Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jschinabeck on May 11, 2005, 08:58:33 PM
-
Have two 0 length temp files and avast folder that cannot be deleted in my C:\TEMP folder. Noted the following log:
05/06/2005 8:03:21 PM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/06/2005 8:03:22 PM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 2:21:40 AM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/07/2005 2:21:41 AM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 3:07:18 AM Default 4278649643 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
How do I resolve this issue?
-
Which is your Windows? 98, Me, XP?
Do you use any other antivirus in your computer?
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Repair function in the popup window (Repair).
You must be connected to the internet while repairing.
After booting, can you delete the files?
-
There's nothing wrong about those 2 TEMP files - they are perfectly normal.
-
Which is your Windows? 98, Me, XP?
Do you use any other antivirus in your computer?
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Repair function in the popup window (Repair).
You must be connected to the internet while repairing.
After booting, can you delete the files?
I'm using Win98se. Just removed McAfee to switch to Avast. Hopefully all of McAfee is gone! Cannot delete files after reboot. Will try to repair and get back to you.
Thanks for response.
-
Will try to repair and get back to you.
Anyway, attempt to what Igor posted... that two files belong to the normal avast behavior... Don't care that much 8)
-
Tried to ‘Repair’ Avast. The process completed successfully within a few seconds. Does not seem there was enough time to ‘Repair’ the program … ??
After reboot these undeletable, 0 byte, temp files and Avast folder were present:
Volume in drive C is QV14D0
Volume Serial Number is 2A31-1401
Directory of C:\WINDOWS\TEMP
. <DIR> 06-09-99 12:35p .
.. <DIR> 06-09-99 12:35p ..
_AVAST4_ <DIR> 05-11-05 7:56a _avast4_
JETE209 TMP 0 05-13-05 10:31p JETE209.TMP
JETF970 TMP 0 05-13-05 10:31p JETF970.TMP
2 file(s) 0 bytes
Directory of C:\WINDOWS\TEMP\_avast4_
. <DIR> 05-11-05 7:56a .
.. <DIR> 05-11-05 7:56a ..
WEBSHL~1 TXT 0 05-13-05 10:30p Webshlock.txt
1 file(s) 0 bytes
Total files listed:
3 file(s) 0 bytes
5 dir(s) 1,326,899,200 bytes free
Are these files characteristic of the Avast program? Will my temp folder always contain ‘Access is denied’ temp files and folders from Avast or is this some form of malfunction? The Avast folder is deleted each time I clean my Temp folder, but the result is another error when emptying the recycle bin.
Associated with the temp files is a ‘Warning’ log:
05/06/2005 8:03:21 PM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/06/2005 8:03:22 PM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 2:21:40 AM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/07/2005 2:21:41 AM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 3:07:18 AM Default 4278649643 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
Based on my limited understanding of this log, it appears there is an install error. Is this true? How can I resolve this error? Seems the repair process did not clear the problem, but just added another entry into the warning log.
As you can tell, I have just started to use Avast after a very disagreeable experience with McAfee. I want to understand all the features of the free version of Avast and be assured it is set up correctly for full AV protection before moving up the the next level of your AV program.
-
Tried to ‘Repair’ Avast. The process completed successfully within a few seconds. Does not seem there was enough time to ‘Repair’ the program … ??
It could be fast, depends on how is your system state, the traffic on Internet, etc. Generally, less than 5 seconds if your installation is ok.
After reboot these undeletable, 0 byte, temp files and Avast folder were present:
JETE209 TMP 0 05-13-05 10:31p JETE209.TMP
JETF970 TMP 0 05-13-05 10:31p JETF970.TMP
WEBSHL~1 TXT 0 05-13-05 10:30p Webshlock.txt
The Jet files are related to Microsoft Jet drivers loaded by avast. It's ok. Don't worry. You can delete them because they're being used.
The last one belongs to WebShield provider. It's ok again.
Will my temp folder always contain ‘Access is denied’ temp files and folders from Avast or is this some form of malfunction? The Avast folder is deleted each time I clean my Temp folder, but the result is another error when emptying the recycle bin.
Let them there. They're legitimic. If you delete them you could mess avast behavior.
Based on my limited understanding of this log, it appears there is an install error. Is this true? How can I resolve this error? Seems the repair process did not clear the problem, but just added another entry into the warning log.
Verbose of the logs... Don't worry. The repair function passed over all of them. They promissed to remove these messages in next versions.
I want to understand all the features of the free version of Avast and be assured it is set up correctly for full AV protection before moving up the the next level of your AV program.
So, we're here to help you 8)
-
Hi, I have a similar question about "temp/_avast_" directories.
Besides Avast I have installed also Spysweeper. Spysweeper alert me that some files in that directory are "rootkit suspicious". That should be pretty normal, in fact, I image that Avast driver loaded in the kernel probably hide these files and when spysweeper uses tipical techniques used to detect rootkit (raw disk access vs system call access) it finds an inconsistency and alert me.
However, I tried to empt the chest but these files remain there. So, I tried to use erd commander first to boot and remove drastically these files but nothing. So, this thing has begun to bother me.
Is there any way to removed definitly these files from my hard disk?
I have also another question. My administrator chest result empty after I empt it. Precedently it contained kernel32.dll winsock.dll e wsock32.dll. Now it's ok. But if I log on as a normal user they still compare in the chest. How come?
Thanks in advance
-
I tried to empt the chest but these files remain there.
The Chest files are on <Avast4>\DATA\chest folder, so...
Is there any way to removed definitly these files from my hard disk?
avast needs that files to normal function.
Can't you exclude them from Spysweeper scanning?
I have also another question. My administrator chest result empty after I empt it. Precedently it contained kernel32.dll winsock.dll e wsock32.dll. Now it's ok. But if I log on as a normal user they still compare in the chest. How come?
These three files are there for backup purposes, what do you mean with 'still compare'?
If you remove these files they'll be there next time.
-
The .....\Temp\_avast4_ folder is where avast unpacks archive files for scanning and on successful completion they are removed. These files begin with UNP with a numerical value after that.
There should be nothing to stop you removing files from that folder providing they aren't in use. Are you getting any errors ?
I can't see why avast would want to hide or protect these files, other than if it is scanning a suspect or infected archive file, when unpacked it could possibly be detected by another security program, which may cause conflict as both battle for control. Personally if I am going to run an on-demand scan I pause other resident scanners, one this stops duplicate scanning as one is opening a file to scan, so to does the other and avoids possible conflict if both programs recognise a malware infected file.
-
avast needs that files to normal function.
Can't you exclude them from Spysweeper scanning?
yes, of course. I only needed to be assured that these files are not a problem. Now, I excluded them.
These three files are there for backup purposes, what do you mean with 'still compare'?
If you remove these files they'll be there next time.
I'm sorry, "appear", not "compare". However also in this case it is not a problem, so I should be clean. Thanks.
-
You're welcome, fell free to come back any time you need help.
Enjoy avast! 8)
-
There should be nothing to stop you removing files from that folder providing they aren't in use. Are you getting any errors ?
I can't see why avast would want to hide or protect these files, other than if it is scanning a suspect or infected archive file, when unpacked it could possibly be detected by another security program, which may cause conflict as both battle for control. Personally if I am going to run an on-demand scan I pause other resident scanners, one this stops duplicate scanning as one is opening a file to scan, so to does the other and avoids possible conflict if both programs recognise a malware infected file.
I can't cancel them even if I boot with erd commander or other bart cd. Tipically I receive a pop up indicating that the path of these file are not found or things like that.
It seems that their structure has been modified so that other programs find inconsistencies related to normal file system structure. This is the reason I am worried. Things like that are tipical of rootkit or program like antivirus / antispyware / firewall loaded at boot time as kernel modules.
If it is avast that create these files so that they are undeletable, no problems. But if it was no avast .....
-
It seems that their structure has been modified so that other programs find inconsistencies related to normal file system structure. This is the reason I am worried. Things like that are tipical of rootkit or program like antivirus / antispyware / firewall loaded at boot time as kernel modules.
I wish Alwil programmers drop a word about this... Can you explain a bit about the apparent rootkit behavior?
-
:) Hi All :
saronno : For Rootkit "detection", it is Best to use a specialized rootkit
detection program, such as the Good and FREE "RootkitRevealer"
at www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
-
avast! doesn't hide any of its files - and the only "protection" performed on the temporary folder is keeping one open file inside, so that it can't be removed.
If you boot from a CD, you certainly should be able to remove them (and if you don't, it has nothing to do with avast! - because it's not running at the moment).
What filenames in particular are you referring to?
-
Well, problem solved.
The path was so long that the system cannot manage it. Just reduce some name on the path and I was able to remove everything.
Sincerely I was a bit ashamed :)
but some months ago I wrestled with a real rootkit and now I am very sospicious ...
Thanks to all for the help.
-
The path was so long that the system cannot manage it.
Did you change the default path for the temp files?
-
The path was so long that the system cannot manage it.
Did you change the default path for the temp files?
No, just the name of the directories contained in ......./temp/_avast_/
-
No, just the name of the directories contained in ......./temp/_avast_/
I see... Your logon name much be long too...
-
Deleted files reappear ? :o
Mmmmm .... and with the old "too long" path ..
System restore? Rootkit? I don't know what to think .... ???
-
Please post the full paths of the files (a few examples).
-
C:\Documents and Settings\Administrator\Local Settings\Temp\_avast4_\unp155353397.tmp\(Component-Delphi) - DevExpress - All VCL components 06-2006 - D5_D10 (Source)\ExpressPrinting System\Demos\Data\Developer-Express-Products\CrossPlatform-Family-Controls\ExpressEditors - Shadowed LookAndFeel.rps.tmp
and so on ...
I deleted them again and again ..... they still reappear.
-
So, it looks like avast! leaves some of its temporary files behind. Normally, it shouldn't happen... do you think you could find the problematic file and send it to us? I'd like to check what's going on there and fix the problem.
The temporary files are created when unpacking an archive. Since most archives don't normally create full paths, my guess would be a 7z archive probably? So, I'd like to see that file - when you scan it (even alone), another such folder is likely to be created in your TEMP folder.
I think you might know where this stuff (delphi components) is located on your disk in a compresed form... if not, you may run a scan with a full report-file creation enabled (i.e. even "OK files" enabled) - and when it's done, you should be able to see these paths in the report - and it would show you where the archive is.
Thanks!
-
So, it looks like avast! leaves some of its temporary files behind. Normally, it shouldn't happen... do you think you could find the problematic file and send it to us? I'd like to check what's going on there and fix the problem.
The temporary files are created when unpacking an archive. Since most archives don't normally create full paths, my guess would be a 7z archive probably? So, I'd like to see that file - when you scan it (even alone), another such folder is likely to be created in your TEMP folder.
I think you might know where this stuff (delphi components) is located on your disk in a compresed form... if not, you may run a scan with a full report-file creation enabled (i.e. even "OK files" enabled) - and when it's done, you should be able to see these paths in the report - and it would show you where the archive is.
Thanks!
yes, it is a 7z archive. It is 65.3 MB. Would you see the entire file or just the file created in the temp directory by avast?
ps: however I verified what you said. It's avast that creates that file during the scanning and doesn't remove them completely.
-
I'd like to check the whole archive.
Could you upload it to ftp://ftp.avast.com/incoming please?
(There are no read/list rights for the folder, so you won't see anything there - but you can upload).
Thanks!
-
I'd like to check the whole archive.
Could you upload it to ftp://ftp.avast.com/incoming please?
(There are no read/list rights for the folder, so you won't see anything there - but you can upload).
Thanks!
Done.
-
Thanks. I was able to reproduce the behavior - and fix the problem. So, it will be corrected in the next program update.
Until then, you might want to put this file into the list of avast! exclusions (in program settings) - so that this particular archive isn't scanned and the leftover temp files are not created.
Thanks for your help!
-
So, it will be corrected in the next program update.
Igor, I'm reading this a lot of times in last days...
Won't we have a beta or a new build before avast 5? Any schedule?
-
I'm not talking about avast! 5, but rather about another avast! 4.7 build.
The update will be released in a few weeks (2-3, my guess), and yes, I'm sure there will be a betaversion available in advance.
-
Thanks for your help!
You're welcome