Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BlackSheik on October 26, 2006, 05:59:59 PM
-
Hi,
Today i get the virusupdate "0643-5" and the programversion "4.7.892" after the restart of my PC, Avast tell me that i have an Trojan on my Computer. He say Notepad.exe is infected and the dllchache notepad.exe or so.
So i let him remove it to the container. After that i go to Jottipage there i let test the 2 files again but only Avast found there the virus all other say -- nothing found. --
So, now im thinking thats maybe an false alarm of avast. What do you think?
Ahh avast exactly say :
Sign of "Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\system32\notepad.exe" file.
and
Sign of "Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\system32\dllcache\notepad.exe" file.
Greetz
Black Sheik
-
Hi,
Exact same problem. I took my (original) XP pro CD and searched for notepad.ex_ and let avast! scan the file.
SAME PROBLEM. Guess a little bug in the latest database?
Greetz: SanTM...
-
So am I!! I think it is an error report!!!
-
>:( >:( >:(
Noooo.... I've the same problem! 2 PCs on different networks were updated and immediately alert about this infection. I think there is a bug into latest updates, so please let us know about it...
I hope technical support will reply us soon to receive a confirmation about this problem.
TurboZag
??? ??? ???
-
Have the same probl. on all my pc's..
Can AVAST make a statement plz.???
-
I wonder why they don't test the virus definitions with Windows files before to release an update... >:(
(http://img55.imageshack.us/img55/6546/notepadbf0.png)
-
...same too!
* notepad.exe
* old18.tmp
* system volume information...xxx.exe
...all with the same trojan... on XP Home & Prof.!
MfG, Trixter
-
Which language version of Windows are you using?
Can you please send the file in question (notepad.exe) to my email address?
Thanks
Vlk
-
My OS is Windows XP Professional Italian 5.1.2600 Service Pack 2 build 2600.
I'm going to send you notepad.exe to your e-mail address, zipped and renamed in .123 , please let me know soon...
TurboZag
-
Here the same problem. Using Windows XP Pro SP2 Dutch, with VPS 0643-5 dated 26.10.2006..Havent tried a clean still, but will do that later tonight..
-
Did you receive the notepad.123 attachment? Let me know, please...
TurboZag
-
Same with Windows XP Pro Sp2 german
-
No detection with latest VPS update 0643-5 XP Pro, English version.
-
Also using Windows XP Pro SP2 Dutch, with VPS 0643-5 dated 26.10.2006....
-
Got the file, thanks...
A new VPS update fixing this should be released in ~half an hour...
Thanks, sorry for the trouble! :-\
Vlk
-
My OS is Windows XP Professional Italian 5.1.2600 Service Pack 2 build 2600.
I'm going to send you notepad.exe to your e-mail address, zipped and renamed in .123 , please let me know soon...
TurboZag
same version, same problem here
i've 2 computers with this version and after i've updated Virus DB i got the error...
problem with database?
bye
-
Same problem, XP Pro Italian SP2, VPS 0643-5 updated today.
-
Hi VLK :)
So you can ignore my E-MAil with the File. ;D
And thnx for the fast reaction.
Greetz
Black Sheik
-
Guys, no need to post anymore, problem has been acknowledged and is being worked on.
Thank you
Vlk
-
Same here. It's probably just a typo in the latest library, since avast thinks the notepad.exe is the old notepade.exe that the old QQpass trojan used to create.
If you tried to let avast quarantine or delete the notepad.exe file, you'll probably find that you'll cant open the notepad form the exe under \windows\ even with avast shutted down from the task manager.
To solve that issue before the next library update and fix, you'll just need to overwrite that notepad.exe with another, working one, and, of course, leaving avast processes closed in the meanwhile.
-
Have kinda the same problem - 3 alerts:
Sign of "Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\notepad.exe" file.
Sign of "Win32:Qqpass-DY [Trj]" has been found in "C:\windows\SET4C.tmp" file.
Sign of "Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\system32\notepad.exe" file.
The last one is probably from the bug but can notepad.exe be in 'C:\WINDOWS' ???
OS: Windows XP German, Avast - German (all updates)
-
When is the new, fixed pattern update to be expected?
It's 07:30PM now and it is totally annoying to have this.
When I try to update I still get "you are up to date".
Version is still 0643-5 here.
Thanks!
Tom
-
The update is already out for some time (~20 minutes)...
-
thanks guy!
now all works perfectly!
cya
-
Hi again,
Problem solved in VPS 0643-6. Great support....
Grtz, SanTM
-
Problem solved in VPS 0643-6. Great support....
I tried to force the updating but nothing happens. Why? I still have the 0643-5 dangerous virus definitions. Does the manual update really work?
-
Problem solved here! Thank you for te fast response!
-
I'm using Windows XP Pro SP1 Dutch, with VPS 0643-5 dated 26.10.2006....
I had the same problem: "Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\notepad.exe" file.
when I tried to put it in the vault, it sais that the file can not be found. Now I updated the latest version VPS 0643-6 but I still have the same problem: I still get the message Win32:Qqpass-DY [Trj]" has been found in "C:\WINDOWS\notepad.exe" file :(
what do I have to do? restart computer? shut down avast? ... I don't know much about computers, is it a real virus or a false alarm?
thanx!!
Boscos
-
Hi Guys ;D ;D ;D
Thats why I love AVAST --> problem? --> announce --> solved ! In most of the time less than 1 hour !
Great !!! Thx !!!
Greetz
Black Sheik
-
Thats why I love AVAST --> problem? --> announce --> solved ! In most of the time less than 1 hour !
How did you get the latest def? I still have the 0643-5 def and manual update doesn't work
-
Same for me New Virus Notepad exe. after Update the Virus Database
Win XP Sp2 German
-
How did you get the latest def? I still have the 0643-5 def and manual update doesn't work
I have it since 19:05 or so German Time. Manually updated
Greetz
Black Sheik
-
;D Exzelent Work i just Updated my Database again and everything is well now ;D
Great Job!!!!!!
Thanks from good old Germany
-
I have it since 19:05 or so German Time. Manually updated
After the manual update I read this:
Information about current update:
Total time: 11 s
Server: download76.avast.com (75.126.38.78)
Downloaded files: 3 (0,03 KB)
Download time: 7 s
but nothing has been really updated!!! I still have the 0643-5 def, Why?
-
A few grey hairs and a slight heart attack but that's all I suffered ;)
Downloaded VPS 0643-6 - no problems anymore - well done :)
*goes searching for grey hairs*
-
jamesvaul, did you try just once - or multiple times?
Can you try again?
Thanks
Vlk
-
Hi jamesvaul
Cant help you by this prob, but look here,
http://avast.com/eng/updates.html
i think in a while there will be the update too.
Greetz
Black Sheik
-
jamesvaul, did you try just once - or multiple times?
Can you try again?
Nothing happens. The manual update never worked! May be there's a bug with avast manual update and the limited account?
-
It should work OK with non-admin account...
Maybe your ISP caches the file.
Anyway, you can download "manually" by downloading and executing vpsupd.exe
http://www.avast.com/eng/update_avast_4_vps.html
Cheers
Vlk
-
Thats why I love AVAST --> problem? --> announce --> solved ! In most of the time less than 1 hour !
Great team. When we complain, we complain. When we congratulate, we congratulate.
Downloaded VPS 0643-6 - no problems anymore - well done :)
Me too. Push updates working perfectly.
-
It should work OK with non-admin account...
I tried the manual update many times in different days but it never worked using the limited account! never! So I'm pretty sure there's a bug.
Automatic update works fine with the limited account but manual update doesn't work
I discovered this: with admin account, when you click for manual update, the setup and def installation starts (I see 2 new windows), instead with the limited account the 2 windows are not started and you only see the final log but no files are downloaded/installed/updated!!!
-
Well aswUpdSv.exe on mine as system so I assume that it would be the same for you. There was some time ago something about Vista not allowing updates from the ashDisp.exe as that is a user account and subject to the UAC restrictions in Vista. The option is to run the Simple User Interface and click the Update Virus Database. Try that and see if that works.
-
I tried the manual update many times in different days but it never worked using the limited account! never!
Can you post the last lines (150 each) of the following logs?
C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log
C:\Program Files\Alwil Software\Avast4\Setup\setup.log
Well, can you post the So I'm pretty sure there's a bug.
Strange... everything working here...
-
Strange... everything working here...
I discovered this: with admin account, when you click for manual update, the setup and def installation starts (I see 2 new windows), instead with the limited account the 2 windows are not started and you only see the final log but no files are downloaded/installed/updated!!! So there's an huge bug in avast because with a limited account the setup/installation of new definitions don't appear!!!
-
So there's an huge bug in avast
Calm down... there aren't such bugs.
Maybe your computer has problems. Manual and automatic updates are working here on a non-admin account on XP SP2+.
Please, post the log contents...
-
Updated and solved here...
Thanx 4 the fast response !!
-
Thanx 4 the fast response !!
Be used to avast forum speed :)
-
Actually, I have another problem which is quite similar to the one with Notepad. The file Benchmark.exe which is part of UnrealTournament 2004 (in the System folder) is reported as "Win32:Horst-CU [Trj]". However, I'm pretty sure that it is not a virus (I can't believe tha Epic Games has put a virus on the cd-rom) and *only* Avast finds this virus on http://www.virustotal.com/vt/en/resultadof?b3af726f53bc7ddfde0ddbc913fdcc9b So it seems to be a false positive like Notepad...
-
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives (http://forum.avast.com/index.php?board=2;action=display;threadid=7779), how to report to avast and what to do to exclude them until the problem is corrected.
-
Maybe your computer has problems.
NO. It's not my computer.
-
NO. It's not my computer.
So... if you want to try, let's debug your problem, let us help.
Blaming and throwing the problem just upon avast code won't make things easier.
You still did not post the last 100 lines of the logs... so... :-\
-
So... if you want to try, let's debug your problem, let us help.
When I do a manual update as limited account, a new line like this is added in Warning.log file:
27/10/2006 16.43.11 1161960191 jamesvaul 1036 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000000. [/color]
I think this can help you to fix the bug
-
Is the service "avast! IAVS4 Control Service" started? Control Panel -> Administrative Tools -> Services.
If not, can it be started? Does starting it solve the problem?
It is indeed necessary to run this service to enable updates from limited user accounts...
Cheers
Vlk
-
Is the service "avast! IAVS4 Control Service" started?
yes, of course. It's automatically started by default
-
Oh, and this is Vista or XP SP2?
-
Oh, and this is Vista or XP SP2?
The bug is with Windows XP SP2.
With Windows Vista and a Standard account the manual update works fine although it requires my administrator password (UAC prompts for the password).
-
On the XP SP2 machine, please check the access rights on the <avast>\SETUP folder. Does it have the Everyone/FullControl entry in the list?
(it should, normally).
It seems that the updater is having hard time to create the "avast.setup" binary.
Cheers
Vlk