Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: JimC1702 on November 02, 2006, 03:14:26 AM
-
I'm very careful online and I rarely get an alert from Avast. And I did a full scan a couple of days ago. But since the virus definitions updated this evening I'm getting constant alerts and I had to shut it off.
The first one was wmjoyfrc.dll. It moved it to the chest and then my Logitech wheel would no longer work. I restored it, but it still wouldn't work. Had to download new drivers from Logitech to get it working and Avast reports those as well.
I ran the file through TotalVirus and there was nothing at all detected by any software other than Avast. I don't like running with Avast shut off, but it's going nuts. Something seems haywire in this update.
-
I did an exclusion for WmJoyFrc.dll but Avast still alerts on it. My Logitech wheel will not work anymore with Avast running but it works fine if I shut off Avast.
I just talked to someone else who uses Avast and they are getting many alerts since the update also.
-
im having the same problems with some .dll files for my games, ever since this evening
-
Avast started detecting the remote administration software i use (radmin) as malware after today's vps update. i use it on hundreds of computers at many client sites. never had a problem with it in the past. i have used both avast and radmin together for years. :(
-
This last update seems like a good candidate for a rollback. Many of us are having problems with our TightVNC services as well and I have even seen others reporting gaming devices being affected.
-
i sure hope they fix it by the morning. its 8:30 pm here and all hell could break loose in the morning if this isn't fixed.
-
I'm glad i'm not the only one on this.
avast starting detecting many .dll files as Adware-gen. although i'm quite sure they aren't, as they are some games, and programs i use. try roboform for example. both roboform.dll and trayicon.exe get flagged as Adware-gen.
we need some other update to counter this one !
-
nm
-
Hello. I've just registered here to report the same problem.
I'm a home user of Avast but a really careful one. *Really* careful about my internet and files.
I was playing a game using my wheel tonight when the auto update happened.
A short time after that i've got the report that wmjoyfrc.dll, located at windows\system32 was infected by a worm:
NetSky-BG
Man... i uninstalled my wheel (that .dll is used by the wheel, it is a Logitech Force Feedback something heh..) at once and then went nuts on the next two hours scanning my system using possible means.
Turned out pristine clean every time...
And then even after i downloaded the wheel driver again from Logitech, Avast would come and tell me it was infected again heh...
So yeah, i'm pretty sure it's not infected and that we need a fix for it, i"ll wait.
But in the mean time there's anything that i can do to "ignore" that and at least make use of my wheel again? Tomorrow is a holiday and i would like to play my racing games hehe!
Thanks for your time!
And i'm sorry about my poor english, i'm from Brazil.
Cheers.
-
Hello. I've just registered here to report the same problem.
I'm a home user of Avast but a really careful one. *Really* careful about my internet and files.
I was playing a game using my wheel tonight when the auto update happened.
A short time after that i've got the report that wmjoyfrc.dll, located at windows\system32 was infected by a worm:
NetSky-BG
Man... i uninstalled my wheel (that .dll is used by the wheel, it is a Logitech Force Feedback something heh..) at once and then went nuts on the next two hours scanning my system using possible means.
Turned out pristine clean every time...
And then even after i downloaded the wheel driver again from Logitech, Avast would come and tell me it was infected again heh...
So yeah, i'm pretty sure it's not infected and that we need a fix for it, i"ll wait.
But in the mean time there's anything that i can do to "ignore" that and at least make use of my wheel again? Tomorrow is a holiday and i would like to play my racing games hehe!
Thanks for your time!
And i'm sorry about my poor english, i'm from Brazil.
Cheers.
a temporary fix is to pause or stop the standard shield. it seems to re-enable disabled apps
-
In the avast Standard Shield click the Customize button > Advanced tab ...
There is a box where clicking the "Add" button will allow you to add the path and filename of a file that you want to be excluded from avast scanning. You can add the filename that you believe to be a false positive so that you can continue normal operation until the avast team have a chance to take care of a false positive in an upcoming VPS update.
-
Thanks a lot for the prompt support :D
-
Have encountered nothing but problems since update..ie-Logitech worm warnings. Made exception for Logitech folder, and above mentioned .dll file...all working again now. Please fix this..thanks.
-
....
The first one was wmjoyfrc.dll.
....
Same here ???
-
My problem has been already fixed with new VPS 0645-1 :)
-
the latest update, did not fix my problem.
-
I'm having problems too! I am careful on the internet and last night for the FIRST time with Avast, it turned up FOUR problems. One was related to Dell's MyWay Search Assistant they install on new pcs, two were dll files associated with two ISP programs on my pc that have dial-up accelerator features, and one was buried somewhere in the system restore folder (which I couldn't even find with windows explorer).
The newest update today 645-1 did NOT fix the problems. Avast is still indicating these same files as threats.
Avast, PLEASE check into this.
-
One was related to Dell's MyWay Search Assistant they install on new pcs
Could this be a genuine detection?
Castle Cops (http://wiki.castlecops.com/Dell_My_Way_Search_Assistant)
Dell Fourums (http://forums.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=41617)
Are a couple of links amongst many others.
-
Avast is still indicating these same files as threats.
To know if a file is a false positive, please submit it to JOTTI (http://virusscan.jotti.org/) or VirusTotal (http://www.virustotal.com/xhtml/index_en.html) and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
-
Hi:
I don't think these files are real threats at all. Two of them were dll files associated with my ISP dial-up accelerator folders. One was in Earthlink (which I use) and the other was in Netscape (which I don't use but was on the pc from Dell). The third file was another dll that Avast found in MyWaySA. I understand this is some sort of search assistant put on the pc by Dell BUT Avast has never flagged this one before either. The fourth file was something I couldn't make heads or tails out of...it was in the System Restore folder and I couldn't even view it with Windows Explorer.
I tried to email the dll files to Avast but for some reason it keeps saying access denied. I don't know what to do about this if I can't cut and paste them into an email to Avast or some of the other recommended places. What should I do about that??
Again, I still think there is something strange with the recent Avast updates as I believe these files have always been on the pc and Avast has NEVER flagged them before even with the most rigorous, thorough scanning feature selected.
-
Can you check if with the last VPS 645-3 the false positives are still round?
-
I sure will.
This is two versions newer than what auto-installed this morning. Were some corrections made at Avast regarding some of these issues??
I'm looking forward to updating this on my home pc tonight and checking results. I'll be holding my breath!
-
I think that we can guess, given the frequency of the updates, that the avast team has been responding to the concerns about false positives.
Tech, like you and me is a user of avast ... Tech provides his vast knowledge of avast to help other users but, in moments like this, I suspect his guess is as good as yours or mine.
-
I tried to email the dll files to Avast but for some reason it keeps saying access denied. I don't know what to do about this if I can't cut and paste them into an email to Avast or some of the other recommended places. What should I do about that??
Try to sent it like a zip password rpotected archive
EDIT:
Or try to use this form on http://www.avast.com/i_kat_72.php?lang=ENG
-
Thank you everyone.
Good news and bad news.
First of all, the newest update no longer says that the two dll files associated with my two ISP programs are threats.
The bad news is that Avast is still saying there is something suspicious about two files in my C:/System Volume Information. It has NEVER reported this before. I can not find this folder with Windows Explorer but here are the two file names as reported by Avast. I also tried a search on the A0015775.dll files including hidden folders but it couldn't find it either. The first one says "infection Win3" and the second one says "unable to scan"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP108\A0015775.dll INFECTION Win3
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39 UNABLE TO SCAN
-
Hi!
Do this:
1) disable system restore
2) schedule the boot time scanning & reboot
3) boot up again & ran a full system scan
4) enable back system restore.
-
As avatar2005 says, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points.
As for the one that was unable to be scanned is not a problem, as well as being told it can't be scanned, avast will also say why it couldn't be scanned, why couldn't it be scanned ?
There are many legitimate reasons why a file can't be scanned. Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn't know the password or have any way of using it even if it did know it).
Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
-
Hi:
Could someone please give me a little more information on clearing the system restore?
I think I can find the screen where it can be turned off, but what is meant by "schedule the boot time scanning & reboot"? I'm going to need some idiot-proof step by step instructions here. I'm using Windows XP.
Also, after I do this, does this mean my Windows Restore points will be lost so that if I wanted to go back in time, this will not be possible? What could Avast have found in this System Volume Information folder (which I now understand is assocatied with the Restore Feature).
thanks
-
Boot scan
right click the "a" ball, click start avast antivirus
click menu, select schedule boot time scan
select the path ie the drive you want to scan.
Make sure system restore is off. Restart your computor.
Yes, all restore points will be removed. Files in system restore are protected and can't be removed with system restore enabled. System restore is a double edged sword. It protects/saves certain system, even those infected. If you don't disable it, infections will keep reoccuring from the infected files.
After you are sure you are clean, re-enable system restore and if you want create a resore point.
-
Win XP-ME - How to disable System Restore (http://www.pchell.com/virus/systemrestore.shtml)
Files that are found in system folders if infected and deleted without previously having disabling system restore are saved into the c:\System Volume Information folder _restore point/s, unfortunately because of windows protection of that area the only way to deal with an infected restore point is to disable system restore, losing ALL restore points.
This is unfortunately a fact of life and many virus removal procedures clearly mention disabling system restore prior to deleting/moving files from the system folders. If you don't do this, in the future if you use the system restore function you could well be restoring the prior infected file/s.
When you re-enable system restore (after confirming you are clear) you will be creating a restore point of a clean system at that point in time, this will be as far back as you can go. System Restore is far from a perfect tool and not something I rely on, mine is permanently disabled, however, to do this you need your own means of recovering from problems.
I do a weekly image (exact copy) of my partitions and save them to a second hard disk and I do daily back-ups of my data files (things that are likely to change, .doc, .xls, emails, address book, bookmarks, etc. This way I have a tried and tested means of recovery.
-
Were some corrections made at Avast regarding some of these issues??
Alan answered in my turn... ;)
I suspect his guess is as good as yours or mine.
-
Hi everyone:
I followed the instructions for turning off System Restore and performing the boot scan. After the boot scan, I did another scan (thorough mode) of the pc. This time NO infected files were determined. Thank goodness. But, there were like 43 files that "could not be scanned". Last night, there were only two or so of these files that came back with this message. I'm not sure why there were so many more files that "could not be scanned" compared to last night's scan. Maybe it is because I was using "thorough" mode rather than "quick" mode.
Anyway, i guess what I'm hearing here is that this is probably no reason for concern. However, I am still curious about these files. I looked at the log and as DavidR pointed out, indeed many said "password protected". However, there were like five or so in my Documents and Settings\Local Settings\Temporary Internet files\Content IE5 that said "GZIP archive is corrupted". I have no idea what a GZIP archive is. Any worries here folks?? Should I right click on them within Avast to delete or put them in the chest or leave them alone? I tried to find the files but couldn't even find them using Windows Explorer even with "show hidden files".
Thank you.
-
I forgot to add that I clicked on Tools/Internet Options/Remove Temp. Internet Files before I did the scan so I don't know why it is finding any of these that is "can not scan". Does that feature in IE not remove all temp files?
-
avast also gives the reason why a file can't be scanned, you didn't mention why they couldn;t be scanned ?
Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn't know the password or have any way of using it even if it did know it).
When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can't be scanned.
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.
Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
-
Ever since yesterday morning (11/34) I'm getting an alert over and over about a TROJAN: Win32.HAXdoor-GJ [Trj]. I click the button to send it to "chest", but nothing ever shows up as an infected file in the "chest".
Can anyone help me respond to this?
-
Well you can start by saying what is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
What avast! version and VPS file (virus database) number, e.g. 0645-4 (see about avast!) ?
You say nothing shows up as infected in the chest - How are you accessing the chest ?