Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: caroln on January 10, 2007, 03:51:42 PM

Title: Suspicions of virus activity
Post by: caroln on January 10, 2007, 03:51:42 PM
I have a PC I have just upgraded to XP SP2.  The PC is a Pentium 4 CPU 2.66 GHZ with 128 Mb RAM.  I am running avast, spybot, and Ad-Aware.  Bootups are slow, which I am sure will be corrected by more memory.  The issue which concerns me is that avast comes up in the system tray with a red x and I get a message that "No firewall is turned on."  These both go away if I wait, and if I go to control panel to check the Windows firewall settings, it says that it is on.

I have run avast in safe mode with the internet cable unplugged and it comes up clean.  Spybot, run from regular Windows, also comes up clean, as does Ad-Aware.

I have never seen avast come up with the red x.  Is this normal?
Title: Re: Suspicions of virus activity
Post by: caroln on January 10, 2007, 04:40:53 PM
I have also updated Avast and run it as a boot scan.  It says I'm clean.  I can load and run Hijack if there is somebody here who can interpret it.
Title: Re: Suspicions of virus activity
Post by: FreewheelinFrank on January 10, 2007, 05:14:18 PM
Quote
I can load and run Hijack if there is somebody here who can interpret it.

I'm sure they'll be somebody around who can do that for you.
Title: Re: Suspicions of virus activity
Post by: caroln on January 10, 2007, 10:17:15 PM
To clarify, I guess my eyes are not too good.  The avast system tray icon comes up with a red circle with a line through it appearing on the lower left corner of the icon.  It does go away if you wait.  The message about no firewall comes up sometimes, but not all the time.   As I said, I am not sure if this occurs just because of a small amount of memory, or if something is sneaking in there before avast can run.  I'd appreciate any help you can give.
Thanks!
Carol

The Hijackl This log is:
Logfile of HijackThis v1.99.1
Scan saved at 3:54:12 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168135590953
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)



The Silent Runners log is:
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


I'll post the rest in the next window.
Title: Re: Suspicions of virus activity
Post by: caroln on January 10, 2007, 10:18:42 PM
Continuation of Silent Runners log

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 29 seconds.
---------- (total run time: 71 seconds)

Thanks!
Title: Re: Suspicions of virus activity
Post by: Cloussau on January 10, 2007, 10:48:57 PM
your log looks ok   ;)
the main concern i would have is getting some more ram into it.

I presume you are running a Dell machine. If thats the case and you wish to regain some of its processing power away from all the preinstalled stuff that usually comes from Dell , this might interest you http://www.yorkspace.com/pc-de-crapifier/

Good luck  :)
Title: Re: Suspicions of virus activity
Post by: caroln on January 10, 2007, 11:36:09 PM
Thanks a bunch for all you help!
Carol
Title: Re: Suspicions of virus activity
Post by: DavidR on January 11, 2007, 12:11:56 AM
avast gets running pretty quickly so should ready to protect, early too.

It is best to have HJT in a folder that isn't a temp location (which could be cleaned, losing any backed-up entries if you had to fix anything) c:\HJT or any permanent HDD location..

Your log file looks clean, probably one of the smallest I have see in a while, an on-line analysis highlights firewall protection.
Quote
We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
Since you are getting an alert the firewall isn't on, go the Control Panel, Windows Firewall and ensure it is on.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

- Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Comodo, Sunbelt Kerio, Jetico, etc.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml

I haven't used silent runners before but the data doesn't seem to have anything untoward.

Take care with Spybot's TeaTimer start-up protection it could eat the avast icon, ashDisp.exe.

Increasing the RAM would make a huge difference to your overall system performance as 128 MB is considered the absolute minimum for XP when you start adding other applications that start on boot they have overheads also, 256MB would be adequate, 512MB would be good and 1GB great. RAM is relatively cheap, however, having a Dell they don't like you upgrading much and to send it to them would be costly.

Your local Tech/Computer store should be able to upgrade RAM and unlike many Dell parts I don't believe this is a proprietary part and should be user upgradable. You could call them to check.

You should urgently think of upgrading RAM if you were to install a 3rd party firewall before upgrading RAM the system would be even slower.
Title: Re: Suspicions of virus activity
Post by: caroln on January 11, 2007, 03:01:22 PM
Thanks DavidR.
I was wondering why I kept getting a popup saying there was no firewall, even though Windows said it was running.  I agree about the RAM.  I have told the owner of the PC that she should upgrade to 1MB, but that my PC was working fine with 512.  She is thinking about going to 512.  She doesn't do heavy gaming or other graphics.  Just uses it for the internet, financial, and word processing.  I have also warned her that if she wants to update software in the future, that more memory might be critical anad that the 512 purchase would be throw away.

I really want to tell you guys that you do a good job here, and thanks for the help.

Do you know how I can learn to interpret Hijack This so I can be more independent?  Thanks!
Title: Re: Suspicions of virus activity
Post by: DavidR on January 11, 2007, 03:27:44 PM
You can enter a training course at some sites, this is both intensive and time consuming so you have to have more than a general interest or just self help.

Well you can get some help at on-line analysis sites, but you shouldn't take it as 100% but it give a reasonable start point to investigate what it classes as Nasty, Possibly Nasty or Unknown, etc. then you use the likes of google to search on the file names, etc. and see if that confirms the analysis.

On-line analysis - HiJackThis Log file - On-line Analysis (http://hijackthis.de/index.php) OR HiJackThis Log file - On-line Analysis 2 (http://hjt.iamnotageek.com/)

The first of these also has the ability to upload suspect files to be scanned, this can also be done at other sites. You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive.

There are also hijackthis tutorials and these also provide other very useful information to help analyse the log. HJT Information HiJackThis Tutorial 1 (http://www.bleepingcomputer.com/forums/tutorial42.html) or HiJackThis Tutorial 2 (http://www.tomcoyote.org/hjt/#introduction) or HiJackThis Tutorial 3 (http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm)

That should be enough to keep you going ;D
Title: Re: Suspicions of virus activity
Post by: essexboy on January 11, 2007, 08:03:58 PM
Quote
Do you know how I can learn to interpret Hijack This so I can be more independent?  Thanks!

I can do no more than recommend Geeks to Go as I am training there and it is thorough http://www.geekstogo.com/forum/Would_you_like_to_learn_to_fight_malware-t4817.html
Title: Re: Suspicions of virus activity
Post by: Spiritsongs on January 11, 2007, 09:49:35 PM
 :)  Hi Caroln :

     The brevity of the HijackThis log you posted should result in you being asked IF you ran the
     HijackThis program in "Safe Mode" !?  If you did that, then the log you posted is of very little
     help in discovering any possible problem . HijackThis logs are BEST analyzed by Experienced,
     Trained, volunteer Malware Experts usually found on antiSPYWARE Support Forums, like the
     ones Spybot has at http://forums.spybot.info .
     Since your current HijackThis program is in an inappropiate place, I recommend you uninstall it,
     then :
Download HijackThis© from:  www.thespykiller.co.uk/files/HJTsetup.exe .
At the download prompt, choose "Save". 
Navigate to the saved file and double-click the installer, HJTsetup.exe.
HijackThis will be installed on your computer at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.
When the installation is complete, exit HijackThis.

  As to learning about HijackThis, I recommend you read the "Tutorials" at :
  www.bleepingcomputer.com/tutorials/tutorial42.html ;
  http://aumha.org/a/hjttutor.php ;
  http://castlecops.com/HijackThis.html .

  As to being "trained" as a volunteer Expert, I feel the "School" at Malware Removal University
  at http://forum.malwareremoval.com/viewtopic.php?t=233&sid=fca6dd7bc9eb3b0c1e223be11f879207  is equal or better than the one at Geeks To Go.
Title: Re: Suspicions of virus activity
Post by: mauserme on January 12, 2007, 02:00:00 AM
You've  made some good points Spiritsongs.  But then this

HijackThis logs are BEST analyzed by Experienced, Trained, volunteer Malware Experts ...

Well, we have those here.
Title: Re: Suspicions of virus activity
Post by: Lisandro on January 12, 2007, 02:07:06 AM
Well, we have those here.
Do not count with me... For sure I'm not an expert on malware removal, HijackThis, etc.
Mauserme, I really think it's better get malware help on the links posted by Spiritsongs.
We're most used to avast, some of the others know about virus removal, but, in my opinion, they are the experts  ;)
Title: Re: Suspicions of virus activity
Post by: Cloussau on January 12, 2007, 03:20:07 AM
I would argue that the vast majority of people coming here seeking help only want to know where to look for answers .

The last thing we should be doing is sending them off to these obscure, boutique removal sites with their toilet paper diplomas that get a couple of posts a week.

in most instances It is better that a person gets contributions promptly and from a variety of sources so they can use their own judgment.
 
Just my 2c worth and no disrespect to any individual. 8)   
Title: Re: Suspicions of virus activity
Post by: mauserme on January 12, 2007, 04:31:17 AM
I think we should do our best to provide the help requested within our abilities.  And there is a lot of ability on this forum.  This can be seen every day in the number of problems solved.  I do agree that the best help will sometimes be an admission that someone else is better able to provide answers but "go away" should never be our first response.
Title: Re: Suspicions of virus activity
Post by: caroln on January 12, 2007, 03:34:13 PM
I have never had a "Go Away" from anyone in the technical forums, only when I was foolish enough to ask an avast question in the Yahoo forum.  I believe the people in these forums are really interested in what they do, give the best answer they can, including telling people when they need to ask someone else for more technical help.

I really appreciate and respect what all the people here do.  It takes a lot of time and energy, and people would not do it unless they care.

I came to this forum this time, because I had a question about why avast was coming up with a red circle with a line through it on the lower left corner of the icon in the system tray.   Because everybody here uses avast, I felt you were more able to recognize my problem.  I also go to the Gladiator-antivirus forum and I get great help there.

One thing I would like to clear up though,  I did not run HiJack This from a temp directory.  I saved it to a directory under C:\Program Files and ran it from an active Windows XP SP2 Explore window.    The reason the listing was so small is that it was an initial load, after the registry got corrupted.

Thanks for all your help. 

PS  I am really enjoying this discussion of your favorite sites!
Title: Re: Suspicions of virus activity
Post by: Lisandro on January 12, 2007, 03:42:38 PM
I think we should do our best to provide the help requested within our abilities.  And there is a lot of ability on this forum.  This can be seen every day in the number of problems solved.  I do agree that the best help will sometimes be an admission that someone else is better able to provide answers but "go away" should never be our first response.
Fully agree...

I would argue that the vast majority of people coming here seeking help only want to know where to look for answers .
in most instances It is better that a person gets contributions promptly and from a variety of sources so they can use their own judgment.
Fully agree...

I was just trying to say that sending people to other sites is not a bad attitude... just trying to help them and redirecting them to correct sites.

The last thing we should be doing is sending them off to these obscure, boutique removal sites with their toilet paper diplomas that get a couple of posts a week.
Well, if this is true... I remove my first comment. I thought Spiritsongs was sending the user to useful/trust sites...

I have never had a "Go Away" from anyone in the technical forums
And avast forum WON'T be the first one... You're welcome...

I came to this forum this time, because I had a question about why avast was coming up with a red circle with a line through it on the lower left corner of the icon in the system tray.   Because everybody here uses avast, I felt you were more able to recognize my problem.
1. Check the option in the Appearance tab of settings.
or
2. Repair your avast installation through Control Panel.
or
3. Make a link to ashdisp.exe in your startup folder
or
4. Add the path to ashDisp.exe into a value named avast! in the Windows Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If that does not help, please, uninstall, boot, install again, boot.
Hope it helps...
Title: Re: Suspicions of virus activity
Post by: Spiritsongs on January 12, 2007, 07:48:38 PM
 :)  Hi Tech :

     Of course I am referring people to reliable sites, those who's Malware Experts are members of the
     Alliance of Security Analysis Professionals, who have passed their rigorous Training Program, like
     the one Essexboy is taking at Geeks-To-Go, and the one at "Malware Removal University" .
Title: Re: Suspicions of virus activity
Post by: Lisandro on January 12, 2007, 08:39:20 PM
Edited. Sorry.
Title: Re: Suspicions of virus activity
Post by: DavidR on January 12, 2007, 09:41:27 PM
Of course I am referring people to reliable sites,.

We know that the sites you refer to are reliable, that isn't the point.

That is all well and good if they aren't actually receiving any help here, or unless the help they receive is either inaccurate, incomplete, or just plain wrong. Otherwise those people who have devoted some time to helping people ('on this site where they first sought help') will feel that they have just wasted their time bothering if you simply point them to another site.

As I have said before if there is something wrong with the help you can contribute to helping them here where they sought help.
Title: Re: Suspicions of virus activity
Post by: mauserme on January 13, 2007, 03:04:26 AM
Quote
I have never had a "Go Away" from anyone in the technical forums...
I'm glad you didn't interpret anything posted in this thread as meaning that you should go away.  But I'm reacting to a statement posted previously that I've seen, imho, much too often.  A statement that implies competent help cannot be obtained on this forum and has been taken that way by other users.

   
Quote
... just trying to help them and redirecting them to correct sites.
Of course - sometimes the best way to help will be a request for assistance from another forum member, stepping aside if a more qualified member has better input, and possibly redirection to another forum.  We all must recognize our own limitations.  I just don't think its truly being helpful to refer people to other sites as often and as early in a help session as sometimes occurs.

Quote
Of course I am referring people to reliable sites ...
I'm sorry to say, Spiritsongs, that even this statement carries the implication that the avast! forum is not reliable.  ie If it was reliable why refer someone elsewhere?

As David said, if the help we're giving is wrong or incomplete every forum member has a duty to speak up.  Its the only way we can maintain credibility.  But it really is a disservice to someone who may have devoted considerable time to research an answer only to find the person seeking help is being told that help should be sought on another site.  Its also a disservice to other people that might have been helped if the time had not been spent in research that was ultimately wasted.

Quote
As I have said before if there is something wrong with the help you can contribute to helping them here where they sought help.
And to me, this is the ultimate frustration.  The fact that you (Spiritsongs) have the ability to contribute some honest-to-goodness help, as you did earlier in this thread, but then choose the other course.
Title: Re: Suspicions of virus activity
Post by: Lisandro on January 13, 2007, 11:53:17 AM
Quote
We all must recognize our own limitations.
Just to make my first statement clear.
I was thinking exactly the same as you're posting here.
I wanted to say only that I'm not an expert on malware removal and, for sure, I'm not.
Title: Re: Suspicions of virus activity
Post by: mauserme on January 13, 2007, 03:10:33 PM
I wanted to say only that I'm not an expert on malware removal and, for sure, I'm not.
Realistically, no matter what a person's level of expertise, there will always be someone with better qualifications .  Until you reach that one individual who cannot be topped the argument could always be made that better advice should be sought.  And that one poor soul who started out just wanting to give a little help becomes a slave to malware removal sending out emails saying "I've scheduled your case for January 18, 2010."

But a competant, effective solution is just that regardless of where it comes from. 

Because I have a humble opinion of my abilities I choose those threads where I think I can help and I learn from those where others are better able to help.  You and most other forum members do the same, Tech.  Our strength comes in part form that and in part from the collective knowledge represented here.  That's why I'm so much against the idea of automatically sending people to other forums.

Well, anyway, I think we're agreeing with each other ....  :)
Title: Re: Suspicions of virus activity
Post by: essexboy on January 13, 2007, 03:24:20 PM
Quote
Realistically, no matter what a person's level of expertise, there will always be someone with better qualifications


Couldn't agree more, there are so many variations on a theme out there and new fixes are being developed daily that no one person could be expected to know it all.  So a combined but unified effort is the best that any one can hope to achieve.  Even in the  Malware "universities" fully qualified people are still posing problems for which they have no resolution and everyone mucks in to find the answer
Title: Re: Suspicions of virus activity
Post by: Lisandro on January 13, 2007, 07:18:35 PM
Realistically, no matter what a person's level of expertise, there will always be someone with better qualifications .  Until you reach that one individual who cannot be topped the argument could always be made that better advice should be sought.  And that one poor soul who started out just wanting to give a little help becomes a slave to malware removal sending out emails saying "I've scheduled your case for January 18, 2010."
Fully agree  8)

Because I have a humble opinion of my abilities I choose those threads where I think I can help and I learn from those where others are better able to help.  You and most other forum members do the same, Tech.  Our strength comes in part form that and in part from the collective knowledge represented here.  That's why I'm so much against the idea of automatically sending people to other forums.
I get your point of view... Maybe we can handle it and I should not say what I've said before, I mean, maybe I can't help but others will make it (fortunately).

Well, anyway, I think we're agreeing with each other ....  :)
Yes we are  8)
Title: Re: Suspicions of virus activity
Post by: mauserme on January 14, 2007, 05:27:15 AM
Maybe we can handle it ... 
For the most part anyone who has left here without a solution to their problem has done so out of frustration with their situation rather than a lack of adequate help.  And no one can question your contribution Tech.