Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ponticelli on May 16, 2009, 04:25:44 PM
-
Today, when I disable "boot scan", the red icon with a white cross in the tray doesn't pop up anymore. I can only see a little red circle on the "a" blue icon. Someone can help me?
-
Well avast doesn't use a Red icon with a White cross, so that is something entirely different.
The red circle on the avast 'a' icon is an indication avast isn't running.
- Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
- What avast processes are running in Task Manager, they begin with ash or asw, see image ?
You shouldn't have to disable a boot-time scan as it is set to run after initial install (if you choose to do that) or you actually scheduled it, so I'm not entirely sure it is that you are doing here.
I suggest you remove your email from your post (Modify) unless you like spam as it could be harvested by a spambot.
-
Thank you very much, DavidR, for your answer: now I think I have understood the "missing Red icon". It was a warning of "Windows XP (home edition) Security Center" (I hope this is the right translation): for some mysterious reason now they have decided to eliminate that red icon when I disable the boot-time scan. Note that I do this disable only during the installation of some heavy new program (after downloaded and "avast checked" it).
No other AV ghost programs in my PC, and Task Manager is mirror of yours.
About your suggest to remove my email, I have hidden it from my profile, but I don't know how to remove it from my first post....
Thanks again
Paolo
PS: I successfull removed my email from the first post with "modify"! Excuse me for my fault.
-
Well WSC icon is a Red Shield (not circle) and has a white X not + cross and is normally accompanied with the speech bubble.
See image, is that what you say ?
Remove the email from the bottom of your first post, you are the only one that can see the little email envelope in your profile, we can't.
Edit: Quoted text removed.
I'm still unclear, but I believe you don't mean boot-time scan but disable avast, frankly this is crazy as when you install something heavy or otherwise is when you need your AV most.
If so then it looks like the WSC is disabled or you aren't monitoring the AV, in the WSC ?
-
Excuse me for that confusion: yes, the little red circle is what you say:
The red circle on the avast 'a' icon is an indication avast isn't running
, and pops up when I disable "Protezione all'avvio".
Well WSC icon is a Red Shield (not circle) and has a white X not + cross and is normally accompanied with the speech bubble.
See image, is that what you say ?
: yes, is that what I said, but I don't understand why it doesn't pop up anymore.
If so then it looks like the WSC is disabled or you aren't monitoring the AV, in the WSC ?
: The WSC is perfectly enabled, and I'm monitoring AV...
this is crazy as when you install something heavy or otherwise is when you need your AV most.
: I disabled AV because I remember that on an old PC (with McAfee AV) they suggested to temporary disable AV during a program installation! From today I will not do it anymore!
Email removed at all, thanks.
-
OK so the GUI of the Windows Security Center appears to be enabled and monitoring avast, there are however some registry entries than can be disabled so the WSC doesn't actually report, run this application as that will check for this type of registry modification.
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
- MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
Yes, years ago it was common practice to disable AVs before installing many applications (mainly because the application suggested you do it). However, operating systems, applications and anti-viruses have advanced from then where you shouldn't need to disable them.
There as always some exceptions to this rule, as some high powered malware cleaning tools need to have the AV disabled or it would stop them doing their cleaning. These aren't your regular anti-spyware/malware applications (like MBAM above) and anyone advising a particular one would give instruction on how to use, including if your AV needs to be temporarily disabled.
Just to show you no one else can see your email in the post details to the left of every post, see image, you can see the envelope and we can't.
-
Thank you again for your time spent for me, DavidR, tomorrow I'll execute that application and I will notify you all the results: have a good day.
PS: If you like trekking and nature, look at attachment: That's a flower I found during one of my treks in Appennini mountains, near Florence.
-
No problem, glad I could help.
Very nice image, but my trekking days are over bad knees 27 years in the military much of it parachuting.
Welcome to the forums.
-
OK so the GUI of the Windows Security Center appears to be enabled and monitoring avast, there are however some registry entries than can be disabled so the WSC doesn't actually report, run this application as that will check for this type of registry modification.
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
OK, I've installed Malwarebytes and run a "quick scan"; that is the log:
Malwarebytes' Anti-Malware 1.36
Database version: 2145
Windows 5.1.2600 Service Pack 3
17/05/2009 19.04.30
mbam-log-2009-05-17 (19-04-30).txt
Scan type: Quick Scan
Objects scanned: 77150
Time elapsed: 3 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
After quarantined the infected registry key, that is the log of another scan ("Full"):
Malwarebytes' Anti-Malware 1.36
Database version: 2145
Windows 5.1.2600 Service Pack 3
17/05/2009 20.16.14
mbam-log-2009-05-17 (20-16-14).txt
Scan type: Full Scan (C:\|)
Objects scanned: 160637
Time elapsed: 26 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Seems that you've corrected the problem, haven't you? Is it everything ok now?
-
I don't believe so, as that registry entry doesn't seen to have anything to do with the windows security center, so we will have to wait for ponticelli to confirm.
-
I don't believe so, as that registry entry doesn't seem to have anything to do with the windows security center, so we will have to wait for ponticelli to confirm.
You are right DavidR: even if I'll never disable boot-scan (It's what I made every time I installed a program, not disable Avast in the WSC!!), if now I try to disable boot-scan, no "Red Shield with white X accompanied with the speech bubble" pops up. When I made this disable some days ago I saw red shield popping up and a warning balloon: now it doesn't happen anymore.
-
You are still confusing me with your use of the term "now I try to disable boot-scan, no Red Shield"
Disabling the avast boot-time scan has nothing to do with disabling avast, so I don't actually know what it is that you are doing. The avast boot-time scan has a distinct function and is independant of avasts on-access protection, so disabling that makes no difference, not to mention is isn't enabled unless you specifically schedule it for the next boot. So I'm confused as I was in my very first reply...
If you right click on the avast icon and select Stop On-Access protection (that is disabling avast, see image) then the WSC Alert should, is this what you are doing ?
-
I'm sorry, but that confusion comes from a bad translation of Italian "protezione all'avvio"; now, seeing your image, the disable that I mean is just "Stop On-Access protection" (the man who translated from English made an error, because "boot" means "avvio" in Italian, so the misunderstanding).
If you right click on the avast icon and select Stop On-Access protection (that is disabling avast, see image) then the WSC Alert should
No Alert pops up, some days ago it popped up, like I said in my last post.
Excuse me again.
-
OK, that has cleared up the confusion.
Well there is certainly something wrong with the WSC then but what is the question.
If it reports that the anti-virus is running in the WSC interface when it is running, then it should report using the Red shield when it is disabled.
Try this:
Windows XP SP2, SP3 Start, Run, type cmd and click OK.
From the command prompt type 'rundll32 wbemupgd, RepairWMISetup' without the quotes and enter.
If that doesn't work try:
* Click Start, Run and type CMD.EXE
* Type this command and press Enter:
net stop wscsvc
net stop winmgmt
* Using Windows Explorer, rename the folder %windir%\System32\Wbem\Repository. (For example, %windir%\System32\Wbem\Repository_bad.). %windir% represents the path to the Windows directory, which is typically C:\Windows.
* Switch to Command Prompt window, and type the following and press ENTER after each line:
net start winmgmt
net start wscsvc
EXIT
Reboot
The above are related to problems with the WSC not recognising the anti-virus or firewall, so I don't know if this process will bump start it into working properly.
-
I'll be glad to try your work for this problem: now here in Italy is 9 pm and tomorrow morning I'll try that (I usually wake up at 5 am....)
Thanks again
-
You're welcome.
-
Try this:
Windows XP SP2, SP3 Start, Run, type cmd and click OK.
From the command prompt type 'rundll32 wbemupgd, RepairWMISetup' without the quotes and enter.
I'm testing your patience.... Sorry, but my knownledge of DOS is veeery poor: this is my first try (see attach)
-
Whilst you shouldn't have to CD into the system32 folder, the system Path setting should have taken care of that. However, it doesn't give a reason why that would make it fail, I don't know what the 'Voce mancante' means, but google does Item missing, which is strange as I though that the RepairWMISetup was like a parameter for the wbemupgd.
So all I can suggest is to try the second longer option that was contained in the quoted text of the same post.
-
I don't know what the 'Voce mancante' means, but google does Item missing
Yes, the translation is OK.
So all I can suggest is to try the second longer option that was contained in the quoted text of the same post.
I tried that second longer option but same result: If I disable Firewall from control panel or disable "Avast Stop On-Access protection"
from "a" icon in the tray, nothing happens...
To conclude this strange story, I am conscious about the WCM status, either for Firewall or for Avast (Avast in any case adds the red circle on the "a"), so I should think to make sleep this problem...
-
Sorry, I forgotten to tell you about another tray that I made before your 2nd one:
For Windows XP SP2, use the following command to check for corruption, and repair if necessary:
“rundll32 wbemgupgd, UpgradeRepository”
Here is the today result of log “C:\WINDOWS\SYSTEM32\wbem\Logs\setup.log”:
(Tue May 19 17:31:07 2009): ================================================================================
(Tue May 19 17:31:07 2009): Beginning WBEM Service Pack Installation
(Tue May 19 17:31:07 2009): Current build of wbemupgd.dll is 5.1.2600.5512 (xpsp.080413-2108)
(Tue May 19 17:31:07 2009): Current build of wbemcore.dll is 5.1.2600.5512 (xpsp.080413-2108)
(Tue May 19 17:31:09 2009): Wbemupgd.dll Service Security upgrade succeeded (XP SP update).
(Tue May 19 17:31:09 2009): WBEM Service Pack Installation completed.
(Tue May 19 17:31:09 2009): ================================================================================
-
So the WSC although running doesn't report on the firewall if you turn that off, again all that confirms is the WSC is the issue and nothing in avast.
So as you say now that you are aware of that you can monitor, their icons.
My firewall when I hover the mouse over its icon, it gives some basic information, which I can only assume wouldn't be if it weren't running. Although this isn't as easy to determine as avast, it may help you monitor your firewall.
This is an example of what would be in the setup log on successful completion.
After running UpgradeRepository you can verify the results by looking at the Setup log. If inconsistencies are detected and if the operating system was able to rebuild the Repository you should see information in Setup.log similar to this:
(Wed Oct 12 13:46:36 2005): ===========================================================================
(Wed Oct 12 13:46:36 2005): Beginning WBEM Service Pack Installation
(Wed Oct 12 13:46:36 2005): Current build of wbemupgd.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Wed Oct 12 13:46:36 2005): Current build of wbemcore.dll is 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
(Wed Oct 12 13:46:52 2005): Inconsistent repository detected; it will be recreated
…
…
(Wed Oct 12 13:47:33 2005): Wbemupgd.dll Service Security upgrade succeeded (XP SP update).
(Wed Oct 12 13:47:33 2005): WBEM Service Pack Installation completed.
(Wed Oct 12 13:47:33 2005): ===========================================================================
Note. There will probably be other entries in the log as well, but you should specifically look for the ones shown above.
-
again all that confirms is the WSC is the issue and nothing in avast.
SOLVED!!
The problem was very hidden....
Before red shield disappearing, I made some disabilitations that only today I've remembered: I disabled some items in "services.msc" to free resources, and the killer of that red shield was... "Windows Time".
So it was a my fault, and I apologize about your time spent for me!
-
No problem, and the main thing that everything is working again.
Not to mention you have learnt a valuable lesson, exercise care when disabling services. Always check their dependencies, I also never disable but set to manual if testing as disabled it will never start but set to manual if something requires it then it should be able to be started.