Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sergofun on October 27, 2010, 08:40:53 AM

Title: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on October 27, 2010, 08:40:53 AM
Hello!
While serf in Internet got a message from Web Shield that trojan attack blocked. After it an AvastUI error appeared. Here the Windows log:
Log Name: Application
Source: Application Error
Date: 26.10.2010 21:35:37
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Home-PC
Description:
Faulting application name: AvastUI.exe, version: 5.0.677.0, time stamp: 0x4c8652f2
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b21e
Exception code: 0xc0000005
Fault offset: 0x0005206e
Faulting process id: 0x620
Faulting application start time: 0x01cb752652e587a5
Faulting application path: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 713e9584-e127-11df-8364-001d7d026d56


Web Shield says that was hxxp://cappital.net/in.cgi?6&CS=1|>{gzip} [L] HTML:RedirME-inf [Trj] (0)
What is it? Can it be fixed?
Thanks!
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: CraigB on October 27, 2010, 01:23:25 PM
I would do a scan with malwarebytes and then try a repair of avast through add remove program's.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on October 28, 2010, 09:55:35 AM
Some new facts. Adobe Flash Player was not installed. Could it cause the occurred error?
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: CraigB on October 28, 2010, 02:08:43 PM
Some new facts. Adobe Flash Player was not installed. Could it cause the occurred error?
Not having flash installed should not produce any errors, you will just not be able to view the statistics screen.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on October 29, 2010, 08:04:51 AM
While serf in Internet got a message from Web Shield that trojan attack blocked. After it an AvastUI error appeared.
Web Shield says that was hxxp://cappital.net/in.cgi?6&CS=1|>{gzip} [L] HTML:RedirME-inf [Trj] (0)
1.   When the Web Shield blocked you, did you get a red window telling you that Avast identified this as a malicious site?  If so, did you leave that site?
2.   What is your OS, 32 or 64-bit?
3.   What version of Avast did you install?  5.0.677 is the currently version.
4.   Have you run any Avast scans (after your definitions are up to date) since this happened?  If so, what type of scans (Full, Quick, or Boot-time) did you run?  Was anything detected (infections) in the scan?  If so, what did you do with it....put it in the Virus Chest where it is safe or do something else?  If anything is in the Virus Chest, please give a screen shot.

5. Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

Please let me know if you have any questions.  Thank you. :)
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on October 29, 2010, 10:58:32 AM
SafeSurf, thank you, I'll try to answer on all questions.
I did not have this application error. I just try to help another man which had it or to help the ALWIL to make avast more better :)
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on November 01, 2010, 08:23:00 AM
Not having flash installed should not produce any errors, you will just not be able to view the statistics screen.
craigb, as for me I think the same, it shouldn't produce any errors with AvastUI.

SafeSurf, here the answers.
1. No, he didn't get a red window telling that Avast identified this as a malicious site. But it was a red window telling that Avast block a trojan attack. Then a red window very quick dissapeared and he saw a window with AvastUI error.
2. Windows 7, 32 bit.
3. The avast version was 5.0.677.
4. No, he haven't any avast scans since this happened. He just checked up a disk with the auditor on any unapproved changes, checked up autostart, browser plugins, checked up is it possible to start the manager of the tasks and the regedit - all was fine. Virus Chest is empty.
5. MBAM log:
Code: [Select]
Database version: 5004

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.10.2010 8:49:09
mbam-log-2010-10-31 (08-49-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 223507
Time elapsed: 23 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

He also did a Dr.WEB CureIT scan, nothing was found.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on November 01, 2010, 08:36:45 AM
Although the bottom part of the MBAM log is cut off, it looks clean.  It appears that Avast recognized and blocked him from going into a site it knew was infected and saved him, which is good.

Keep the Avast definitions up to date.  You may want to do an Avast Full scan as a "just in case" and a Boot-time scan after definitions are updated.  Should any infections come up, make sure they go into the Virus Chest (do NOT delete them), although I think you will come out clean.  It appears as though Avast did a fine job.  :)

Let me know if you have any other questions or concerns.  Thank you.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on November 01, 2010, 09:17:03 AM
SafeSurf, thank you!
I am still wonder, why blocking the trojan attack had led to AvastUI error? ???
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on November 01, 2010, 09:22:45 AM
It wasn't really an error, it was Avast warning you not to enter the web site.

When you feel that your issue is resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. 

In the meantime, I will be available to assist you.

Feel free to come back any time you need help, to learn something new, or just to ask questions.  We are here 24/7 for your convenience.  Thank you.  :)


Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on November 01, 2010, 10:59:12 AM
It wasn't really an error, it was Avast warning you not to enter the web site.
No, there were 2 messages:
- first, a red window telling that Web Shield block a trojan attack (held about 2 seconds and then disappeared),
- second, a Windows system message about AvastU.exe error (appeared right after the first message).
Thank you.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on November 02, 2010, 01:13:23 AM
first, a red window telling that Web Shield block a trojan attack (held about 2 seconds and then disappeared
This is the normal alert you will see when Avast is telling you that it had detected something while you are surfing and to "get out of there" to protect you.  It is NOT an error message...it is an alert.

second, a Windows system message about AvastU.exe error (appeared right after the first message.
This was your machine telling you about the Avast alert, although I don't normally see it, but every system is different.

Keep the Avast definitions up to date.  You may want to do an Avast Full scan as a "just in case" and a Boot-time scan after definitions are updated.  Should any infections come up, make sure they go into the Virus Chest (do NOT delete them), although I think you will come out clean.  It appears as though Avast did a fine job.
You do not need to worry about these alerts.  Just continue with your Avast updates and perform the scans as I suggested in my quote above about scans.  Thank you.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on November 02, 2010, 10:34:35 AM
@ sergofun,

Based on your post in the Russian forum, I see that you are confused/concerned about this problem.

I would like you to do the following to make sure your machine is clean of malware since you are concerned about the Windows "error":

1.  Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) (blue button) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

2.  Update your Avast definitions and perform a Avast Full scan and report the results.  If anything comes up as infected, put it in the Virus Chest and give me a screen shot of what is in the Chest.

3.  Update your Avast definitions and perform a Boot-time scan.  If anything comes up as infected, put it in the Virus Chest and give me a screen shot of what is in the Chest.

Do you have any questions?
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on November 02, 2010, 11:22:07 AM
@ sergofun,

Based on your post in the Russian forum, I see that you are confused/concerned about this problem.

Yes, you are right. I think there is some misunderstanding. I want to say that AvastUI crashed after trojan attack. The Web Shield blocked the trojan attack then AvastUI.exe crashed and appeared a Windows system message about "Application Error". The log of this error I resulted in my first post in this topic.
The machine is clean of malware, it was checked with Dr.WEB CureIT and MBAM.

My question is why the trojan attack blocking had led to AvastUI crash?
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: Onix on November 03, 2010, 04:00:07 AM
@SafeSurf:
Just wrote a message in the Russian subforum for sergofun.He'll try to find and post an unclickable link,which led to the crash. And we'll try to confirm the crash.Do you agree? :)

Edit: o,the link is already posted. Do you confirm the crash? I think that sergofun wait a confirmation. I'll try to confirm/disconfirm the crash later.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: SafeSurf on November 03, 2010, 07:17:37 AM
Since my Russian is poor, as you probably noticed by my post in the Russian forum in trying to translate ::) (I tried), I would suggest that as long as you feel that your machine is clean and you are trying to find out why the Trojan crashed your system that you submit a dump report to Avast.

Here is additional information on how to invoke a memory dump file:  http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71 (http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71).  Read the instructions to the link carefully on how to do this, and how to zip the file and rename it uniquely.  You will NOT be sending the file to the forum, but to the address listed in the link in the url I just gave you above, which goes to Avast.  They will analyze it and respond back to you either in this thread or by email.

Onix, perhaps you can help sergofun with any translation issues if that is possible or needed.  If you have any questions, feel free to ask me here as well.  Thank you for your help.
Title: Re: AvastUI.exe, application error after trojan attack blocked
Post by: sergofun on November 04, 2010, 07:36:06 AM
SafeSurf, thank you. We'll try to invoke a memory dump file if AvastUI crash again.