Author Topic: This is strange !!  (Read 19782 times)

0 Members and 1 Guest are viewing this topic.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #15 on: September 27, 2003, 11:01:24 AM »
I fixed the probelm of these errors   ;D ;D ;D
- I removed the mail protection
- I removed the "Microsoft Family Logon" from Control Panel> Network (win98se) then re-added it again..  ;)
- I reenabled the mail protection again.
- It works now  ;D ;D ;D
But the problem of not detecting the eicar file still there  ??? ???
MW

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:This is strange !!
« Reply #16 on: September 27, 2003, 01:08:41 PM »
OK fine let's focus on the eicar.com problem (and minacross, you're already senior member, you should know that posting multiple, non-related questions (issues) to the same thread is not ideal... ;)).

The interesting part is that the file is blocked from execution. Someone has to be causing this... If it's avast, you should at least see the file in the 'last scanned filed' entry in the on-access protection dialog. If it's not avast, it must be something else. I've noticed you were saying Nod detected the file - isn't Nod involved here? I mean, don't you have Amon activated (it might be activated even if it says it's inactive...).

Also, don't you have the 'Silent mode' in the Standard Shield's settings on?

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #17 on: September 27, 2003, 02:17:03 PM »
OK fine let's focus on the eicar.com problem (and minacross, you're already senior member, you should know that posting multiple, non-related questions (issues) to the same thread is not ideal... ;)).

sorry for that  :-[

Quote
The interesting part is that the file is blocked from execution. Someone has to be causing this... If it's avast, you should at least see the file in the 'last scanned filed' entry in the on-access protection dialog. If it's not avast, it must be something else. I've noticed you were saying Nod detected the file - isn't Nod involved here? I mean, don't you have Amon activated (it might be activated even if it says it's inactive...).
yes the file is scanned by the standard shield (see attached pic).
I disabled Nod32 by unchecking its modules from the startup menu (I use "Startup Control Panel" from http://www.mlin.net/), not by shutting it down..
Quote
Also, don't you have the 'Silent mode' in the Standard Shield's settings on?

Vlk
No I do not have 'Silent mode' in the Standard shield's settings..
I hope this is helpful to you :)
« Last Edit: September 27, 2003, 02:20:48 PM by minacross »
MW

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #18 on: September 27, 2003, 02:19:19 PM »
the attached pic.. 8)
MW

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re:This is strange !!
« Reply #19 on: September 27, 2003, 02:23:48 PM »
- RS is adjusted to scan created/modifued files as well as opened files(default extension set).

There are some other foruns - seach for mantra´s post - that relate some troubles with the created/modified files & default extension set.
Sometimes, it´s necessary to repeat all the extensions in the text box. If you want, just copy and paste the following line (even if you checked the default extension set):
{*},386,AD?,ASP,ASX,BAS,BAT,BIN,CH?,CLA*,CMD,COM,CPL,CRT,CSS,DLL,DO?,EML,EXE,HLP,HT*,INF,INS,ISP,JS*,LNK, MDB,MDE,MS?,NWS,OCX,OV?,PCD,PDF,PIF,PO?,PP?,PRC,PRF,REG,RTF,SCF,SCR,SCT,SHB,SHS,SWF,SYS,URL,VB?,VSD,VXD,WS?,XL?

Maybe you can add:
ACE,ARC,ARJ,BZIP2,CAB,GZIP,HTM*,PST,RAR,TAR,ZIP,ZOO

I´ll take a look at your avast.ini file lather  ;)
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:This is strange !!
« Reply #20 on: September 27, 2003, 04:47:31 PM »
Wait a moment it's listed in the Last Scanned File field and still is not being detected?!?!

What is the exact size of the file? Can you post the file to the forum?

Thanks
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #21 on: September 27, 2003, 05:20:12 PM »
68 byte.
(I made it .txt file as I could not attach the .com file).. ??? ???
« Last Edit: September 27, 2003, 05:21:10 PM by minacross »
MW

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #22 on: September 27, 2003, 05:23:25 PM »
see..  :o :o
MW

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:This is strange !!
« Reply #23 on: September 27, 2003, 05:35:05 PM »
This must be an anti-virus. Something is blocking access to the file. It's either avast or some other AV program.

It would all make sense because avast is scanning the file (it's shown in Last Scanned File field) but doesn't detect a virus in it (because some other process is blocking access to the file).

Are you sure you don't have any other antivirus active?

Also, try rebooting the machine and when it starts up, disable the avast resident protection. Then try to open the file in Explorer - does it work? If it does it must be actually avast who's blocking access to the file...

Interesting...
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #24 on: September 27, 2003, 07:24:36 PM »
This must be an anti-virus. Something is blocking access to the file. It's either avast or some other AV program.
It would all make sense because avast is scanning the file (it's shown in Last Scanned File field) but doesn't detect a virus in it (because some other process is blocking access to the file).

Are you sure you don't have any other antivirus active?
attached a snap shot of my startup programs, I have no AV loaded but Avast4.  ???
Quote
Also, try rebooting the machine and when it starts up, disable the avast resident protection. Then try to open the file in Explorer - does it work? If it does it must be actually avast who's blocking access to the file...

Interesting...
Vlk

I rebooted the machine and disabled the resident protection (as you can see in the attached pic) the created the eicar.com file.
As I double-clicked on it, I received the same strange error  ??? ???
Do I have to reformat my c: partition and reinstall windows again?  :'( :'( :'( :'( :'( :'( :'(
MW

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:This is strange !!
« Reply #25 on: September 27, 2003, 07:28:22 PM »
Hehe it doesnt have to be a program, it can be a driver. And since you have Nod32 installed, Amon's driver is the obvious tip. Try temporarily renaming all *.vxd files in the nod directory (or they may also be in the system directory)
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #26 on: September 27, 2003, 08:38:18 PM »
Wow,It worked..  ::) ::) ::) ::)  I renamed amon.vxd and nod32m1.vxd. I rebooted, just before loading Windows the booting process was stopped by a missing file (amon.vxd) and asked me to press any key to continue..  ??? ???
I did, and Windows finished loading..
when I tried to create eicar.com the resident protection  detected it at once..  ;D
it seems to be a conflict between Nod32 and Avast4   :'( :'( :'(
Many thanks Vlk for you precious help  ;D ;D ;D

BTW: I think ESET guys have to know about this, so I will post this at Nod32's forum.
« Last Edit: September 27, 2003, 08:40:12 PM by minacross »
MW

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:This is strange !!
« Reply #27 on: September 27, 2003, 08:47:03 PM »
It's NOT imho a conflict. It's a bug (or feature? ;)) in Nod.
Remember that you were not able to access the file even if avast was completely disabled (so it's not a conflict).

Anyway, am glad we've sorted this out.
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re:This is strange !!
« Reply #28 on: September 29, 2003, 04:12:06 AM »
Today I created the file untitled.com with EICAR test string but the standard shield and on-demand scanner did not detect it  ???
When I double-click on it I received the attached error message ..
then I tried to scan it with Nod32...    

Sorry minacross. I lost something in your first post...  :-[
Two antivirus at the same computer always mess everything  :'(
If you want a "backup" (not resident) second av, try BitDefenderPersonal (Free Edition). It is perfectly compatible with avast! (see: http://www.avast.com/forum/index.php?board=1;action=display;threadid=859;start=new).

Thanks, Vlk.  ;)
The best things in life are free.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:This is strange !!
« Reply #29 on: September 29, 2003, 09:43:05 AM »
thanx Technical  ;D
MW