Author Topic: Temptation...  (Read 55045 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Tentation...
« Reply #30 on: December 10, 2005, 01:49:46 AM »
Sasha, did you test what Igor posted?
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33378
  • malware fighter
Re: Tentation...
« Reply #31 on: December 10, 2005, 01:54:56 AM »
Howdy Sasza,

What do you think then that is at the root of this? What did the previous discussion in a long thread result to? If you do a scan with ClamWin, well a full one, it is a real murder, you know. Like dragging a dead horse across the desert. I know the good old A-squared scanner could not be dragged along,and this is better now. A full scan with DrWebCureIt of a whole 80 GB Windows XP machine, it is a mere 15 minutes plus 3 minutes mem scan before that. I am curious in what direction you think, my friend. Use  A really small App to see where is the hog on the cyscles.

pozdrawiam,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #32 on: December 10, 2005, 02:00:40 AM »
I'm still not talking about the amount of the time avast! uses while I use on-demand scann. I said that in few replies. My concern is speed of the boot time after we enter Logging name and password and form the moment Windows kicks in...

See here, just few replies in the past...

Quote
...I don't have problems with scanning doing its job even if it takes 2-3 hours... why ? Because I don't perform system scans every 5 minutes, doh. I don't need it to be fast, I just want it to be accurate, nothing else.

What is my main concern is the fact that many people already reported those boot-time slowdowns... what is being scanned all the time when I don't have anything in my startup items, nothing of some significance anyway...
« Last Edit: December 10, 2005, 02:02:56 AM by S.Z.Craftec »
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #33 on: December 10, 2005, 02:04:10 AM »
Sasha, did you test what Igor posted?

Not yet, have to do that... I just checked OK files inside Resident Protection task Report file settings...

Doing reboot right now... ugh... gone already...  ;D
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #34 on: December 10, 2005, 02:16:55 AM »
Now this is even more weird than it was... Just like Igor said, boot time prolonged up to whole 3-4 minutes... and this is what I get inside the Resident Protection.txt file (report file):

Code: [Select]
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on December 9, 2005 8:11:04 PM
* VPS: 0549-4, 09/12/2005
*

And that's all... nothing else, not a single thing inside... am I looking at wrong file by any chance ?  ???

This is how report file settings are set on my end:

MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Tentation...
« Reply #35 on: December 10, 2005, 02:24:54 AM »
Now this is even more weird than it was...
I love misteries  ;D
The best things in life are free.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #36 on: December 10, 2005, 02:26:38 AM »
Ok first time I had OVERWRITE EXISTING option checked (even though you can't see that on my screenshot, I took it after I unchecked that option), so I have no clue was that somehow causing my empty report file... I tried the same thing for the second time, but this time I unchecked that option.

Right now my boot time (I actually measured it with my stop-watch) was 1 minute 58 seconds. Report file size is 69,331 bytes (around 70 kb). It's full of stuff inside so I guess I have to go through everything slowly...
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #37 on: December 10, 2005, 02:37:14 AM »
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\LIBPNG.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\ZLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PYTHON.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\GIFLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCP71.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MFC71U.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\ENGLISH\RESOURCES\FIREWORKS RESOURCES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MMXPTRESOURCES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSEXTENSIONS\MMNOTES.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\EMLAUNCH.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\MIX32.X32 [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\FREEHAND READER.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\PLUG-INS\GSDLL32.DLL [+] is OK[/color]

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Literally hundreds of QuickTime entries scanned (I don't even use it...)

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://web.icq.com/whitepages/online?icq=341214661&img=5 [+] is OK
http://status.icq.com/online.gif?icq=341214661&img=5 [+] is OK
http://img466.imageshack.us/img466/4544/untitled94fk.jpg [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
C:\Documents and Settings\Alienator\Local Settings\Temporary Internet Files\Content.IE5\G5QJ85AF\spellcheck[1].js [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?action=post;msg=152753;topic=17951.30;sesc=3394713570d5726505db76f2cd9980d9 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK
http://forum.avast.com/index.php?topic=17951.msg152753#msg152753 [+] is OK[/color]

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

Then I found this somewhere around the middle of the file:

Code: [Select]
[color=Red]*
* Task stopped: December 9, 2005 8:18:50 PM
* Run-time was 4 minute(s), 9 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on December 9, 2005 8:20:05 PM
* VPS: 0549-4, 09/12/2005
*[/color]

... and then literally hundreds of different programs and program parts being scanned, and many of those programs I haven't used in months...

Igor, just wanted to thank you for your respond and interest you showed... thanks a lot my friend ! But I will still need your assistance since I have no clue why all these entries are being scanned all over again...
« Last Edit: December 10, 2005, 02:48:31 AM by S.Z.Craftec »
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33378
  • malware fighter
Re: Tentation...
« Reply #38 on: December 10, 2005, 02:09:50 PM »
Hey Sasza,

Aren't these temp files, know this stuff can grow exponentially, like flash files.
What are they?

greets,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: Tentation...
« Reply #39 on: December 10, 2005, 02:23:13 PM »
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
...

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Either it has to be started from somewhere, or something (some other program) is "scanning" the files. If it were just the EXE file, I'd say that Explorer is touching it to extract the icon for the Start Menu - but if it's even the accompanying DLLs, it must be something else.

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
...

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

The whole resident protection uses the report file, including the Web Shield. Maybe you were browsing the forum?


Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #40 on: December 10, 2005, 02:43:49 PM »
Hey Sasza,

Aren't these temp files, know this stuff can grow exponentially, like flash files.
What are they?

greets,

polonus

No I don't believe those are temp files... although I am not sure about those avast! forum entries, and why they are in there in the first place. Believe me or not, I have a nasty habbit to clean IE's cashe (All offline files as well) every single time I close my IE. It takes me just few seconds and I like to clean those information, especially after I visit my online banking page. How come those avast! forum entries are there ? Or are those maybe cookies or something, because I know I allowed just avast! forum cookies to be created and not erased since my sessions tend to expire a lot in this forum... and it still happens no matter what I do...

As far as Macromedia Fireworks entries goes, those are DLL (system) files...

Regarding Flash cache Polonus... all those files are being erased the second I open my SWF cache viewer. I always clean them all, because I don't need those files to be cached and stored on my computer. All SWF or FLA (flash source files) I need are my own Flash files (my flash projects and web sites) stored on 2 of my backup hard drives, nothing else.

« Last Edit: December 10, 2005, 02:56:07 PM by S.Z.Craftec »
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #41 on: December 10, 2005, 02:49:02 PM »
Update... among million of other things I immediatelly ran on this:

Code: [Select]
[color=Red]C:\Program Files\Macromedia\Fireworks 8\Fireworks.exe [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\SN.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\JSLIB.DLL [+] is OK
C:\PROGRAM FILES\MACROMEDIA\FIREWORKS 8\MSVCR71.DLL [+] is OK
...

What's that all about... none of my programs run at startup, especially not that heavey programs from Macromedia I use for my web design business...  ???

Either it has to be started from somewhere, or something (some other program) is "scanning" the files. If it were just the EXE file, I'd say that Explorer is touching it to extract the icon for the Start Menu - but if it's even the accompanying DLLs, it must be something else.

Code: [Select]
[color=Red]http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
http://forum.avast.com/index.php?topic=17951.new#new [+] is OK
...

Why those avast! forum pages are being checked ? Am I really stupid and I don't understand this matter, or I'm just simply terribly missing something ?

The whole resident protection uses the report file, including the Web Shield. Maybe you were browsing the forum?

Thanks Igor, thanks again... I don't know but I don't see any possiblity that something could even request any kind of information from Fireworks. It's just a drawing utility like Photoshop is. I also have Photoshop CS2 installed, and I never saw any of those entries in report file... what's your suggestion ? How can we narrow it down to find out what's trying to dig through those applications ?

Yes I always browse these forums but as I said to Polonus in my previous reply, I always clean IE cashe manually, including all off-line files... always. Why those entries are beiung scanned all over again each time I enter Windows if I erased them previously, and how is it even possible if they are not there ?

Regards
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #42 on: December 10, 2005, 03:53:01 PM »
Also maybe this has nothing to do with anything related in this thread, but still while we are at cache... I've noticed this forum engine behavior few times...



I had to cut the part of the Window just to be able to show you both, the top of the page and the bottom of the page... Spot that I am logged-out of the forum... not signed in... and still my nick-name is listed down there among other online members  ???
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: Tentation...
« Reply #43 on: December 10, 2005, 04:10:37 PM »
Yes I always browse these forums but as I said to Polonus in my previous reply, I always clean IE cashe manually, including all off-line files... always. Why those entries are being scanned all over again each time I enter Windows if I erased them previously, and how is it even possible if they are not there?

Well, the files certainly aren't scanned if they aren't there. Maybe it was the report from your previous Windows session, before you deleted them?

Quote
Also maybe this has nothing to do with anything related in this thread, but still while we are at cache... I've noticed this forum engine behavior few times...

I also found it strange for some time - but then I read the label properly ;)
It says: "Users active in past 15 minutes"... meaning that your name may appear there even if you're logged of for 15 minutes already.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Tentation...
« Reply #44 on: December 10, 2005, 04:28:39 PM »
Yes Igor and that's just I forgot to put that in my latest reply... I saw that 15 minutes note, but always (almost always) it loggs me off as soon as I log-off. My name disappears immediatelly... that's why I asked about that...

I just have no clue whay Macromedia Fireworks entries are being scanned over and over again... how to find out those things. I can't uninstall that program, it's my life  ;D
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s