Avatar

Novice
Join Date: 31.12.2011
Posts: 68
AVG..

Gentlemen/Ladies I'm up to date and would expect to be my machines are set to update every 4 hours? Why? Do you think I'm not?
I don't understand why you are ignoring the pastes I have done for AVG files and why you are not explaining what they are? You can not belief the distress this is causing me crying