Author Topic: Need to manually update avast definitions - possible?  (Read 21960 times)

0 Members and 1 Guest are viewing this topic.

Alec_Burgess

  • Guest
Need to manually update avast definitions - possible?
« on: August 16, 2008, 06:34:31 AM »
I have a two computer home LAN (one desktop + one laptop)

Currently the Desktop machine (which had been running AVG-free) has a bad virus infection and as part of that infection (perhaps something stupid I did while trying to sort some of the problems out with HijackThis) does not internet access, but the two computers can exchange files on the LAN (they are behind a Linksys router (not wireless) connected to the web via cable. The laptop is and has been running Avast 4-Home for sometime.

The technician at my ISP suggested that it would make sense to dump AVG on the desktop and use Avast 4 Home on both. I already had the installer so I did that but now (of course)  my Avast virus definitions are badly out of date and I can't update through the normal method.

so .... after the long intro ... how can I either use the Avast definitions already on my laptop or download them them separately to the laptop and then copy them to desktop and install them there?

Any suggestions appreciated ... hopefully this is easy to do  ???

Regards ... Alec

olddog

  • Guest
Re: Need to manually update avast definitions - possible?
« Reply #1 on: August 16, 2008, 07:38:00 AM »
Alec,

You can simply download the current VPS update from the download link at http://www.avast.com/eng/update_avast_4_vps.html
and then copy it across to the other computer. It is a file named vpsupd.exe. Put it somewhere handy and just run it to update you VPS files.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Need to manually update avast definitions - possible?
« Reply #2 on: August 16, 2008, 05:49:37 PM »
The way will be what olddog posted.
But, doesn't the desktop computer connect the Internet? You've said they're on a LAN.
It's better and wiser get incremental updates than having to download the full virus database each time to update the off line computer.
The best things in life are free.

Alec_Burgess

  • Guest
Re: Need to manually update avast definitions - possible?
« Reply #3 on: August 17, 2008, 12:03:26 AM »
The way will be what olddog posted.
But, doesn't the desktop computer connect the Internet? You've said they're on a LAN.
It's better and wiser get incremental updates than having to download the full virus database each time to update the off line computer.
Hi Tech:totally agree but the problem is that the virus (or something I did accidentally - see first post) has made me unable to connect to the internet on my Desktop machine.

As it happens ... the installer I had was 4.7 so I downloaded the current 4.8 installer using the laptop connection but but in my downloaded files on the desktop using its mapping of Z:\ drive to Desktop machine. Running that on the Desktop forced me to uninstall 4.7 first then install 4.8. hopefully with more current virus definitions included.

I'm still in trouble since running a full system scan from boot prompt has NOT apparently cleared the virus.

I'm currently trying to restore an NTbackup made two weeks ago - hoping that will clear the problem and allow me to regain internet connectivity on the Desktop machine.

wish me luck - this is turning out to be a major PITA!

regards ... Alec

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Need to manually update avast definitions - possible?
« Reply #4 on: August 17, 2008, 01:13:25 AM »
After restoring your backup, install and update avast and post back the results ;)
The best things in life are free.

Alec_Burgess

  • Guest
Re: Need to manually update avast definitions - possible?
« Reply #5 on: August 17, 2008, 02:00:13 AM »
Hi tech - your post came in while I was composing this.
As I said first below ... the update of Avast 4.8 failed ... see below that in this post

Alec,

You can simply download the current VPS update from the download link at http://www.avast.com/eng/update_avast_4_vps.html
and then copy it across to the other computer. It is a file named vpsupd.exe. Put it somewhere handy and just run it to update you VPS files.
OldDog:
Running NTBackup-Restore did not clear the virus ... oh well ...
I d/l' the VPS update from above link and transferred it to infected machine.
Running the vsupd.exe gives this error msg:
---------------------------
Error
---------------------------
Can't install VPS update. Please, report following errorcodes:
Ver:4.8.1229
SI: 0x00000002
ST: 0xFFFFFFFF
LE: 0x00000000.
---------------------------
OK  
---------------------------

While that error was on the screen and I was responding here I got a "virus was found" msg from Avast. I know I'm supposed to be seeking assistance elsewhere on this forum (?-where?) but since I already here ... ignore following if inappropriate ... I can always copy it somewhere else.
============
File name: C:\Documents and Settings\Alec\Local Settings\Temp\.tt25.tmp.vbs
Malware name: VBS-Malware-gen
Malware type: Virus/Worm
VPS version: 080723-1, 2008-07-23

Of course ... I can't complete the virus report but the URL I'm being sent to is:
http://www.avast.com/go.php?verb=virus-report&lang=eng&name=Owner&virus=VBS:Malware-gen
==========
As soon as I moved above to virus chest I got a popup from Windows Defender saying
Auto Start change occurred.

This agent monitors the various mechanisms that software can use to automatically start when you log on to Windows. Programs that auto start can affect system performance and start without your knowledge.

Path:
C:\WINDOWS\system32\gcjnxxae.dll

Detected changes:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BMaf005c5b
FWIW - I've been seeing those ... every time I deny one I get another with a different random alpha name.
===========
Also relevant ....?
Looking at C:\Windows\System32 and sorting by Modified date I'm getting entries appearing at the top ie. recent date-times like these:
Filename   Modified date   Creation date   Size
statfi.dll   2008-08-28 20:45:07   2008-08-28 20:45:07   1882112
xabIQtwa.ini   2008-08-16 19:27:19   2008-08-15 06:30:35   543867
xabIQtwa.ini2   2008-08-16 19:24:21   2008-08-15 06:30:35   543867
blphcjnoj0e74n.scr   2008-08-16 19:14:04   2008-08-16 19:14:04   70144
phcjnoj0e74n.bmp   2008-08-16 19:00:02   2008-08-16 19:00:02   90838
lphcjnoj0e74n.exe   2008-08-16 19:00:01   2008-08-16 19:00:00   144896
vengtnku.exe   2008-08-16 18:57:03   2008-08-16 18:57:03   2048
lwbovjwr.ini   2008-08-16 18:54:14   2008-08-16 18:54:14   294
rwjvobwl.dll   2008-08-16 18:54:03   2008-08-16 18:54:02   85504
mtkntb.dll   2008-08-16 18:51:02   2008-08-16 18:51:02   107008
wpkgvwyc.dll   2008-08-16 18:51:02   2008-08-16 18:51:01   107008
olpbxfna.dll   2008-08-16 18:48:01   2008-08-16 18:47:59   93184
a710abb9-.txt   2008-08-16 18:46:46   2008-08-15 06:31:30   0

I just did a scan of the ones currently at top of System32/ - Avast is not recognizing anything wrong.

Note: statfi.dll shows a date-time of today-20:45:08 - its 19:25:52 as I write
the file xabIQtwa.ini seems to be getting its time stamp refreshed every 10 seconds.

Wonder if procmon will tell me anything ...




olddog

  • Guest
Re: Need to manually update avast definitions - possible?
« Reply #6 on: August 17, 2008, 09:24:50 AM »
Alec,

You obviously need the assistance of someone experienced in removing infections, and I am not qualified to give the advice you need. I think you should post in the Avast Viruses & Worms forum - see
http://forum.avast.com/index.php?board=4.0 with a "Need Help" title.

I'm not sure from your last post whether the virus warning came up on the known infected computer, or whether there is now a virus on the previously OK one. For the moment I would disconnect the known infected one from the network. 



« Last Edit: August 17, 2008, 09:26:38 AM by olddog »