Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Saulius on February 18, 2012, 03:02:19 PM
-
I have had it happen a few times that the PC clock has been re-set for whatever reason (possibly with a BSOD issue but most likely caused by Malware infection) to the year 2099! :o
Usually it gets set to the 1/1/2099 with or without a different or wrong day of the Week, and while it isn't too much of a bother returning the date & time back in Windows 7 this is quite annoying to have to do but...
The bigger concern, especially if it is a form of hack vulnerability for a sleeping backdoor trojan or malware exploit that is activated when the system clock is adjusted to that ridiculously future arbitrary date a few things stop working properly especially security software with end date licenses, so they just automatically stop functioning.
Avast! is one such program that unfortunately stops functioning completely and fails like others to be allowed to update or re-start in 2099, IME. I've had this happen a few times in the past and figure that a full system reformat swipe and re-install ultimately is the most secure way to completely clean the PC in such cases where even after returning to current date & time scans can't find the fault or cause. (Which I had to do recently.)
While it may not be absolutely necessary to go through this extreme procedure, I find it loathsome that while the PC was unfathomably re-set to the year 2099 my Avast! resident AV had turned itself off no matter what the reason was for the PC year date change.
Because it is more than likely to have been a suspicious action and most likely to have allowed for further unchecked activities with Avast! and other security turned off, I think it would be good to have Avast! still fully function if the year is 'discovered' to be 2099. ;)
Sure this won't prevent similar issues with inexplicable randomly year changes, but for some reason this year 2099 thing is pretty regular and might be a MS Windows default thing anyway, so it would help in these most frequent circumstances of this type of occurrence if Avast! could be somehow set to still fully function if the year 2099 is encountered.
-
Hi Saulius,
You certainly have a problem I've never encountered! Perhaps someone more knowledgeable than I can explain what is happening here.
-
Normally I would suspect the CMOS battery - but that usually reverts to the installation date and time... So 'tis a bit weird
-
@spc3rd
Yes, nothing found even after the likes of SAS and MBAM have been updated and I've even tried more extreme methods with Combo fix etc.
This has happened more than once and I have gone through the process of deleting my system including storage drives for good measure and re-formating and cleaning re-installing W7.
I take it as a sign of a massive system compromise which I heavily suspect it actually is of its self with the re-setting to 2099 and outside of licence end date by too far...
I don't know too much about this really, but because it manages to turn off most security features and programs I assume it's bad even if it is caused by a conflict or through MS ineptitude, although I think it usually occurs with BSOD and a series of failed boot ups with my Asus Mobo which might require the BIOS to be explored. ???
@essexboy
I sometimes have to hit the CMOS re-set button or choose to restore default BIOS settings before actually getting to even boot up into the Asus Mobo BIOS setting and neither of these actions result in a re-setting to the year 2099. In fact IIRC it is only the OS date that is 2099, not the CMOS battery which will still be at current!
-
That combination sounds like a MOBO problem to me
-
This is a very interesting theory that should be taken into account.
A very dangerous exploit if used properly. >:(
-
Sorry Essexboy, I should have also indicated that I remember a few of the BSODs being preceded by a few likely infections, such as odd online behaviour hold ups, 4/504s & redirects, possible bot worm events etc, you know the kinds of things that you just know involved your PC getting infected with something despite all your security, precautions and conscientious browsing. :-[
@!Donovan Um, "A very dangerous exploit if used properly" by whom? (And those parties are the questionable ppls.)
-
@!Donovan Um, "A very dangerous exploit if used properly" by whom? (And those parties are the questionable ppls.)
The malware makers :P
-
The malware makers :P
Exactly, so if I know not what but am sure 'tis some weird horror then the only guaranteed removal for clean system integrity is a complete re-formated install since who knows just what the whatever kind of undetectable recalcitrant probable infection is doing with my system, possibly not even their makers! :'(
-
There is only one at the moment that will survive a re-install
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
(http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif)
-
I'm not saying that I still have the infection, I'm pointing out my experience with a particular suspect issue of my system clock date being re-set to 2099 which has occurred a few times for me and what it results in with regard to the dysfunctionality of Avast! as resident AV (not only own its own in that boat in the situation) and that it could be something that could possibly be addressed.
I am interested to know if anyone else has experienced this 2099 re-setting of the year thing, which I'm positive is only the OS, but it could be the CMOS/BOIs too, but I'm pretty sure it's just the former.
I have used aswMBR quite regularly over many months and in relation to such instances a few times when my system clock has been re-set to the year 2099 and also once I have re-installed it on my clean system after a complete re-formating procedure, anyway I've conducted another scan with it but I think it is clear:
aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 13:47:42
-----------------------------
13:47:42.487 OS Version: Windows 6.1.7601 Service Pack 1
13:47:42.488 Number of processors: 2 586 0x1706
13:47:42.489 ComputerName: SXXX-PC UserName: Sxxx
13:48:18.225 Initialize success
13:48:18.725 AVAST engine defs: 12021802
13:48:40.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:48:40.322 Disk 0 Vendor: WDC_WD3000HLFS-01G6U1 04.04V02 Size: 286168MB BusType: 3
13:48:40.327 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
13:48:40.330 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01106 Size: 953869MB BusType: 3
13:48:40.348 Disk 0 MBR read successfully
13:48:40.352 Disk 0 MBR scan
13:48:40.357 Disk 0 Windows 7 default MBR code
13:48:40.365 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:48:40.385 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286066 MB offset 206848
13:48:40.400 Disk 0 scanning sectors +586070016
13:48:40.442 Disk 0 scanning C:\Windows\system32\drivers
13:48:55.810 Service scanning
13:49:07.733 Modules scanning
13:49:38.394 Disk 0 trace - called modules:
13:49:38.620 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
13:49:38.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85682a38]
13:49:38.635 3 CLASSPNP.SYS[88d8f59e] -> nt!IofCallDriver -> [0x8559b918]
13:49:38.643 5 ACPI.sys[888c73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x855a0908]
13:49:39.173 AVAST engine scan C:\Windows
13:49:40.303 AVAST engine scan C:\Windows\system32
13:50:53.655 AVAST engine scan C:\Windows\system32\drivers
13:51:00.094 AVAST engine scan C:\Users\Sxxx
13:51:38.961 AVAST engine scan C:\ProgramData
13:51:53.323 Scan finished successfully
13:52:31.261 Disk 0 MBR has been saved successfully to "C:\Users\Sxxx\Desktop\MBR.dat"
13:52:31.267 The log file has been saved successfully to "C:\Users\Sxxx\Desktop\aswQuickScan.txt"
-
There is only one at the moment that will survive a re-install
Name, please?
Reason is so one does not waste time trying to clean, but uses another hdd to install.
-
Nope there is no sign of the TDL stealth there so I would assess it to be a hardware problem of some sort
-
clocks being reset on the system (OS) to one or two years earlier have one single reason generally, running an illegal version of Windows. Some "patches" just do that. I've seen it on someone's XP computer, that prevented the system from checking for updates, from checking if Windows was activated, and detect that Windows was not genuine ;D
ps: BSOD's don't do that :D
edit: http://www.microsoft.com/genuine/validate/
-
Using some (small size) Live CD/UFD to check the date/time is an alternative.
In theory, the CMOS, Windows OS and Live CD date/time should be all the same (except, maybe, for some Daylight Saving Time difference).
According to what the Live CD would show, and correcting the CMOS clock, you should be able to identify if the problem is either hardware, the CMOS battery, power failure or some software-related issue.
-
Nope there is no sign of the TDL stealth there so I would assess it to be a hardware problem of some sort
Cheers Essexboy, thanks for your overview of my aswMBR scan log, but after my recent 'double' full reformat/re-install procedure I don't expect to have it now, but I have definitely had something beforehand - I'm not currently experiencing these re-sets to year 2099 anymore ATM.
AFAIK the CMOS Battery is fine, my main source of freezes and crashes are due to unavoidable sound driver issues I believe, but they aren't causing BSODs though, something else must have caused those...
Interestingly a few times in the past I've seen a clear pop up appear in the bottom right hand corner of screen showing up saying that my copy of Windows isn't genuine and requesting that I validate it 'again' by clicking to connect to who knows where? Although if I check things on the system in these cases everything else says otherwise. I ignore it and while it seems to mess with a few things it just goes away after a systems check, delete of temps & a reboot. This isn't happening at the same time as my 2099 re-set thing, OTOH however it might be related or be another example of the same kind of malware exploit.
Actually TBH I rather suspect that may be it could be due to some unidentified backdoor trojan PUP that might be responsible at least in some of my cases, say from something like toolbars, Alfa Autorun Killer, ZA, anything from IObit, IMGBURN or Privex free scanner perhaps along with many others? (I recommend totally avoiding these probable SPYwares of course. ;))
BTW my copy of M$ Windows 7 is from a genuine retail CD with product key and correctly registered, sheesh!
-
When you reinstall Windows, you need to validate it again.
Go to Start menu and right click on "My Computer -> properties". Scroll down the "System" window and at the bottom you should be able to activate your genuine copy of Windows.
I'm not saying this is the reason for your date/time problems. I'm just saying that this might solve some other "quirks". Windows Activation needs to be done every time you install Windows, and should also let you receive ALL Windows Updates.
-
Thanks ady4um for reminding us that after every time one re-installs Windows to validate its Activation to receive All Windows Updates... which I have done (I meant by registered) and after which I er, received all their up-the-dates to hopefully prevent any other "quirks".
The point is that sometimes something can cause these OS clock re-sets to the year 2099 and I'm suggesting it would help if Avast!# remained at least temporarily functional in that kind of maladjusted environment and still do its job rather than succumbing to a faked out of end of licence date hoodwink and instead for the AV to continue to provide protection during similar kinds of 'quirkiness', which especially because it is switching off like most other security while most likely there's an open exploit that probably allows malware to royally backdoor trojanate!
-
If some malware is there (doing whatever), the system needs to be cleaned, independently of avast protecting you with the latest definitions updates or a license. Clean it, ASAP. Have a backup of your data. The rest, doesn't matter *as* much.
Once the system is clean, set the date/time back to normal, and avast should work as usual, with updates and your valid license.
Avast (or any other security tool for that matter) is not AI. There is no way avast can "automagically" understand that the date/time was changed by some malware. If there is such malware already known by avast, then avast would block it on the first place, avoiding the problem altogether.
-
@ ady4um
When this has happened in the past yes, return the clock date back in Windows, (delete temp files & invalid registry entries) validate lic, update and scan with everything, backup data, proceed to reboot & system restore and finally ultimately re-format to ensure a clean system, yada yada etc. :-X
I am not saying that I still have this problem, but that it has occurred on my system in the past a few times for which I have gone to the lengths of re-formating my hard drives, but that is not the issue, just my experience and counter measures taken forthwith, however...
I'm simply just suggesting that Avast! be programmed by the developers so that in these instances of the system clock being maladjusted and re-set to 1/1/2009 that it have in it a built in mechanisim to delay it from being tricked into turning off as out of date suddenly because I believe this is a backdoor trojan exploit technique - it may just be a Windows update bug for all I know, but even so I'd hazard to assume that malware might not still take advantage. How about if Avast! managed somehow to function under those circumstances as I wish, anyone else?
So far no one else has said that they have experienced the same 2099 date re-setting circumstance, well not yet but please do bear in mind that future setting the date has been used as an exploit for fooling programs in the past and no doubt could be taken advantage of by malware, so I'm suggesting that Avast! could 'automajically' understand that the date/time is wacko and continue to function, if only temporarily with say a nag to re-check the date & time before it solemnly ends its own life.
-
Now that battery will cause u weird problems i will tell u a story...
I had a desktop some years ago and and after turning it off and after sometime it was to turn on by itself for some odd reason :P
I called the technician and he said that CMOS Battery was the reason and he replaced it and problem solved ;D
-
Thanks for providing the example of your CMOS Battery technical issue true indian, but whether or not that is my issue or not this wouldn't be something that Avast! could solve since it is hardware based, however it still could attempt to address the circumstances software wise by being coded to handle such situations that a jittery CMOS Battery or that malware could conjure up date/time line wise.
I have provide two examples of future date/time re-settings in this thread, the 1/1/2099 and the randomly conjured one with a faded non-genuine Windows pop-up, plus suggested that malware probably could do this or at the very lest exploit the vulnerability created by this type of out of date - out of life thing and resultant security program suicides. I'm mere suggesting that the Avast! developers might want to address this somehow by ensuring that Avast! could handle the new environment at least temporarily long enough to survive as a functional AV or Suite until the clocks are normalised.
What ever the reason for the inexplicable future date re-setting of clock/s be it a faulty CMOS Battery, the OS, program conflicts, malware or accidentally or intentionally by the PC user - nothing to do with Avast! itself, but perhaps it would be a good thing if Avast! could manage to continue to provide protection effectively until the time is either corrected or a reasonable period is nagged out before being self turned off.
-
I don't want to open again the date issue, but there is a repetitive comment somehow inaccurate in your posts.
Avast is NOT turned off. When the registration (for Free or for Pro / AIS) finishes, the basic functions of avast (Free) will still work. What will stop working are the additional (paid - for) features, and the updates.
So, as I already said, if the source of such hypothetical problem is some malware, then your would come here to the "Viruses and Worms" sub-forum, get help to get rid of the malware, and then restore the normal working state of avast.
There is no reason to over - complicate the hypothetical situation with AI.
-
You are right ady4um, absolutely correct in that by just future setting the date far in to the forward distance outside of the one year life of Avast! doesn't stop it from functioning and only prevents it from updating. I was mistaken in assuming that this complete program suicide always occurred in those circumstances, sorry.
OTOH, the 2099 examples that I have experienced a few times in the past have also involved Avast! to actually stop functioning in its resident AV capacity and I vividly remember seeing the Action Center pop-up screen warnings that I have no AV installed or running present and seeing the red 'X' warning about it from Windows. So that is why I strongly suspect it is something that is caused by a malevolent backdoor trojan. I now don't conclude that this isn't caused by an awry CMOS Battery since it was a circumstance that included the turning off of a running Avast! and other security, but I can't replicate this by simply testing this manually by adjusting the year date forwards in a similar fashion as though by a default or accident in the BIOS or OS.
AS I HAVE REPEATED I AM NOT CURRENTLY HAVING THIS PROBLEM - so I don't have a virus or worm to request help for however my last non-hypothetical experience of this was just two Weeks ago and I believe I have solved my situation (again) by a complete re-formating of the hard drives of my system and hope things are now clean ATM...
Still, I submit it is an interesting idea to perhaps slightly over-complicate Avast! as a bolstering counter measure against such a type of apparently overwhelmingly complicated malware ruse.