Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: martin666 on April 13, 2008, 12:54:05 PM
-
Connected no problem this morning, Avast 4.7 virus update installed itself, I looked at the online newspapers, switched off and had a late breakfast.
Impossible to reconnect to the Internet. Scanned with Trojan Remover which told me that sens.dll was locked. Went to look at sens.dll and Avast told me it was a trojan.
Turned off Avast, looked at sens.dll with Trojan Remover = no problem.
With Avast still turned off, connected OK on the internet.
Checked with Kasperski on-line scanner = no problem.
sens.dll is part of the files which are needed for going online.
Wasted an hour, thank you Avast.
With the evening I wasted last week because of the useless 4.8 which froze my PC until I uninstalled it [it seems that only Avast's people can use 4.8], I have had enough.
I don't want to go into futile discussions about which soundcard / drive / hardware I have, about defragmenting my drive, about uninstalling this and/or that, about doing a restore etc... My PC worked no problem until 4.08 came and went, and until this morning's upgrade.
Avast will be uninstalled in a few minutes, never to return.
Martin.
Thoroughly fed up, who used Avast for many years.
-
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
If it is indeed a false positive, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location (if you sent it to the chest), periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't in there already) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
-
I back up all my dll files on a DVD every so often.
The sens.dll is exactly the same as it was ever since I started backing up dlls.
Exactly same contents, compared as binaries, not a single different byte.
Before assuming I got a bogey, I check whether I am not about to kill a goodie.
When I find "sens.dll should not be disabled, required for essential applications to work properly" and my system has functioned fine for years until the two Avasts disasters, I'll assume the fault lies with Avast.
As mentioned in my original post, I have now removed Avast from my system and installed Kaspersky. Not an ideal choice, costs money, but I can use my PC.
<bitter mode> and I don't think their support people would go in denial mode if a new version of their product created havoc on consumers' systems </bitter mode>
-
If you didn't want help I don't know why you bothered posting.
You didn't bother posting about the problem you had with 4.8, to see if anyone could help you with the problem. I'm not avast people, just an avast user and it works fine for me, so I guess you were too bitter to bother. Good luck in pastures new.
-
Wasted an hour, thank you Avast.
With the evening I wasted last week because of the useless 4.8 which froze my PC until I uninstalled it [it seems that only Avast's people can use 4.8], I have had enough.
I don't want to go into futile discussions about which soundcard / drive / hardware I have, about defragmenting my drive, about uninstalling this and/or that, about doing a restore etc... My PC worked no problem until 4.08 came and went, and until this morning's upgrade.
Avast will be uninstalled in a few minutes, never to return.
Bye bye... no hard feelings... if you don't want any help, why should we further worry?
sens.dll is a library that contains functions used for System Event Notification Service (SENS) and seems that avast has a false positive detection of it, just that.
http://www.processlibrary.com/directory/files/sens/20520
http://www.liutilities.com/products/wintaskspro/dlllibrary/sens/
http://www.auditmypc.com/process/sens.asp
-
I'm afraid Avast is in big trouble now. There are thousands of users having big problems right now.
Same problem here with sens.dll.
Major problems on several computers updating from 4.7 to 4.8
Have uninstalled, booted in safe mode and doing a clean with latest cleaner.
Now all machines starts as normal.
When I try to install ver. 4.8 again, comp. hangs just before displaying desktop!
....and this false on sens.dll. Win32:Patched-FF[trj] - Not good.
-
....and this false on sens.dll. Win32:Patched-FF[trj] - Not good.
Add it to the Exclusion lists as a workaround.
-
...and what about the other issues?
-
...and what about the other issues?
Which ones?
-
But why you think that this is FP? DLL is really patched (Dll entry point routine contains call to some extra code which is written instead zeros in the original DLL)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR DllEntryPoint
loc_722B822D: ; CODE XREF: DllEntryPoint+24�j
call $+5
pop eax
push eax
pusha
mov ecx, 54B679FEh
push 54B6098Ah
xor [esp+2Ch+var_2C], ecx
push 32D50A93h
xor [esp+30h+var_30], ecx
push esp
add eax, 0FFFF8ED6h
mov ebx, [eax]
call ebx
pop eax
pop ebx
popa
pop eax
add eax, 0FFFF8E7Eh
mov ebx, [eax]
call ebx
jmp loc_722B12CD
; END OF FUNCTION CHUNK FOR DllEntryPoint
; ---------------------------------------------------------------------------
-
Yes, sens.dll was obviously patched. I let Avast move it to the chest, and it was replaced from dllcache. This file was OK!
This has now happened on 3 of my computers.
The fourth will not even boot after upgrading to 4.8. Maybe this is the main problem??? sens.dll
-
Have you checked it at Virus total ?
If avast is the only one detecting it, have you sent the sample to avast, as outlined on my first reply ?
Without a sample they can't analyse it and correct the VPS.
If this was the case then everyone with sens.dll would be detecting this and this clearly isn't the case or the forum would be seeing many more posts about it, see image.
You could try the current beta release which has addressed many of the problems mentioned in the forums.
There are instructions and a link for the file which converts to the beta and you can update, directly from 4.7 through to the 4.8 beta build 4.8.1178. See http://forum.avast.com/index.php?topic=34612.0 (http://forum.avast.com/index.php?topic=34612.0).
-
I updated this morning with NO PROBLEMS!!! I have AVAST HOME v. 4.8.1178 ;)
-
Avast is not the only AV. BitDefender too: 7.2 2008.04.13 Trojan.Patched.BD
http://www.virustotal.com/analisis/a46ffd000b21206de3b722380c287f80
-
Yes, I've tried Virus total.
It doesn't accept the infected file!!!! Error message when uploading....
The replaced one is ok...
The beta build doesn't help.
-
...and what about the other issues?
Which ones?
OisteinR, don't forget to answer me... ;)
-
Well, a lot to find out just now :) My fourth machine is refusing to start normally, but now I also found an infected sens.dll on this one...
...and trz74.tmp with the same virus. Patched-FF. Also msfont.dll: Agent-TVS [trj]
Moved the files to chest, and now it looks like it's coming to life...
I was running a complete scan on this computer 2 days ago....
Something very strange is going on.....
-
Moved the files to chest, and now it looks like it's coming to life...
I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com) and/or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
Ok, Tech
...back in 3 days....
-
Ok, Tech
...back in 3 days....
We'll be here ;)
-
But why you think that this is FP? DLL is really patched (Dll entry point routine contains call to some extra code which is written instead zeros in the original DLL)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR DllEntryPoint
loc_722B822D: ; CODE XREF: DllEntryPoint+24�j
call $+5
pop eax
push eax
pusha
mov ecx, 54B679FEh
push 54B6098Ah
xor [esp+2Ch+var_2C], ecx
push 32D50A93h
xor [esp+30h+var_30], ecx
push esp
add eax, 0FFFF8ED6h
mov ebx, [eax]
call ebx
pop eax
pop ebx
popa
pop eax
add eax, 0FFFF8E7Eh
mov ebx, [eax]
call ebx
jmp loc_722B12CD
; END OF FUNCTION CHUNK FOR DllEntryPoint
; ---------------------------------------------------------------------------
. W
It can be a false positive because Avast detected as trojan with name Patched-FF. Well, if it is infected then is not a false positive. I scanned mine and it is fine
-
I just registered an account and let you know I got the same problem.
I saw many errors in Windows XP system logs in the booting process. All my VPN connections were gone.
Remote Access Control Manager service can not be started with access denied error message. I can not create any new Internet connections. This is mainly because of sens.dll file.
It's not only me. My other friends said they met the same problem as well.
Thus this is a common problem. Just let everyone know this is a common problem in Windows XP that avast should pay attention to. Nothing else.
Please pay attention on this problem. It nearly killed my Windows System and it took me one day to fix the problem.
Thanks a lot.
-
I am not trying to downplay the problems you are experiencing ... but we have one thread in this forum with a small number of participants (just 2) complaining of this problem.
It may be that many users in one geographical area are failing to complain ... but what else is the avast team to work on?
My sens.dll does not register as infected with avast.
Have you sent a sample of the virus to avast?
-
How to collect a sample of virus? how to collect any useful debug information? and where to send?
Right now, i am still using avast. it seems the problem is gone. I am not sure if avast team did anything special to fix this problem.
I am using the latest updates and everything works fine. but I am pretty sure some updates in the past (yesterday or some days before yesterday) made my system network connections broken. It's surprised to see my all VPN connections disappeared in network connections under control panel and unable to create them. and many error messages in the log files. Thanks a lot.
-
I am not trying to downplay the problems you are experiencing ... but we have one thread in this forum with a small number of participants (just 2) complaining of this problem.
It may be that many users in one geographical area are failing to complain ... but what else is the avast team to work on?
My sens.dll does not register as infected with avast.
Have you sent a sample of the virus to avast?
One little comment....
How many users do you think report back???
Most users don't even know about this forum, and most people are afraid of complaining on a forum.
None of my friends and family have ever been to this forum.
The last days I have fixed 14 computers with problems after 4.8. They call me - not avast! I was the one who recommended avast!
A couple of them were just about to install a virus protection from a competitor...
6 of these computers had an infection [FF-patch] in sens.dll, and there wasn't even a copy of it in dllcache....
Om my computer the System Event Notification Service (sens) even disappeared totally. Not that I need it anyway...
2 had a dll called msfont.dll with the same infection.
The recommended lists of what to do with re-installation didn't work in most cases.
I always had to start avast in safe mode after install and deselect rootkit and self-defense.
Then, after some reboots the icons on the desktop appeared....
I could then enable rootkit and self-defense. On most of them I had to use the "Delay loading of avast" to make the boot stable.
All are now up running again. :)
But please - don't think this forum reflects everything going on in the whole wide world!
Most users are suffering without avast knowing it......and the problem with this is that the worlds best anti virus program could lose a lot of customers....
-
I have said everything you just said in this forum long ago. I support others too.
However, I have also been in this forum when there really is a widespread problem and this place is lit up like a Christmas tree ... so I guess you have not.
-
How to collect a sample of virus?
It's the file sens.dll itself.
how to collect any useful debug information?
Start with avast log viewer.
and where to send?
virus (at) avast (dot) com
Maybe informing a link to this thread in the email body.
Om my computer the System Event Notification Service (sens) even disappeared totally. Not that I need it anyway...
Probably avast corrected a false positive detection.
On most of them I had to use the "Delay loading of avast" to make the boot stable.
Well... what's the problem? I had it checked also. If it is a configurable option, if avast can manage the situation... what's the problem?
-
Quote from: OisteinR on Today at 12:21:09 PM
Om my computer the System Event Notification Service (sens) even disappeared totally. Not that I need it anyway...
Probably avast corrected a false positive detection.
No, the file was infected. I had to download it. I did a file compare, and they were not equal.
Quote from: OisteinR on Today at 12:21:09 PM
On most of them I had to use the "Delay loading of avast" to make the boot stable.
Well... what's the problem? I had it checked also. If it is a configurable option, if avast can manage the situation... what's the problem?
It's no problem, now :)
-
One little comment....
How many users do you think report back???
Most users don't even know about this forum, and most people are afraid of complaining on a forum.
None of my friends and family have ever been to this forum.
The last days I have fixed 14 computers with problems after 4.8. They call me - not avast! I was the one who recommended avast!
A couple of them were just about to install a virus protection from a competitor...
6 of these computers had an infection [FF-patch] in sens.dll, and there wasn't even a copy of it in dllcache....
Om my computer the System Event Notification Service (sens) even disappeared totally. Not that I need it anyway...
2 had a dll called msfont.dll with the same infection.
The recommended lists of what to do with re-installation didn't work in most cases.
I always had to start avast in safe mode after install and deselect rootkit and self-defense.
Then, after some reboots the icons on the desktop appeared....
I could then enable rootkit and self-defense. On most of them I had to use the "Delay loading of avast" to make the boot stable.
All are now up running again. :)
But please - don't think this forum reflects everything going on in the whole wide world!
Most users are suffering without avast knowing it......and the problem with this is that the worlds best anti virus program could lose a lot of customers....
I have to agree with OisteinR. Since 4.8v has came out there have been at least 10-15 or more threads about freeze problems, BSoDs, system crawls, slow web speeds etc.
1/3 of my friends at universirty had those problems, but of course since it is a free program they didn't bother much and turned to AVG, Avast! 4.7v or sth else.
I mean since there are many other alternatives for AVs out there (not to mention free like Avira or AVG), only a few people would start a thread here writting about a problem.
There's just sth wrong. Back to studying now 8)
-
Since 4.8v has came out there have been at least 10-15 or more threads about freeze problems, BSoDs, system crawls, slow web speeds etc.
I mean since there are many other alternatives for AVs out there (not to mention free like Avira or AVG), only a few people would start a thread here writting about a problem.
Yeah... is the price of the improvement. If you keep your antivirus without improvements (new providers, new features...) then people will stay unprotected (bad protected) but happy... it's the price of the ignorance ;)
-
Nice honest way to put it :)
I wish you the best of luck dealing with these issues!
-
..
Yeah... is the price of the improvement..
indeed a painful improvement for too many out there ending up in a clean-wipe to make 4.8 work :-\
not exactly a perfect migration, no? ::)
-
indeed a painful improvement for too many out there ending up in a clean-wipe to make 4.8 work :-\ not exactly a perfect migration, no? ::)
Indeed any improvement or upgrade will bring problems and headaches specially for an invasive software as an antivirus. Some of them are already solved in the latest beta. Things are quiet for me on Vista, no problems at all. I've learned to believe in the seriousness of Alwil team: problems will be solved, the sooner the better.
-
..
Yeah... is the price of the improvement..
indeed a painful improvement for too many out there ending up in a clean-wipe to make 4.8 work :-\
not exactly a perfect migration, no? ::)
Lets face it we are spoilt with the avast incremental updates, which have served me well for the 4 years I have been using it and no problems updating to 4.8. I even went through the beta trial, which on most programs require that you uninstall the beta before installing the regular version.
I have numerous applications that any program update requires a re-installation or it falls over. So we have gotten used to the incremental update working, so when it fails it is a big issue.
He**, a JAVA update requires totally uninstall previous versions and install the latest update as there is zero update process, what an absolute waste of bandwidth and a right royal pain in the a** on dial-up.
-
I'm doubt that it is Avast! bug. Probably it is Microsoft one.
For the experiment I infected my VM by this patched sens.dll. Yes, I had problem during memory scan when I tried to lauch avast!.
After I booted in Safe mode and delete this dll by hands. Simultaneously I returned correct dll into dllcache.
Windows restore correct DLL in Systerm32 but after loading in Normal mode I have no SENS service at all and a lot of Warning messages in Application part of Event Viewer.
I started this SENS Service by importing valid reg hive from main PC but this can not to resolve all event warnings.
To resolve them I used sfc /scannow.
So I think that it is the case of rather complex (and buggy) Microsoft COM+ processing behaviour.