Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: hm2k on March 31, 2009, 06:48:59 PM
-
This machine recently had a virus/issue, I've manually removed it, but I can't get Avast! to update...
31.03.2009 17:44:12 general: Started: 31.03.2009, 17:44:12
31.03.2009 17:44:12 general: Running setup_av_pro-491 (1169)
31.03.2009 17:44:12 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
31.03.2009 17:44:12 system: Memory: 58% load. Phys:215848/514116K free, Page:976188/1253032K free, Virt:2069116/2097024K free
31.03.2009 17:44:12 system: Computer WinName: system4
31.03.2009 17:44:12 system: Windows Net User: system4\User
31.03.2009 17:44:12 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
31.03.2009 17:44:12 general: DldSrc set to inet
31.03.2009 17:44:12 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
31.03.2009 17:44:12 general: Old version: 491 (1169)
31.03.2009 17:44:12 system: Using temp: C:\DOCUME~1\User\LOCALS~1\Temp\_av_proI.tm~a03828 (61499M free)
31.03.2009 17:44:12 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
31.03.2009 17:44:12 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1169;p)
31.03.2009 17:44:12 system: Computer DnsName: system4
31.03.2009 17:44:12 system: Computer Ip Addr: 192.68.10.34
31.03.2009 17:44:12 system: Installed in: C:\Program Files\Alwil Software\Avast4 (61499M free)
31.03.2009 17:44:12 internet: SYNCER: Type: use IE settings
31.03.2009 17:44:12 internet: SYNCER: Auth: another authentication, use WinInet
31.03.2009 17:44:12 package: Part prg_av_pro-491 is installed
31.03.2009 17:44:12 package: Part vps-8032900 is installed
31.03.2009 17:44:12 package: Part news-4b is installed
31.03.2009 17:44:12 package: Part setup_av_pro-491 is installed
31.03.2009 17:44:12 package: Part jrog-33 is installed
31.03.2009 17:44:12 general: Old version: 491 (1169)
31.03.2009 17:44:12 file: SetExistingFilesBitmap: 1054->160->160
31.03.2009 17:44:12 general: GUID: 481c9606-f9c4-497f-8fe8-4bc705c45e57
31.03.2009 17:44:13 general: Server definition(s) loaded for 'main': 180 (maintenance:0)
31.03.2009 17:44:13 general: SelectCurrent: selected server 'Download629 AVAST Server' from 'main'
31.03.2009 17:44:13 package: GetPackages - set proxy for inet
31.03.2009 17:44:13 internet: SYNCER: Type: use IE settings
31.03.2009 17:44:13 internet: SYNCER: Auth: another authentication, use WinInet
31.03.2009 17:44:13 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
31.03.2009 17:44:13 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
31.03.2009 17:44:13 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
31.03.2009 17:44:13 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
31.03.2009 17:44:13 general: progress thread start
31.03.2009 17:44:13 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1169;p)
31.03.2009 17:44:28 internet: Used server: http://download629.avast.com/iavs4x
31.03.2009 17:44:28 package: Download servers.def, servers.def.vpu failed with error 0x20000011.
31.03.2009 17:44:44 internet: Used server: http://download629.avast.com/iavs4x
31.03.2009 17:45:00 internet: Used server: http://download629.avast.com/iavs4x
31.03.2009 17:45:00 file: GetFileWithRetry: servers.def downloaded .
31.03.2009 17:45:00 file: GetNewerStampedFile:DSA_FileVerify(C:\DOCUME~1\User\LOCALS~1\Temp\_av_proI.tm~a03828\onefile), error: 0x2000000B
31.03.2009 17:45:00 package: Tried to download servers.def but failed with error 0x20000011.
31.03.2009 17:45:00 general: Err:The package is broken.
Any idea what the problem might be?
PS. I checked the rest of the forum, I couldn't find a solution...
Thanks.
-
What firewall do you use on your computer, if any?
Have you ran a Malwarebytes scan on this computer as well?
-
Which is your Windows? 98, Me, XP, Vista?
Do you use any other antivirus in your computer?
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
-
There is no 3rd party firewall software installed, and windows firewall is restored to default.
No, I do not own a license for Malwarebytes scan.
The machine is Windows XP, as per the log.
I have tried a repair install, and an uninstall and reinstall.
Please can someone help me diagnose the error.
-
I've also tried chkdsk and memtest, with no errors. No success.
-
Please check if the following file is displayed correctly, it should contain [servers] on the first line:
http://download629.avast.com/iavs4x/servers.def
How do you connect to internet, is it ADSL? And do you have other computers with working avast updates using the same connection?
Try to open avast settings - update (connection), press Proxy button, and select Direct connection, press OK to confirm. Then try to start iAVS update manually again.
-
I can reach that file no problem.
It's ADSL through a router, other machines on the network can update no problem.
I don't think the internet connection is the issue here.
I think something is breaking Avast!...
I've been having issues with this machine lately...
First google results were taking me to couponmountain, then I tried to use regedit, and the explorer restarts...
Does this sound like a Conficter variant to you?
I'm not sure what it is, and nothing can find it, I can't update Avast! to get that to scan... I'm out of ideas right now...
Any thoughts?
-
Try to update avast off line and then post the last 300-350 lines of avast log: C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log
Download the update here: http://files.avast.com/iavs4pro/vpsupd.exe
-
No, I do not own a license for Malwarebytes scan.
Just an FYI, Malwarebytes is a free product...
-
Try to update avast off line and then post the last 300-350 lines of avast log: C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log
Download the update here: http://files.avast.com/iavs4pro/vpsupd.exe
I tried this, it seemed to work, but then the machine crashed. I'll get someone to reboot it on-site tomorrow.
No, I do not own a license for Malwarebytes scan.
Just an FYI, Malwarebytes is a free product...
MBAM is distributed as shareware.
http://en.wikipedia.org/wiki/Malwarebytes%27_Anti-Malware
Shareware, not exclusively freeware, however it seems the on-demand feature is free, so it could be useful in this situation. I'll give it a shot.
-
Well I haven't read the Wiki article but I'm using the 'freeware' not shareware version of MBAM, there is a paid version and that includes resident protection. So it looks like that wiki article is either out of date or incorrect ???
However, checking the article, you have been selective as it is quite clear there is a freeware version and what it includes.
This is a link to get the free version - MalwareBytes Anti-Malware, On-Demand only in free version
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.[/li][/list]
-
Ah, well I was really going off what their official website said...
-
Well, it says shareware. The part that we usually use here is the part that's free. We just want to do scans every once in a while, not have on-access / realtime protection.
Anyway, my post wasn't meant to bring on a debate whether it's free / shareware or whatever, I'm just saying that you don't have to pay for it to run a scan, that's all.
-
The page I'm looking at seems different to the one in the link in your image, though they aren't very clear at all about there being a totally free version for personal use. Perhaps the poor wording is designed to make people go straight to download the full paid option. Or not wanting to make it too clear you can get it free rather than pay $24.95.
The free trial version button if clicked takes you to download.cnet.com and if you ckick on the link there is would download mbam-setup.exe, the free version. Effectively the same as the link I gave earlier but downloaded from bleepingcomputers.com.
It is a reasonable one off fee (for personal use) and had I not already bought the SAS Pro version I would happily have paid for the full MBAM version, it is a good product.
-
I like 'em both. Still don't think you have to pay. I just noticed that Malwarebytes put that (shareware) word on there recently. Before, it used to say free I think.
Don't know if it's forcasting things to come or what. I dunno. Again, I was just letting hm2k know that he didn't have to pay (immediately anyway).
-
I tried this, it seemed to work, but then the machine crashed. I'll get someone to reboot it on-site tomorrow.
Please, go to folder \windows\minidump and send the newest (recent) .mdmp files for analysis. There is also C:\Windows\Memory.dmp file.
Better if you can compress (zip) them and add some information about the BSOD and the link for this thread. ;)
Send an email to: vlk (at) avast.com
Or upload it to this anonymous ftp server: ftp://ftp.asw.cz/incoming
-
it seems the on-demand feature is free, so it could be useful in this situation. I'll give it a shot.
Yes, the on-demand IS free.
-
I tried this, it seemed to work, but then the machine crashed. I'll get someone to reboot it on-site tomorrow.
Please, go to folder \windows\minidump and send the newest (recent) .mdmp files for analysis. There is also C:\Windows\Memory.dmp file.
Better if you can compress (zip) them and add some information about the BSOD and the link for this thread. ;)
Send an email to: vlk (at) avast.com
Or upload it to this anonymous ftp server: ftp://ftp.asw.cz/incoming
The only *.mdmp or *.dmp file I could find is C:\Program Files\Alwil Software\Avast4\DATA\log\unp103066715.tmp.mdmp which is 0 bytes -- it's empty.
I also ran vpsupd twice, it now says: VPS database is already up to date.
The Avast! memory test doesn't find anything...
I'm about to try mbam-setup.exe but I don't have high hopes.
There's definitely still something there as "regedit" still kills the explorer shell when you run it.
-
Okay, I've run mbam -- quick scan attached is the log before I removed them.
Run regedit still kills explorer, there's something still there.
I'm now doing a full scan using mbam.
How come Avast! didn't find these? -- perhaps because "the package is broken"...?
I'm very quickly running out of ideas... :/
-
I've sent you a private message here on forum, please let me know the results via email.
Also you can try this:
1. open avast settings
2. select update (connection) and press Proxy button
3. Set No proxy (direct connection)
4. press OK to confirm
5. start update manually from avast
-
The aswDld did seem to work ok, it created a servers.def, however, this file was filled with null bytes...
Something seriously strange is going on here...
-
I've sent you a private message here on forum, please let me know the results via email.
Also you can try this:
1. open avast settings
2. select update (connection) and press Proxy button
3. Set No proxy (direct connection)
4. press OK to confirm
5. start update manually from avast
I didn't understand what you meant by this at first, but now i've had another look at it it makes sense.
I tried it out, and success! It appears to download!
My issue now is that I have no system tray icons for Avast!, and running regedit still kills the explorer shell.
A full scan of mbam found nothing else.
-
My issue now is that I have no system tray icons for Avast!
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
Also, check your system time and date and if the avast license is valid.
-
I've tried a full uninstall and reinstall, that didn't fix it.
I'm currently running the demo license, which is still valid.
-
I'm currently running the demo license, which is still valid.
The key is valid for 60 days at the first installation.
Only 6 days in the subsequent ones (antipiracy feature).
I suggest you register the Home (free) one and use it if you won't buy the Pro ;)
-
I'm currently running the demo license, which is still valid.
The key is valid for 60 days at the first installation.
Only 6 days in the subsequent ones (antipiracy feature).
I suggest you register the Home (free) one and use it if you won't buy the Pro ;)
It is still valid regardless, I won't be registering/buying if I can't get it working. ;)
-
It is still valid regardless, I won't be registering/buying if I can't get it working. ;)
Register is free.
-
It is still valid regardless, I won't be registering/buying if I can't get it working. ;)
Register is free.
Not for pro.
-
I found the bugger!
It was in Driver32, called yccn.bvu with a key called aux.
I uploaded it to the FTP.
I can email it if anyone wants it.
-
Do you mean a file that was (infected) blocking the avast update?
-
Using a boot cd to edit the registry I was able to remove the call to this "driver" which was preventing avast updates and icons from loading amongst other things.
Once I had removed this, and restarted I was able to access things as normal.
This file is not registering as infected, it's undetected by anything.
-
Interesting, thanks for the sample.
The virus analysts will do something with it.
Thanks
Vlk
-
Glad I could help. :)
-
has anything further happened to this?
I've had the same problems (redirecting to couponmountain, avast not updating, etc.). following the steps for "No proxy" has worked to get avast to update, but I'm still getting redirected...