Author Topic: AVAST 2016 R1 SP1 (2016.11.1.2245) weird behaviour?  (Read 1852 times)

0 Members and 1 Guest are viewing this topic.

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
AVAST 2016 R1 SP1 (2016.11.1.2245) weird behaviour?
« on: December 02, 2015, 01:43:08 PM »
OS: WinXP SP3 x86 fully patched and with PosReady Nov 2015 updates

running  AVAST 2016 R1 SP1 (2016.11.1.2245) freshly installed today, i tried to run a chkdsk c: (i.e. a read-only check), and i'm getting phantom missing file errors, almost as if it were a rootkit. Not sure if its specific to 2016 R1 SP1 (2016.11.1.2245) as i haven't run a chkdsk on this system in 3...4 months.

Code: [Select]
C:\WINDOWS>chkdsk c:
The type of the file system is NTFS.
Volume label is _SYSDISK_

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is recovering lost files.
Recovering orphaned file part-vps_win32-15120101.vpx (39114) into directory file
 26385.
Recovering orphaned file jrog2-f61.vpx (39253) into directory file 26385.
Recovering orphaned file vps_32-11d0.vpx (46334) into directory file 26385.
Recovering orphaned file vps_win32-11db.vpx (46619) into directory file 26385.
Recovering orphaned file 15120200_stream (58063) into directory file 27826.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the uppercase file.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

  46082420 KB total disk space.
  12259280 KB in 52328 files.
     14592 KB in 9120 indexes.
         0 KB in bad sectors.
    186308 KB in use by the system.
     65536 KB occupied by the log file.
  33622240 KB available on disk.

      4096 bytes in each allocation unit.
  11520605 total allocation units on disk.
   8405560 allocation units available on disk.

rebooting the system, booting from a Windows 10 (1511) boot dvd and running a chkdsk /f from the Win10 rescue mode command prompt shows that  no errors are found on the filesystem.

Why is Avast doing this and preventing even CHKDSK from verifying the disk in read-only mode?
« Last Edit: December 02, 2015, 03:17:23 PM by Aditza »

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
Re: AVAST 2016 R1 SP1 (2016.11.1.2245) rootkit behaviour?
« Reply #1 on: December 02, 2015, 02:00:41 PM »
update: after the initial chkdsk error, seems that running it multiple times will generate error messages for different files each time... but all are related to missing files from the NTFS index.


attachments below...

i scanned the system with the BitDefender rescue boot cd (i allowed it to use live update before scan) ... it looks clean even for BD...

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31309
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: AVAST 2016 R1 SP1 (2016.11.1.2245) rootkit behaviour?
« Reply #2 on: December 02, 2015, 02:19:00 PM »
avast has nothing to do with this.

Checkdisk didn't gave a error.
Checkdisk is simply reporting that it found some orphan files and they happen to be from avast, but could have just as well be from any other application.

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
Re: AVAST 2016 R1 SP1 (2016.11.1.2245) weird behaviour?
« Reply #3 on: December 02, 2015, 03:25:13 PM »
after some poking around... a few reboots and a full avast reinstall from scratch... i came to the same conclusion... Microsoft patched the NTFS filesystem and kernel logic in the WinXP GUI but they did not bother to update the command line tools.

checking the disks with right-click on drive -> properties -> tools -> Error checking -> "check now" button gives the message "Check complete" after analysis, even when the command line chkdsk complains about weird errors.

i guess i'll file this problem under the "yet another reason to drop WinXP"  category...