Author Topic: [Resolved] Avast Warning System is Unsecured and Service not running  (Read 7464 times)

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
I noticed an x in the Avast icon and it says the system is unsecured and the service has been stopped.  I clicked on the button to start Avast and to Fix Avast, but it didn't work.  I tried a boot scan and full scan, but all modules are not running.  I rebooted the computer a few times,  but that didn't help.

I went into services.msc and started the Avast service, but Windows said it started and then stopped.

This morning Seamonkey wouldn't open, or task manager - then I lost all icons on the desktop and used the tower button to shut down the computer. When it was turned on later, everything seemed okay until I noticed Avast not running this evening.

This is an XPHomesp3 computer, fully updated with ZoneAlarm, Defensewall HIPS, script sentry, spywareblaster, MSVP Hosts file and spywareguard.

I made an image of the computer last month and allowed COMSurrogate to access the internet - this occurred during the image so I thought it had to do with the program. The registry does NOT have the run registry entries for that malware.

I was not able to update malwarebytes (I posted in that forum too) but I was able to update Superantispyware - which only found tracking cookies.

I would appreciate any help.

Sincerely, Libra
« Last Edit: July 29, 2010, 03:07:53 AM by Libra »
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #1 on: July 21, 2010, 07:29:58 AM »
Hi Libra,

I see that you are ZoneAlarm, Defensewall HIPS, script sentry.  Any one of these can overlap and conflict with Avast.  There have been many users with ZA issues and Avast, so I would suggest uninstalling it and replacing it with something else, if for now Windows Firewall while we troubleshoot.

You have a few issues going on.  First you are not using the most current version of Avast, which is 5.0.594, so you should do an uninstall and clean install to see if this fixes the problem.
1. Save a copy of newest version of Avast (5.0.594) for the version you need and save it to your HDD:
Freehttp://files.avast.com/iavs5x/setup_av_free.exe
Pro  –  http://files.avast.com/iavs5x/setup_av_pro.exe
AIS  –  http://files.avast.com/iavs5x/setup_ais.exe
2. Download the Avast Uninstall Utility, aswClear5.exe http://www.avast.com/uninstall-utility and save it to your HDD.
3. Disconnect from the Internet at this time; turn off your connection from the Internet.
4. Uninstall Avast through "Add/Remove Programs" through Control Panel. 
5. Boot into Safe Mode (hit F8 repeatedly) and run the Avast Uninstall Tool.
6. Reboot twice.
7. Clean your computer up (clean up cache, temporary Internet files, etc.).
8. Install the newest version of Avast and reboot twice.
9. Get Internet access and update Avast definitions.
10. Register your copy or add the license key for Free, Pro or AIS.
11. Reset your settings, if needed.


Next, try updating MBAM and run a scan.  Please post your results.  If you can't, please let us know and we will give you further directions.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #2 on: July 21, 2010, 08:32:51 AM »
Thank you for your reply Safesurf.  I thought I edited my profile.  I have Avast 5.0.594 installed on both computers.  I installed in on XPHomesp3 on June 18.  I had to manually update it after the install, but it's been running fine until now.

Since I already have 5.0.594 installed should I remove it and follow your instructions?  (If so should I be unchecking the Avast self protection module?) Or do something else?
I'm going to sleep now, but I'll wait for your advice.  Thank you.

Sincerely, Libra
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline Eric March

  • Jr. Member
  • **
  • Posts: 46
  • Gender: Male
  • CNA4 • CNE5
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #3 on: July 21, 2010, 09:19:33 AM »
Hi!
My advice is simple: Avast + Win-FireWall = protrection enough.

You do not need ZoneAlarm (or Comodo), neither you need AdAware or SpyBot.
Eric March

Know the past! In ignorance of past lies the ruin of future…

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #4 on: July 21, 2010, 02:01:42 PM »
Sorry to rain on your parade, but the XP Firewall being inbound only isn't enough.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Whilst I'm no big fan of Zone Alarm, there are others excluding Comodo which comes in suite form and includes an AV (a no, no), which you would have to remove.

Many forum users are using these:
- PC Tools Firewall seems to have the least user headaches as it doesn't seem to be constantly asking the user questions about this and that.
- Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
- Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #5 on: July 22, 2010, 06:16:38 AM »
DavidR. is correct in the firewall issue unless you are behind a NAT router as well.  The FW's with the least headaches for Avast users seem to be the ones David listed.

1. Update MBAM if you can, and run a scan to make sure you are clean.  I would still uninstall the programs I mentioned in my original post; reboot twice in between each uninstall of software.   

2. If you are still having problems after doing the above, then try Fix/Repair of Avast.  If this doesn't work, then try the uninstall/CLEAN install that I posted in purple in my original post.

3a. If this doesn't work, then here is additional information on how to invoke a memory dump file:  http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71.

3b.Please, zip and upload the C:\Windows\Memory.dmp file to this anonymous ftp server and name it uniquely: ftp.avast.com/incoming.  The Avast Team will analyze it.

Please let me know how this works out for you.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #6 on: July 22, 2010, 01:50:41 PM »
Well a NAT router unless it specifically mentions it has outbound firewall checking suffers from the same issue, any outbound connection will pass right through the NAT router on the way back in, it would pass any SPI check as it originated from the/a local computer.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #7 on: July 22, 2010, 03:50:46 PM »
I have a few things to mention.  I'm sorry this is so long:

I tried control panel>Repair on Avast and it didn't work, although two processes from Avast were in task manager - I had to shut down the computer to stop it after an hour.

I removed and reinstalled malwarebytes according to their instructions and the new installation updated and I ran a scan.  (Zone Alarm alerted and asked permission for a new version of malwarebytes.)  It found:

(Script Sentry didn't allow the first)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\fatemp-icon.exe (Trojan.Dropper) -> Quarantined and deleted successful
~~~~~~~

After Malwarebytes I tried to turn on and fix Avast, but it didn't work.  I noticed (although it's not running) the Web Shield lists INFECTED ITEMS = 2.  Why didn't the Web Shield protect my computer??  It is set to scan all files and action is abort connection.  The exclusions is checked for mime etc., but this is the default setting and I thought if it is default it is safe.  I don't have pups or suspicious checked on any module, since I don't know if that would create a lot of false positives.  I found the report with explorer:

* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, July 16, 2010 12:43:59 PM
*

7/19/2010 3:33:34 PM   ht tp://rakiyek.lecastelas.be/lisa8420/?x=entry:entry100704-192858 [L] HTML:Script-inf (0)
7/19/2010 3:33:49 PM   ht tp://rakiyek.lecastelas.be/lisa8420/?x=entry:entry100704-192858 [L] HTML:Script-inf (0)
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Tuesday, July 20, 2010 1:20:41 AM
*
~~~~~~~~~~~~~~~
What is this?  I didn't do any maintenance, so it was accessed by a limited account user.

I remember Avast 4.8 wouldn't let me connect to a suspicious page - should I be installing 4.8 instead?  My daughter said she got no warning at all at that time.

Thank you for your reply.   I plan to hopefully remove Avast now and would like to know what settings I should use or if I should install 4.8 instead?

Sincerely, Libra
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #8 on: July 22, 2010, 05:34:15 PM »
I want to report that I used add/remove and it seems to have successfully removed Avast 5.0.594 - it said it was successful and I have the Windows alert saying I have no antivirus installed.

I need to know what settings to use if I install 5.0.594 again - since the Web Shield didn't protect my computer. 

Right now there is no antivirus and it is unplugged from the internet.

I'd also like to know why the web shield didn't protect my computer.

Sincerely, Libra
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #9 on: July 22, 2010, 05:55:26 PM »
Leave the settings at the default, that is the idea to see if a reinstall resolves the problem, possibly damaged original install. If you start changing lots of default settings (there is no restore defaults button/feature, then we wouldn't know the condition of the install.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #10 on: July 22, 2010, 09:52:27 PM »
Thank you, David.  I just installed Avast 5.0.594 and plugged in the ethernet cable and updated it.  On your advice, I didn't change any settings at all (I didn't even check for it to generate a report yet).  I am running a full system scan right now.  It's at 29%.  I will let you know the results and would like to know what settings I can change and what I should change them to when you feel I can do that.  I don't feel I was protected by Avast for this to have happened.

Sincerely, Libra
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #11 on: July 22, 2010, 10:10:28 PM »
The honest answer is not to change anything, leave it on the default settings for a while until you get to know how avast works on your system. Then if you have any questions ask rather than change things where you might not understand the implications of that change.

Spend some time rummaging through the avast User Interface and get to know where things are, spend some time browsing the avast Help Center (help file).

Avast have provided in the default settings, what is a good balance between performance and protection.

There are no settings related to this that will make you any better protected, if the system is reporting unsecured that is a shield level report and shield settings won't change that.

It looks like you have a corrupt installation and the reinstall should have resolved that. Or has been mentioned having too many security applications running that might conflict, I don't know how the script sentry or spywareguard work so I don't know if they might have conflicted with some of avasts services starting.

You have to have a period of time running on the defaults or you will never know how avast runs for you on these settings.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #12 on: July 23, 2010, 01:01:20 AM »
Thank you again, David.  I did a full system scan which showed no infections and a boot scan of all drives which showed:

07/22/2010 18:15
Scan of all local drives

Number of searched folders: 5678
Number of tested files: 274751
Number of infected files: 0

Script Sentry protects against scripts (if I want to merge a file into the registry, Script Sentry will ask if I want to allow it before it is merged).  SpywareGuard protects the IE Home Page from being changed - it will alert me and give me a choice to accept change or keep old.)  I doubt very much that these programs would interfere with Avast.  I've had Avast 4.8 on this computer for quite a while without any problems.

I installed Avast on this computer on June 18 - would it take a month to show a corrupt installation?  Plus, prior to Avast showing "System Unsecured and System not running" I found a Report of the Web Scanner saying:

7/19/2010 3:33:34 PM   ht tp://rakiyek.lecastelas.be/lisa8420/?x=entry:entry100704-192858 [L] HTML:Script-inf (0)
7/19/2010 3:33:49 PM   ht tp://rakiyek.lecastelas.be/lisa8420/?x=entry:entry100704-192858 [L] HTML:Script-inf (0)

and the statistics showed 2 infections on 7/19 at 3:33 pm. 

The web scanner should have aborted the connection.  Obviously it didn't.  Does the above show that it stopped the infection?

Previously I had Avast set to scan "all files".  I'll leave the settings at default for now.  (I remember you told me that having it clean an infection usually doesn't work and that's the first option in the scanner, followed by chest and then do nothing.)

  Actually although Avast wasn't running, the computer was working fine in spite of that.

Sincerely, Libra

Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #13 on: July 23, 2010, 01:26:22 AM »
A file or files could become corrupt for a number of reasons and there is no time line that it might follow.

In 4.8 the Repair function I can't ever recall an instance on the forums where this was of any use as for the most cases the infection wasn't a virus, you can't actually repair a trojan say as the complete content is malicious.

In avast5 the default action for on-access detections is to move the the chest. For on-demand scans it is usually listed to be move the the chest but that can be changes on a per detection instance. Personally it is safest to use the chest as that can be reversed if required. avast5 has a number of repair options for certain virus infections.

The stats are showing detections/alerts not physical infections, since it is showing a web location and not a system address, like the browser cache or temp location. I don't believe the two are related as I would expect to see detections on the system; if it got past the web shield and was saved to the hard disk, that should have triggered a file system shield scan.

The web shield does abort the connection, but some browsers don't honour that and continue trying to download that failed/aborted connection, thinking it is doing you a favour. That should as I said trigger the file system shield.
What browser are you using ?

Where were you setting this Scan All files option ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Libra

  • Jr. Member
  • **
  • Posts: 87
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Re: Avast Warning System is Unsecured and Service not running
« Reply #14 on: July 24, 2010, 12:05:27 AM »
Hi David,

On the XP computer we use Seamonkey but my daughter also has AOL installed, which uses the IE browser (which is IE8).  My malwarebytes scan found this:

Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\fatemp-icon.exe (Trojan.Dropper) -> Quarantined and deleted successful

You're right, the action is Move to Chest, Delete, No Action.

I had Scan all Files in the File System Shield, scan when opening and scan when writing.

Web Shield also has scan all files, but that must be default.  The only change I've made is if an infected file is in an archive to delete the whole archive.

I see PUPS and suspicious files listed here and there in the settings.  I've never checked them since I don't know if that would generate a lot of false/positives.

Thanks for explaining that the web shield may just have noticed the infection and it didn't get on the computer.  Do you know what that item is that malwarebytes detected?

I'm still confused about this.  We have the XP computer 6 years and never had an infection on it.

Sincerely, Libra
Two Windows 7 sp1 64bit, Avast 8.0.1483,  MAM,  SpywareBlaster,  MVPS hosts, Windows 7 Firewall, Defender, SuperAntispyware___Vista Home Premium sp2, Avast 8.0.1483, 3GB RAM, 500GB HD, SpywareBlaster, Defensewall HIPS, MVPS hosts, SuperAntispyware, Defender, MAM, No-Script

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now