Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: balm on November 24, 2010, 06:08:50 PM

Title: [RESOLVED]strange behavior report file, then no reports
Post by: balm on November 24, 2010, 06:08:50 PM
hi everyone, you folks do great work, appreciated

-avast 50677 free, latest update/defs
-Compaq desktop 2G -dual core
-OS windows 7 home premium 32 bit
-basic application MS office 2007
-no other spyware/av
-dont think any previous security was installed....

clicked on report file in File shield, or any shield, and instead, a program opens up with errors message (4NEC2 electromagnetic modeling), didnt get all details, "D: path...filename.exe...corrupted archive ...4021..."

did memory, system, all hardisks, startup, boottime, removeable, folders, 4nec2, C:, D:, all scans with normal to high sensitivity - no errors no viruses - settings report file type ANSI, Append

went to check c: Alwil path... folder for Reports, and its not there, doesnt exist!

first time i get this problem, but not checked before in long time, and not sure had report file set up properly before.


today i use programs, uninstall programs 4nec2, delete its folders, uninstall Avast, delete Alwil folder, reboot, reinstall Avast,do settings, do short scan, STILL NO report file, real-tim seems to be running, STILL no report file found in Alwil path...?

Any help is appreciated..thank you

Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 24, 2010, 06:12:48 PM
hi everyone, you folks do great work, appreciated

Thanks a lot, but not sure what you want to ask/know... ;)
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 24, 2010, 06:55:27 PM
Asyn, wow you are fast,

sorry about that...

more info: i have Windows Defender disabled

gen maintenance done - check disk, disk cleanup, ccleaner, disk defrag (lots of free disk space)
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 24, 2010, 08:10:23 PM
No need to disable Windows Defender.
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 24, 2010, 08:15:21 PM
Sorry to say, but I still don't get what you want to know...
If you want to know where to find the report files: Search for WebShield.txt on your system.
You can find all report files in the same directory...
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 24, 2010, 11:04:14 PM
YoKenny,


thanks, your gif, avast doesnt produce this anymore when i click the "show report file" radio button in any of the shields...

for a while when i click it just opened up one of my installed programs called 4nec2 with error message...refering to filepath on D: drive (my recovery drive)

after reinstall, when i click the button, nothing happens at all.

..then couldnt find reports folder, but looked in wrong alwil folder (in Program files, instead of Program Data) as ASYN tells me



i take your point about Defender, i will reenable it, i now learned it wont conflict with Avast in any way...correct..? (ill open new thread if need be)

thanks
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 24, 2010, 11:14:50 PM
i now learned it wont conflict with Avast in any way...correct..?

Correct. Still I wouldn't give it any memory...
Btw, good you could solve your problem..! :)
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 24, 2010, 11:16:23 PM
ill try to be clear Asyn thanks


ref. previous post,

1. my question is first place, why might the shield "show report file" button open up my programs instead of report file?

2. what could that "D: path...corrupted archive file" message mean?

3. why when i reinstall, now nothing happens when i press button "show report file" and  no report folder found in my system?

thanks
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 24, 2010, 11:24:29 PM
1. my question is first place, why might the shield "show report file" button open up my programs instead of report file?
2. what could that "D: path...corrupted archive file" message mean?
3. why when i reinstall, now nothing happens when i press button "show report file" and  no report folder found in my system?

1. That's strange. To sort out malware run Free Mbam and report back here.
http://www.malwarebytes.org/mbam.php
2. Could mean you have a corrupted archive on your d: drive... ;)
3. Maybe there are no reports present right now, as you just reinstalled avast...
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 12:26:08 AM
excellent thanks Asyn, may be you know im beginner ;)


1. what you mean when you say wouldnt give it Memory...ref. defender???


2. ok latest, redid full ccleaner,disccleanup, checkdisk....show reports file now WORKING again.....thanks


3. still like to investigate the archive D: file error.  i will download MBAM, will this one conflict with Avast at all?

4. any other built in windows diagnostic i can do to find archive error message related info in the computer 
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 04:01:13 AM
here what mbam found, everything else seemed ok

Quote
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

is tghis bad, what should i do, i did not remove, and dont know if its related to previous issues, thanks


Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 10:02:21 AM
1. what you mean when you say wouldnt give it Memory...ref. defender???
2. ok latest, redid full ccleaner,disccleanup, checkdisk....show reports file now WORKING again.....thanks
3. still like to investigate the archive D: file error.  i will download MBAM, will this one conflict with Avast at all?
4. any other built in windows diagnostic i can do to find archive error message related info in the computer 

1. I mean I would disable it, but that's just my personal opinion.
2. You're welcome.
3. Mbam does not conflict with avast. Be sure you update it before scanning..!
4. Forget about the archive, it's no threat...!
asyn
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 10:05:41 AM
here what mbam found, everything else seemed ok

Quote
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

is tghis bad, what should i do, i did not remove, and dont know if its related to previous issues, thanks

Let Mbam take care of its findings..!!
asyn
Title: Re: strange behavior report file, then no reports
Post by: SafeSurf on November 25, 2010, 10:14:50 AM
After updating MBAM, then run the scan as Asyn said.

·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   Copy & Paste the entire report in your next reply.
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 05:41:42 PM
Asyn, thank you

SafeSurf, Asyn


heres the full updated log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5188

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/11/2010 11:37:46 AM
mbam-log-2010-11-25 (11-37-46).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|J:\|)
Objects scanned: 219757
Time elapsed: 51 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



i put it on ignore list, is that a goog idea,??
Title: Re: strange behavior report file, then no reports
Post by: DavidR on November 25, 2010, 06:28:58 PM
No I wouldn't have ignored it, as what it appears this registry key modification does is disable the search function in explorer, that could be to prevent you searching for malware.

So I suggest that you delete the entry from the ignore list, run MBAM again and let it deal with it, e.g. Remove. What it actually does is modify the key so it allows the search function.
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 07:23:02 PM
excellent, thank you David, in the results, i saw thre remove button, but was tentative, becuase i thought this might delete it completely!

thanks ill retry and let you know
Title: Re: strange behavior report file, then no reports
Post by: DavidR on November 25, 2010, 07:24:39 PM
You're welcome.
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 07:38:32 PM
ok so here i should click "remove" ?
Title: Re: strange behavior report file, then no reports
Post by: DavidR on November 25, 2010, 08:14:17 PM
Yes, click the remove selected button.
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 09:13:49 PM
thanks - so much to understand ::)
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 09:17:32 PM
thanks - so much to understand ::)

Everything OK now..??
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 09:21:53 PM
seems good!


iwhen i clicked remove on the above, it put it in Quarantine...do i just leave it there?
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 09:28:29 PM
1. seems good!
2. when i clicked remove on the above, it put it in Quarantine...do i just leave it there?

1. OK.. :)
2. You can leave it there, it's safe...!!
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 25, 2010, 10:24:36 PM
thanks Asyn, sorry for beating this to death!...so even in quarantine this can be used by the system if need be?
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 10:30:50 PM
1. thanks Asyn, sorry for beating this to death!...
2. so even in quarantine this can be used by the system if need be?

1. No problem.
2. No, it can't be used by the system, it's locked in quarantine. (similar to the chest in avast) But you won't need it again, as it's malware. Just keep it there for some time for reference, if your problems are solved you can delete it later on. (2 weeks)
asyn
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 25, 2010, 10:32:53 PM

i put it on ignore list, is that a goog idea,??
so even in quarantine this can be used by the system if need be?

Its not a good idea as you are running Vista or Windows 7.

Please see:
Trojan - Start_ShowSearch - Fasle +ve?
http://forums.malwarebytes.org/index.php?showtopic=15091

Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 10:36:26 PM
Please see:
Trojan - Start_ShowSearch - Fasle +ve?
http://forums.malwarebytes.org/index.php?showtopic=15091

Thanks for your input, Kenny...!
But the info is from May 2009.... ;)
asyn
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 25, 2010, 10:42:43 PM
But the info is from May 2009.... ;)
Yes it is and some people give advice while running XP to people running a more modern operating system.  ;)
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 25, 2010, 10:51:39 PM
Yes it is and some people give advice while running XP to people running a more modern operating system.  ;)

True. ;D 8)
Title: Re: strange behavior report file, then no reports
Post by: balm on November 26, 2010, 01:28:19 AM
ok thank you gentlemen :)

so the actual registry value in the computer now should be there and should = (1)
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 26, 2010, 01:38:14 AM
1. ok thank you gentlemen :)
2. so the actual registry value in the computer now should be there and should = (1)

1. You're welcome..! :)
2. Yes.
asyn
Title: Re: strange behavior report file, then no reports
Post by: balm on November 26, 2010, 03:44:21 AM
1. from what i read its no conflicts using Avast(free), Windows 7 Defender (real-time), and MBAM(free) all at the same time,correct??? (even if warning slow system)

2.will adding Spybot S&D (free) - (which has schedule update, and schedule on-demand scans, i think)-  plus the above, cause conflicts?

thnaks for your input
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 26, 2010, 08:11:51 AM
1. from what i read its no conflicts using Avast(free), Windows 7 Defender (real-time), and MBAM(free) all at the same time,correct??? (even if warning slow system)

2.will adding Spybot S&D (free) - (which has schedule update, and schedule on-demand scans, i think)-  plus the above, cause conflicts?

thnaks for your input

1. Correct.
2. I wouldn't use Spybot.
asyn
Title: Re: strange behavior report file, then no reports
Post by: SafeSurf on November 26, 2010, 08:54:23 AM
@ balm,

I agree, do not add Spybot as we have seen problems with this and Avast.  You have good protection using Avast and MBAM now.  What are you using for a firewall...the Win7 firewall or something else?
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 26, 2010, 02:06:06 PM
2. I wouldn't use Spybot.
+2

Keep Windows Defender definitions up to date with its portal:
Latest definition version: 1.95.656.0
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
Title: Re: strange behavior report file, then no reports
Post by: balm on November 26, 2010, 04:25:10 PM
Asyn, Yokenny, Safesurf, thank you all for your recommendations,


1. yes i am using Windows & "Defender" so far, but i was letting it auto check for updates before running scan - but i notice the definitions dont match as per YoKenny

2. so i WILL follow your recommendations re. Spybot (free), the reason i was thinking Spybot was this:

http://help.artaro.eu/index.php/general-security/antimalware-programs.html (http://help.artaro.eu/index.php/general-security/antimalware-programs.html)

and this,

Quote
Any effective antivirus does a good job protecting from viruses and basic malware, but they often lack detection of seriously dangerous malware. While there are no free and effective real-time (scanning all items when they enter your computer; not just on-demand scanning) antimalware programs, you should still run an antimalware scan at least once a month. And you can do this for free!

If using terms "antivirus" and "antimalware" confuses you, read our article about how viruses differ from other malware.

For security purposes, I recommend having two different antimalware programs installed - Spybot Search & Destroy and Malwarebytes' Antimalware. As they do not do real-time scanning, they do not slow down your everyday computer usage. Both have their strong points and complement each other.

Spybot Search & Destroy
It was a flagship of antimalware programs a few years ago, but now its age starts to show. Spybot Search & Destroy (often called just "Spybot" or "Spybot S&D") has still a good detection and removal rate, but its main strong point is adding a special blacklist of malicious sites to Windows hosts file and Internet Explorer's list of Restricted sites - a process called Immunization.

A malicious site included in hosts file by Spybot S&D cannot be resolved to a working IP-address, so you are protected from entering the site and therefore chances of getting your computer infected there are zero!

Immunization by Spybot S&D actually does a good job preventing malicious software from getting into your computer in the first place!  Combine this with McAfee SiteAdvisor and you get a much safer Internet experience.
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 26, 2010, 08:45:08 PM
When I see
Quote
Immunization by Spybot S&D actually does a good job preventing malicious software from getting into your computer in the first place!  Combine this with McAfee SiteAdvisor and you get a much safer Internet experience.
I know that SpybotS&D is useless as much as McAfee SiteAdvisor is.

Malwarebytes is miles ahead of Spybot S&D.
Title: Re: strange behavior report file, then no reports
Post by: balm on November 26, 2010, 08:48:17 PM
YoKenny,



ididnt realize Mcafee Advisor was that useless,


but ill take your word for it...thank you, also remember its the MBAM free version so no extra real-time scan


while we are on the subject of security, what you think about these (free):

-KeyScrambler Personal (seems to freexe IE8 though)
-MS EMET
-Secunia PSI

thanks again!
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 26, 2010, 09:03:40 PM
-KeyScrambler Personal <== don't use it
-MS EMET <== don't use it
-Secunia PSI <== quite good and I use it
Title: Re: strange behavior report file, then no reports
Post by: balm on November 26, 2010, 09:30:27 PM
are you telling me that you havent used it or are you telling me not to use it?
Title: Re: strange behavior report file, then no reports
Post by: YoKenny on November 27, 2010, 12:18:09 AM
I meant have not used it not don't use it.  :-[

English is a funny language where things have very different meanings when used in different context.
Title: Re: strange behavior report file, then no reports
Post by: SafeSurf on November 27, 2010, 09:49:33 AM
Many of us here use Secunia PSI, and it comes highly recommended since software changes so frequently.  We like to keep our software current (up to date) as this reduces the chances of a security risk.

There has not been any mention on the forum regarding the other two software you mentioned, nor have I heard of them.  Since we do a lot of fixes and malware removal, that doesn't say too much about them I guess.  ::)  Perhaps looking at user's Signatures (at the bottom of user's posts) to get an idea of their system set up might help.

Let us know if you have any additional questions.  Thank you.
Title: Re: strange behavior report file, then no reports
Post by: Asyn on November 27, 2010, 04:28:17 PM
1. Many of us here use Secunia PSI, and it comes highly recommended since software changes so frequently.  We like to keep our software current (up to date) as this reduces the chances of a security risk.
2. There has not been any mention on the forum regarding the other two software you mentioned, nor have I heard of them.

1. +1
2. Sorry, SafeSurf, but I have to correct that. EMET is a well known MS-tool..!! ;)
You can read about it here: http://forum.avast.com/index.php?topic=63221.msg536887#msg536887
as well as in some other topics on the forum and it's worth using it, if one understands what to do with it, imo...!! (I don't know anything about KeyScrambler Personal though...)
Have a nice weekend,
asyn
Title: Re: strange behavior report file, then no reports
Post by: mag on November 27, 2010, 05:36:15 PM
I've used keyscrambler in the past and had no problems with it - if you're concerned about keyloggers it should be effective.

(I removed it because it isn't compatible with Trusteer Rapport (which has its own scrambler for protected sites)).
Title: Re: strange behavior report file, then no reports
Post by: balm on November 27, 2010, 11:02:36 PM
thank you all for input


-keyscrambler appears it could help security when typing (thru browser only)- ive installed now on 2 computers and had to disable it on both, IE8 just freezes/hangs after opening 3-4 tabs

-EMET also may be helpful, and appears simple enough, but you have to manually add the desired applications to it so it can monitor....


thnaks again all !
Title: Re: strange behavior report file, then no reports
Post by: SafeSurf on November 28, 2010, 10:30:05 AM
@ balm,

If you are looking for extra protection that is compatible with Avast in IE, you may want to also check out this http://www.prevx.com/#nogo (http://www.prevx.com/#nogo) as I have in my Signature.  It does contain a keylogger as well as other features like IP verification/SSL status and more.  I have used it for several years with Avast and have had no conflicts and it is light on your system.  Both have saved me when using banking sites using the SafeOnline portion when I trialled a different FW on another machine than is what on my Signature.
Title: Re: strange behavior report file, then no reports
Post by: mag on November 28, 2010, 02:46:04 PM

-keyscrambler appears it could help security when typing (thru browser only)- ive installed now on 2 computers and had to disable it on both, IE8 just freezes/hangs after opening 3-4 tabs

I used Keyscrambler OK with Firefox. As Safesurf suggests, you could use prevx. Trusteer Rapport is similar (but doesn't work with 64bitIE8 as yet).
Title: Re: strange behavior report file, then no reports
Post by: balm on November 28, 2010, 03:47:32 PM
ok thank you both, ill look into that