Author Topic: New Avast User - Not scanning Network files.  (Read 16626 times)

0 Members and 1 Guest are viewing this topic.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
New Avast User - Not scanning Network files.
« on: February 21, 2005, 04:06:46 AM »
Hey All,

I'm testing out Avast 4.63 for the first time. I've been using AVG which I fine great but thought I would try another for fun. I have found that if you remove all the lame skins that the memory use is much lower than AVG which is nice.  But I've run across what seems to be a serious problem. I know the scanning is working as I downloaded the eicar virus to several different places and whenever I open the folder containing the virus it detects it. However I decided to download it to my linux box which I have shared through SAMBA. After I downloaded the Virus. I then went to Explorer and opened \\tambu\tambu and the folder came up with the virus but it never scanned it. I even enabled those annoying popups that show every file being scanned and nothing gets scanned from a windows share. But wait it gets weirder... If I rename the file to eicar2.com instead of eicar.com AVAST actually scans the file but doesn't detect anything?!?!??! I'm like baffled. If I copy the file from my linux share to my windows share Avast detects the virus. and if I force scan the file on the linux share it detects the virus. The really scary thing... I can execute the file without Avast detecting the Virus. Could someone please tell me what the heck is going on? I've looked over all the options several times and I can't find any reason for this. I hate to be a killjoy but this is a killer point for me if Avast doesn't scan networks I will have to go back to AVG. 

I currently have P2P Shield, Network Shield, Internet Mail, Standard Shield all running. They are all set to Normal. I tried High but this didn't detect them either.

I also have all the latest updates. Please let me know if I have missed something obvious but I've also put the eicar.com file on my brothers windows machine and go to it via windows sharing and again Avast doesn't detect the virus. (I had to disable his norton antivirus since it kept detect it :P )


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31302
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: New Avast User - Not scanning Network files.
« Reply #1 on: February 21, 2005, 04:39:55 AM »
So you are saying that if you are on the windows system and open the file on the linux system, Avast doesn't detect it?

Do I understand you correctly?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #2 on: February 21, 2005, 08:59:19 AM »
Yeah, this is because the avast service runs under the "LocalSystem" account which has full access to all local resources but no access to the network. This can be easily changed. Go to Control Panel -> Administrative Tools -> Services, open the properties of the "avast antivirus" service, and on the Log On tab, enter an account that has
- local administrative rights
- at least read-only access to the network resources

This will definitely solve the problem.

BTW if you look at the avast log files, you'll see that an error was log for each attempt to access a network file, with error code 5 (Access Denied).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #3 on: February 21, 2005, 11:40:10 PM »
I did what you suggested and changed the services to my Account that I login as Tambu and then restarted the services but it still doesn't detect the network virus. Also I went under my log viewer for Avast and where you said it should be showing Errors its blank/empty. I even went and changed the logging to Debug and nothing shows up anywhere but on Warnings (for when I manually scanned the virus file) Notice and Info which contained nothing important. My Tambu user is the Computer Administrator and is the account I login to the linux shares with.

Also I went over to my brothers machine and I opened up the linux share (he runs NAV2004) It didn't scan the file when I opened the directory but when I tried to run the eicar.com file it instantly found the virus and erased it. Whereas Avast let me run the infected file. I check under Task Manager and NAV is running as Local Service.

From what your telling me. It looks like my Avast is just flat out not scanning the files since nothing shows up in the log.

I am gonna try uninstalling and reinstalling AVAST but I don't see how this would help.

Thanks for your input I would appreciate any further thoughts.

Tambu

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31302
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: New Avast User - Not scanning Network files.
« Reply #4 on: February 22, 2005, 02:20:33 AM »
Uninstalling/reinstalling won't help, since avast isn't broken.
Are you sure you made the correct changes as Vlk suggested?

You need to set the login permission in sevices to a account that has administrator rights on the Windows systems, not to the account you use to login to your Linux box.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #5 on: February 22, 2005, 09:09:16 AM »
Strange really. I've just retested here on our network and it worked just fine (both on-exec and on-copy)..
What about Windows shares - does avast see viruses on those?

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #6 on: February 23, 2005, 02:26:31 AM »
Ok I refollowed the directions and used Administrator as the "Log On As" type for all the Avast programs. I then went and executed the eicar.com file off my linux share and it executed without detecting a virus. I should also note that I activated the popup virus scanns on the Standard Shield and it shows Avast as scanning the file and ignoring the virus in it. I appreciate your responses and would ask for more instructions.

As to the second question Yes I can execute the virus off a windows share as well as a linux share.

To show you that I'm not a raving loon I've included several screenshots.  The first screenshot will show: the Computer Management\Services screen with all AVAST set to Administrator, also the Task Manager with all AVAST running as Administrator, It shows the AVAST Popups showing that z:\test\eicar.com is SCANNED and ignored. I even managed to catch the dos screen with the EICAR virus executing and printing out its warning. Hopefully this may help you guys figure out the problem.

1st Screenshot (Shows executing and ignoring of the Eicar.exe virus with AVAST as administrator.)
http://members.cox.net/~tambu/Avast%20Problem.JPG

2nd Screenshot (Shows AVAST running as Local Service with the same effect.)
http://members.cox.net/~tambu/Avast%20Problem%20-%20Local%20System.JPG

3rd Screenshot (Show what happens when I try to copy the eicar.com file to my Windows Box)
http://members.cox.net/~tambu/Avast%20Problem%20-%20Virus.JPG

I hope these help you guys figure out the problem or tell me what I'm doing wrong. I do a lot of network sharing and if I can't get Avast to scan files properly I can't possibly use it.

Also if AVAST must be running as Administrator to scan network files, why doesn't norton? My brother's computer has Nav2004 and although it doesn't scan the files when I enter the directory it does prevent the eicar.com file from executing and tells me its a virus. Please don't take this as a flame thing I personally hate norton but I'm just trying to understand. To me network scanning is a requirement and it seems odd that you would not make Avast run as administrator to begin with if its required.



Thanks
Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #7 on: February 23, 2005, 12:17:48 PM »
Hi Tambu, first thanks for the screenshots, they were very helpful.
One thing I noticed is that you changed the service log on info to the account ".\Administrator" but you're actually logged on as user "Tambu". Are you sure the user Administrator has access to the network shares? (Tambu presumably does as you have the network share open in one of the Explorer windows :)).
So, provided Tambu has local admin rights, I'd suggest changing the log on account for the service to .\Tambu instead of .\Administrator. Please note that you have to change only the "avast Antivirus" service, the rest will be fine with LocalSystem. Let's see if it makes any difference. :)

Quote
Also if AVAST must be running as Administrator to scan network files, why doesn't norton? My brother's computer has Nav2004 and although it doesn't scan the files when I enter the directory it does prevent the eicar.com file from executing and tells me its a virus. Please don't take this as a flame thing I personally hate norton but I'm just trying to understand. To me network scanning is a requirement and it seems odd that you would not make Avast run as administrator to begin with if its required.

Good question. The reason is not very hard to deduce, actually. Norton (starting with version 2003 I believe) moved its on-access scanning engine to kernel mode (runs inside the kernel-mode file system filter driver). Thus, it can access the file in context of the process that made the original request (which is quite good). However, that's probably the only advantage of this approach (maybe together with a slight performance gain). There is a number of cons, though. For example:
- kernel-mode code is quite fragile, in the sense that every bug usually causes a blue screen
- there's no chance of using 3rd party libraries e.g. for unpacking (forget complicated unpackers like RAR, 7ZIP or AsProtect)


Hope this helps,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #8 on: February 23, 2005, 02:26:26 PM »
Hey Vlk,

I have already done the log on user as ./Tambu when you originally said to use a user that has rights. I changed it to Administrator per Eddy's request since he didn't believe Tambu had sufficient rights. Tambu is a Computer Administrator User and has access to all the files. Also Administrator would also have access since these are open shares.  So I believe I've done everything suggested. Is there another option I can try?

Thanks
Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #9 on: February 23, 2005, 04:48:53 PM »
What if you add COM to the list of extensions that Standard Shield should scan on open?
Would that make any difference?

Also, could you please copy'n'paste the whole file <avast>\data\log\error.log ?

EDIT: I meant warning.log, not error.log

Thx
Vlk
« Last Edit: February 23, 2005, 04:57:55 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #10 on: February 24, 2005, 01:57:03 AM »
Ok I added COM to the list of extensions scanned on open. (I also did .COM as its not clear if your supposed to include the .) With either way Avast still opens the eicar.com file without finding the virus.

Here is the requested warning.log, Please note that where it says it found the virus was either when I manually scanned the file or when I tried to copy the file to my desktop.

2/21/2005   4:54:08 PM   1109026448   Tambu   3692   Sign of "EICAR Test-NOT virus!!" has been found in "Z:\eicar.txt" file. 
2/21/2005   4:56:41 PM   1109026601   Tambu   3072   Sign of "EICAR Test-NOT virus!!" has been found in "C:\Documents and Settings\Tambu\Desktop\eicar.txt" file. 
2/21/2005   4:56:56 PM   1109026616   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\Documents and Settings\Tambu\Desktop\eicar.com" file. 
2/21/2005   5:04:42 PM   1109027082   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\TAMBU\DESKTOP\EICAR.COM" file. 
2/21/2005   5:04:50 PM   1109027090   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\TAMBU\DESKTOP\EICAR.COM" file. 
2/21/2005   5:04:57 PM   1109027097   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\TAMBU\DESKTOP\EICAR.COM" file. 
2/21/2005   5:04:59 PM   1109027099   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\DOCUME~1\TAMBU\DESKTOP\EICAR.COM" file. 
2/21/2005   5:07:31 PM   1109027251   SYSTEM   1752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\RECYCLER\S-1-5-21-1957994488-1532298954-725345543-1003\Dc46.com" file. 
2/22/2005   7:14:25 AM   1109078065   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp (E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp) returning error, 0000A48F. 
2/22/2005   7:15:14 AM   1109078114   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp (E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp) returning error, 0000A48F. 
2/22/2005   7:15:54 AM   1109078154   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp (E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp) returning error, 0000A48F. 
2/22/2005   7:17:28 AM   1109078248   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp (E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp) returning error, 0000A48F. 
2/22/2005   7:18:20 AM   1109078300   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp (E:\P2P\Downloads\Temp\WIN95.ISO.55MFM2RI6P5HAIFJMZZLF7N3S5ARZAARFE32XBI.dctmp) returning error, 0000A48F. 
2/22/2005   7:30:24 AM   1109079024   SYSTEM   1752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\Fade Image.fla.A27SX7QDYZCC4ZWDTXOCD7FNRP7KUGEY64QLHYY.dctmp (E:\P2P\Downloads\Temp\Fade Image.fla.A27SX7QDYZCC4ZWDTXOCD7FNRP7KUGEY64QLHYY.dctmp) returning error, 0000A477. 
2/22/2005   7:07:43 PM   1109120863   Administrator   3216   Sign of "EICAR Test-NOT virus!!" has been found in "C:\Documents and Settings\Tambu\Desktop\eicar.com" file. 
2/22/2005   7:12:17 PM   1109121137   SYSTEM   3752   Sign of "EICAR Test-NOT virus!!" has been found in "C:\RECYCLER\S-1-5-21-1957994488-1532298954-725345543-1003\Dc56.com" file. 
2/22/2005   7:44:56 PM   1109123096   SYSTEM   3752   AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: E:\P2P\Downloads\Temp\Booting_CD_Windows_95,98,ME,2000,XP.ISO.QVRKOF4CARMXXW5HYUHE7KBYLMZCZOL6NNIWPZQ.dctmp (E:\P2P\Downloads\Temp\Booting_CD_Windows_95,98,ME,2000,XP.ISO.QVRKOF4CARMXXW5HYUHE7KBYLMZCZOL6NNIWPZQ.dctmp) returning error, 0000A48F. 




Thanks
Tambu

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #11 on: February 26, 2005, 01:33:19 AM »
Bump!... Still with me Vlk? I pasted the log file for you any new thoughts?
Thanks
Tambu

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #12 on: February 26, 2005, 03:31:36 PM »
Ok I decided to test to see if Avast would work any different on a different computer. I loaded the latest version as of 2/24/05 onto my laptop. I tested to see if it would find the eicar.com virus in my linux or windows share.

1. When opening the directory with eicar.com inside = Not Detected (though NAV or AVG doesn't either)

2. When opening the actual eicar.com file = AVAST fails to detect the virus and opens the file.

3. When copying the file from a Linux Share to another directory on the Linux Share = Avast doesn't find the virus.

4. When copying the file from Linux Share to Windows Share = AVAST finds the VIRUS

I would still love to use this program I like many of the features it has over other free based scanners but I must get it to scan network files.

Thanks
Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #13 on: February 26, 2005, 05:11:34 PM »
Hi Tambu,

OK, let's do an experiment.
Please follow these steps:

1. kill all running avast components - namely: ashDisp.exe, ashServ.exe, ashMaiSv.exe and ashWebSv.exe (and also Outlook.exe if you're using Outlook - because of the avast plugin).

2. Download http://www2.asw.cz/misc/aavm4h.zip and extract its contents to the avast folder. It should be possible to overwrite the existing version of Aavm4h.dll thanks to step 1.

3. Restart avast. I.e from Control Panel -> Adminsitrative Tools -> Services start the "avast! Antivirus" service, and also run ashDisp.exe by directly executing it from the avast folder.

4. Download and run "DebugView" http://www.sysinternals.com/files/dbgvnt.zip

5. Simulate the problem

6. Post the dumps emitted to the DebugView window.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Tambu

  • Newbie
  • *
  • Posts: 18
  • I'm a llama!
Re: New Avast User - Not scanning Network files.
« Reply #14 on: February 27, 2005, 07:46:04 AM »
Here is the log output as requested.. not sure what the .dll is for but I don't think it.. or the logger is very stable it locked up my machine the first time I tried your suggestions. I ran the eicar.com file several times (without detection) and then I copied the file to my desktop (which did detect it.)

Thanks for sticking with me Vlk
Tambu


00000354   49.55169833   [484] Called avfilesScanReal - return code 0.
00000355   49.55197686   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000356   49.55231349   [484] C:\WINDOWS\SYSTEM32\WUAUENG.DLL
00000357   49.59138438   [484] Called avfilesScanReal - return code 0.
00000358   49.59166067   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000359   49.59209732   [484] C:\WINDOWS\SYSTEM32\ADVPACK.DLL
00000360   49.59794136   [484] Called avfilesScanReal - return code 0.
00000361   49.59836795   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000362   49.59876604   [484] C:\WINDOWS\SYSTEM32\ESENT.DLL
00000363   49.64860981   [484] Called avfilesScanReal - return code 0.
00000364   49.64888666   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000365   49.64930906   [484] C:\WINDOWS\SYSTEM32\WTSAPI32.DLL
00000366   49.65643762   [484] Called avfilesScanReal - return code 0.
00000367   49.65672201   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000368   49.65821215   [484] C:\WINDOWS\SYSTEM32\WINSTA.DLL
00000369   49.66356534   [484] Called avfilesScanReal - return code 0.
00000370   49.66385057   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000371   49.66427214   [484] C:\WINDOWS\SYSTEM32\NETAPI32.DLL
00000372   49.68186487   [484] Called avfilesScanReal - return code 0.
00000373   49.68216352   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000374   49.68258815   [484] C:\WINDOWS\SYSTEM32\WINSPOOL.DRV
00000375   49.69378622   [484] Called avfilesScanReal - return code 0.
00000376   49.69406531   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000377   49.69446033   [484] C:\WINDOWS\SYSTEM32\SETUPAPI.DLL
00000378   49.73426427   [484] Called avfilesScanReal - return code 0.
00000379   49.73453106   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000380   49.73496687   [484] C:\WINDOWS\SYSTEM32\WINHTTP.DLL
00000381   49.76115819   [484] Called avfilesScanReal - return code 0.
00000382   49.76145516   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000383   49.76188566   [484] C:\WINDOWS\SYSTEM32\WINTRUST.DLL
00000384   49.77773097   [484] Called avfilesScanReal - return code 0.
00000385   49.77804805   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000386   49.77843916   [484] C:\WINDOWS\SYSTEM32\IMAGEHLP.DLL
00000387   49.79315695   [484] Called avfilesScanReal - return code 0.
00000388   49.79342710   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000389   49.79383609   [484] C:\WINDOWS\SYSTEM32\CABINET.DLL
00000390   49.80228269   [484] Called avfilesScanReal - return code 0.
00000391   49.80257463   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000392   49.80306408   [484] C:\WINDOWS\SYSTEM32\MSPATCHA.DLL
00000393   49.80512244   [484] Called avfilesScanReal - return code 0.
00000394   49.80539231   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000395   49.80576274   [484] C:\WINDOWS\SYSTEM32\SFC.DLL
00000396   49.80917239   [484] Called avfilesScanReal - return code 0.
00000397   49.80942690   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000398   49.80979007   [484] C:\WINDOWS\SYSTEM32\SFC_OS.DLL
00000399   49.81651020   [484] Called avfilesScanReal - return code 0.
00000400   49.81679208   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000401   49.81716280   [484] C:\WINDOWS\SYSTEM32\MSIMG32.DLL
00000402   49.82970154   [484] Called avfilesScanReal - return code 0.
00000403   49.83002868   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000404   49.83044577   [484] C:\WINDOWS\SYSTEM32\SHIMENG.DLL
00000405   49.84029507   [484] Called avfilesScanReal - return code 0.
00000406   49.84072417   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000407   49.84114294   [484] C:\WINDOWS\SYSTEM32\MSACM32.DLL
00000408   49.85169735   [484] Called avfilesScanReal - return code 0.
00000409   49.85234604   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000410   49.85277570   [484] C:\WINDOWS\SYSTEM32\WINLOGON.EXE
00000411   49.88099465   [484] Called avfilesScanReal - return code 0.
00000412   49.88136984   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000413   49.88180146   [484] C:\WINDOWS\SYSTEM32\CLBCATQ.DLL
00000414   49.90544748   [484] Called avfilesScanReal - return code 0.
00000415   49.90573215   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000416   49.90610399   [484] C:\WINDOWS\SYSTEM32\COMRES.DLL
00000417   49.92231862   [484] Called avfilesScanReal - return code 0.
00000418   49.93383153   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000419   49.93421203   [484] C:\WINDOWS\SYSTEM32\WUPS.DLL
00000420   49.93693305   [484] Called avfilesScanReal - return code 0.
00000421   52.73680677   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000422   52.73715319   [484] C:\Documents and Settings\Tambu\Desktop\eicar.com
00000423   52.73724314   [484] Called avfilesScanReal - return code 0.
00000424   58.42566360   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000425   58.42601476   [484] C:\RECYCLER\S-1-5-21-1957994488-1532298954-725345543-1003\Dc91.com
00000426   58.42610835   [484] Called avfilesScanReal - return code 0.