Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: TheSpirit on November 21, 2008, 12:25:43 PM
-
I have noticed a few errors in the antivirus event log like this:
Event Type: Error
Event Source: avast!
Event Category: Client
Event ID: 90
Date: 2008-11-21
Time: 07:26:38
User: N/A
Computer: *********
Description:
AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.
It doesn't seem to be anything serious and is not reproducible. Manual scan does not produce any events.
The famous error code 00000005! What could it be? ???
XP pro SP2++, Avast Home
-
The famous error code mean access denied. Maybe file is in use, maybe not enough rights.
-
The famous error code mean access denied. Maybe file is in use, maybe not enough rights.
This must be an ordinary on-access scan with administrator rights that fails. Are you suggesting that Avast cannot scan all files that are accessed?
-
Are you suggesting that Avast cannot scan all files that are accessed?
No, I'm not. But we're discussing verbose of the log... Of course avast can access all files on-access and being load in the memory. On-demand is another history...
-
Thanks a lot, Tech.
This leads to 2 new questions.
What can cause an access violation in an on-access scan?
Is there any documentation about the limitations of on-demand scanning? I haven't noticed any.
-
I just noticed that there is also a warning in the log, just after the error:
Event Type: Warning
Event Source: avast!
Event Category: Client
Event ID: 90
Date: 2008-11-21
Time: 07:26:38
User: N/A
Computer: *********
Description:
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS) returning error, 00000005.
Maybe this clarifies something?
-
Update:
I found this in the error.log:
20-11-2008 11:56:40 1227178600 bank 1428 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.
21-11-2008 07:26:38 1227248798 bank 1184 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.
This shows that Avast tries to scan a file in the administrator account, when I'm logged on the "bank" account! This should give an access violation, of course. But, as I said, it must be an on-access scan. I don't run any scans when i do banking :) I just run Firefox and Java.
The problem seems to be reproducible. Maybe it is related to logon. I have seen other files in DOCUMENTS AND SETTINGS being involved. Seems to be a little random.
Is there any way to find out what causes Avast to scan these files, like which program tried to access the file?
-
What can cause an access violation in an on-access scan?
Is there any documentation about the limitations of on-demand scanning? I haven't noticed any.
I need answers from the programmers.
-
avast does not go and scan files of its own accord. It is scanning the files being accessed by the programs running on your system.
In this case you appear to logged on as user "bank" (and I am guessing that this is a non-administrator user). It appears that your default Firefox profile is set up in the administrator account. Firefox is trying to access the prefs.js (Firefox settings) in the administrator's account when you are logged on as "bank" and avast is trying to scan the file under those credentials too. So the access is denied.
-
I'm afraid that this has nothing to do with Firefox. It happens at logon as bank. Today these errors we logged:
2008-11-23 09:20:41 bank 924 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\documents and settings\****\application data\google\google earth\googleearth.exe failed, 00000005.
2008-11-23 09:20:43 bank 924 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\documents and settings\****\application data\mozilla\firefox\profiles\2rzymred.default\flashgot.exe failed, 00000005.
2008-11-23 09:39:57 bank 924 AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
2008-11-23 09:39:57 bank 924 AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping failed - client probably died, 00000008.
Is it possible to make Avast inform about the program that tries to access the files? Debug log level?
-
I managed to solve this problem! It turns out that my firewall checks a lot of files for some good reason, and only a few files are inaccessible.
I used Sysinternals' Process Monitor to produce a boot log of an entire session. Awesome program! It will tell you all about which program opens those inaccessible files (and everything else!). I recommend this procedure to all users with 00000005 problems. :)
-
I take it that this also relates to your other topic on the error numbers (00000002 and 00000008) e.g. the firewall poking around ans avast being forced to scan what it is poking ?
http://forum.avast.com/index.php?topic=40344.msg337861#msg337861 (http://forum.avast.com/index.php?topic=40344.msg337861#msg337861)
-
I take it that this also relates to your other topic on the error numbers (00000002 and 00000008) e.g. the firewall poking around ans avast being forced to scan what it is poking ?
No, the other errors were the only errors at that time, so there is no relation between the 2 situations.
-
Yes, but what caused the files to be scanned in the first place (for the scan to fail) is the point I was also trying to make.
-
Nice to meet you again, David :)
The cause is unknown. A random on-access scan, I suppose. That's what the event message should tell you.
We are now cross-posting in 2 threads. I suggest that we consider this one solved and closed.