Author Topic: Avast! file ngiodriver running during definition updates.  (Read 16732 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #15 on: June 07, 2016, 12:52:37 AM »
NG has been removed/disabled. Probably just a remnant.

Hmm... :/ It can't be a remnant, because, as I've mentioned a few times in this thread... this is a FRESH install of 11.2.2262. I did it today and this weird behaviour began around a couple of days ago. But even after a fresh install... it is still persisting.

And if NG is disabled... then why are some of the files associated with it still around? This ngiodriver_x64_ais.8d6.vpx and ngiodriver_x86_ais.8d6.vpx are still around and they seem to be associated with NG.

I also noticed something else odd when I read the Avast Update Log in Persistent Data... in the log, during a check for updates it keeps mentioning that it did not install software protection for my browsers? :/

"Checking for updates has started.
[2016-06-06 21:39:36] [info   ] [chromesp       ] [ 2748: 3888] Delayed Chrome SP installation
[2016-06-06 21:39:36] [info   ] [chromesp       ] [ 2748: 3888] Waiting for 5 days from Avast installation (install time: 1465249176, current time: 1465217774)
[2016-06-06 21:39:36] [info   ] [firefoxsp      ] [ 2748: 3888] Delayed Firefox SP installation
[2016-06-06 21:39:36] [info   ] [firefoxsp      ] [ 2748: 3888] Waiting for 5 days from Avast installation (install time: 1465249176, current time: 1465217774)
[2016-06-06 21:39:36] [warning] [chromeaos      ] [ 2748: 3888] Chrome was not installed by Avast."

Why is it doing this? I unticked everything but the Shield Protection when I installed Avast! Including Browser protection... and told Avast! that I didn't want chrome installed either.
« Last Edit: June 07, 2016, 12:55:33 AM by Braver »

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: Avast! file ngiodriver running during definition updates.
« Reply #16 on: June 07, 2016, 01:07:57 AM »
Could always check Control Panel /programs and feature (add/remove XP)/ avast /modify
to see if either NG or Secure VM is checked.
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #17 on: June 07, 2016, 03:11:50 AM »
Could always check Control Panel /programs and feature (add/remove XP)/ avast /modify
to see if either NG or Secure VM is checked.

How do you do that? I'm on Windows 7 and when I try to "change" it just lists the features I had the option to install when I first installed it... and at this point... I'm stumped.

I even tried another fresh install moments ago, but this time, removing all traces of avast in any folder or registry entry... reinstalled, it did nothing. Still getting the weird ngiodriver thing happening.

Sometimes, when the instup runs, AvastBugReport runs as well. Probably meaning the installer crashed, which is why the second instup process runs.

Does anyone know what windows services Avast relies on to update it's virus definitions? Cause I've been having problems with my computer lately... some svchost processes are sluggish to start... does Avast!'s installer rely on anything to do with the Background Intelligent Transfer Service or Windows Update by any chance?

Seems to me something on my system may be corrupt... though it's weird because these other problems have been going on for about a week or more and these ngiodriver problems with avast only started a couple days ago. :/
« Last Edit: June 07, 2016, 03:13:45 AM by Braver »

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: Avast! file ngiodriver running during definition updates.
« Reply #18 on: June 07, 2016, 04:15:26 AM »
I would uninstall, reboot and then run avastclear.  This will advise you, and intitiate, a boot to safemode
with networking.  Allow this and avastclear will do it's thing and then you can reboot back to normal mode.

Have the offline installer ready. start the new install, and choose custom install.  Select only the items you want.

https://forum.avast.com/index.php?topic=185928.0
https://www.avast.com/en-us/uninstall-utility
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #19 on: June 07, 2016, 05:06:25 AM »
I would uninstall, reboot and then run avastclear.  This will advise you, and intitiate, a boot to safemode
with networking.  Allow this and avastclear will do it's thing and then you can reboot back to normal mode.

Have the offline installer ready. start the new install, and choose custom install.  Select only the items you want.

https://forum.avast.com/index.php?topic=185928.0
https://www.avast.com/en-us/uninstall-utility

I ran avastclear many many times already. And fresh installed the Antivirus but the problem doesn't go away.

When I install the antivirus, I only choose the base shields and untick everything else. But for some odd reason I'm seeing things in the log that says the antivirus is still trying to install something...

Here's an example:

[2016-06-07 02:14:32] [info   ] [instupcore     ] [ 1824: 1828] Checking for updates has started.
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Delayed Chrome SP installation
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Delayed Firefox SP installation
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [warning] [chromeaos      ] [ 1824: 1828] Chrome was not installed by Avast.

Have no clue why this is appearing since I refused to install the Chrome browser on the setup and I also unticked everything else but the main shields as well. :/

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast! file ngiodriver running during definition updates.
« Reply #20 on: June 07, 2016, 07:58:44 AM »
Quote
It can't be a remnant, because, as I've mentioned a few times in this thread... this is a FRESH install of 11.2.2262
Yes it can unless you removed avast completely before performing the install.
And to do that, you will have to remove avast manually.
Through control panel + avastclear is not gonna remove everything.
Quote
but this time, removing all traces of avast in any folder or registry entry
Did you also removed the files in the Windows folder ?
How did you remove the legacy keys ?
« Last Edit: June 07, 2016, 08:01:20 AM by Eddy »

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #21 on: June 07, 2016, 02:34:42 PM »
Quote
It can't be a remnant, because, as I've mentioned a few times in this thread... this is a FRESH install of 11.2.2262
Yes it can unless you removed avast completely before performing the install.
And to do that, you will have to remove avast manually.
Through control panel + avastclear is not gonna remove everything.
Quote
but this time, removing all traces of avast in any folder or registry entry
Did you also removed the files in the Windows folder ?
How did you remove the legacy keys ?

Well once I use avastclear to remove avast, I pretty much use Windows search for anything associated with Avast! and delete it. Which I did... and I deleted the keys I could with CCleaner's registry cleaner function.

Another thing I noticed today after doing a...like 5th fresh install. Whenever the setup.exe runs after I choose only the components I want and it starts to run... multiple instances of Instup.exe run at once and one process lingers for about a minute before disappearing... and the AvastEmUpdate process also runs multiple times... but one process stays behind indefinitely... so I'm going to assume that means that it failed... which is probably why it's acting like this...

I'm not sure what's causing the AvastEmUpdate process to fail though... I thought it may have been my Comodo Firewall blocking it's access but I disabled it during the last fresh install and it still did the same thing.

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5494
  • Whatever will be, will be.
Re: Avast! file ngiodriver running during definition updates.
« Reply #22 on: June 07, 2016, 02:54:46 PM »
I have had these randomly generated driver for certain time, appearing in device manager as non-existent driver.

Just my speculation: I feel this randomly generated driver is a part of Avast Self Defense Module, to protect Avast installer from malware.
The reason why the name is random is to prevent malware from blocking Avast Self Defense Module to load, as fixed name could be easily recognized and blocked by malware.
These driver seems to be generated early stage of installation from installer, and deleted when finished.

Why the behavior is changed recently is beyond for me, Avast might changed its behavior for some reason.
Or, I just didn't try and see what happens when manual update is initiated.

Personally, I don't think there is anything to worry about.

EDIT: It also creates these services when it auto-updates too, the same problem occurs whether it's a manual or auto update.

So is something trying to attack Avast! then? I've done malware/virus scans today and for the past few days, with no luck.

And yeah, these drivers don't seem to stick around for very long, I never see them anywhere in Device Manager when they load but I'm still worried that 2 instances of instup.exe are loading when a manual update is checked for... according to my resource monitor... when the instup.exe runs... it will run the normal installer, the one that always runs, but then this installer shuts down for some reason and another starts in it's place which activates the ngiodriver part... and this second process eats up some RAM, even when an update is not found but also has many hard faults...

EDIT: This happens whether or not it's a manual or auto-update. Even when it auto-updates many processes of the instup.exe run at once and these ngiodriver based services are created. Pretty much every time the installer runs, according to my Computer Management logs.

2 instances of instup run.
2 instances of the randomly generated services created by ngiodriver_64 run.

I'm at a loss as to what is going on here. This is a fresh install... I used AvastClear about a few hours ago and did a fresh reinstall and the behaviour persists. :(

Avast is not attacked at all on your computer, it is a precaution for someone who try to install avast on already infected computer.

You can't get old behavior back how many times you try to reinstall, because it is changed for some reason by Avast, not by you or your computer.

So, as Eddy says, stop worrying and accept what it is now. Things are changing.


NG has been removed/disabled. Probably just a remnant.

Hmm... :/ It can't be a remnant, because, as I've mentioned a few times in this thread... this is a FRESH install of 11.2.2262. I did it today and this weird behaviour began around a couple of days ago. But even after a fresh install... it is still persisting.

11.1.2262 still has NG inside. NG is removed since 12.1.2263.


P.S.
You wrongly added "EDIT:" into my post when you quote it, please be careful not to do that.
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #23 on: June 07, 2016, 03:12:41 PM »
Quote
Avast is not attacked at all on your computer, it is a precaution for someone who try to install avast on already infected computer.

You can't get old behavior back how many times you try to reinstall, because it is changed for some reason by Avast, not by you or your computer.

So, as Eddy says, stop worrying and accept what it is now. Things are changing.

I've checked for viruses/spyware before though, with Avast! itself and Malwarebytes Anti-Malware and it found nada. Is it really necessary for NG to activate on every update made though? Cause that's what it seems to be doing... and the behaviour of the antivirus shouldn't change, as long as you are on the same version of the program that worked before... and if it changes for the worst for no apparent reason then it's just a bad product... no offence.

Mostly... Avast! has been a great product... never had many problems with it... this is one of the very few times I've had major issues with it.

 
Quote
11.1.2262 still has NG inside. NG is removed since 12.1.2263.

P.S.
You wrongly added "EDIT:" into my post when you quote it, please be careful not to do that.

Ahhh... but according to Eddy... NG has been around for a while in Avast! but I've not seen much activity from it in any previous versions of the program... nor did I see much activity of it in this version of the program when I first installed it from an older 2015 version.

Wonder why it's decided to be so aggressive now. And it only seems to run it when instup.exe attempts to update the virus definitions automatically or manually.

Also.. finally... what about this behaviour? Is this normal? doesn't seem normal to me, Avast! keeps refering to parts of the product I initially refused to install such as Browser Protections...


[2016-06-07 02:14:32] [info   ] [instupcore     ] [ 1824: 1828] Checking for updates has started.
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Delayed Chrome SP installation
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Delayed Firefox SP installation
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [warning] [chromeaos      ] [ 1824: 1828] Chrome was not installed by Avast.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast! file ngiodriver running during definition updates.
« Reply #24 on: June 07, 2016, 03:24:54 PM »
As I said before, everything is working as it should.
There is no abnormal behavior anywhere.

It is just your mind playing tricks on you due to your lack of knowledge on how applications (avast) is working.
If you really would understand (a lot) more, start with learning programming.

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #25 on: June 07, 2016, 03:47:33 PM »
As I said before, everything is working as it should.
There is no abnormal behavior anywhere.

It is just your mind playing tricks on you due to your lack of knowledge on how applications (avast) is working.
If you really would understand (a lot) more, start with learning programming.

Actually... my knowledge of computers is fairly good, programming isn't my strong point, yes. You're right but I'm not a noob when it comes to technological things... and that isn't very nice, you know?

Isn't this forum supposed to be a place where people come for help? Why the hostility? I'm just a bit worried is all, can you not sympathize?

Not trying to be a pain or anything... even though I'm sure I am... but can't you tell me more about what's going on? You seem to have better knowledge of this than I do. If this behaviour seems normal to you can you explain to me why it never happened in a previous installation (the first installation of 11.2.2262 from 2015) and how... programming-wise this can happen?
« Last Edit: June 07, 2016, 03:57:41 PM by Braver »

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5494
  • Whatever will be, will be.
Re: Avast! file ngiodriver running during definition updates.
« Reply #26 on: June 07, 2016, 04:44:05 PM »
Quote
Avast is not attacked at all on your computer, it is a precaution for someone who try to install avast on already infected computer.

You can't get old behavior back how many times you try to reinstall, because it is changed for some reason by Avast, not by you or your computer.

So, as Eddy says, stop worrying and accept what it is now. Things are changing.

I've checked for viruses/spyware before though, with Avast! itself and Malwarebytes Anti-Malware and it found nada. Is it really necessary for NG to activate on every update made though?
It is almost impossible to instantly detect whether there is any malware on the computer or not, that is why Self defense is always activated just in case there is some.

Quote
and the behaviour of the antivirus shouldn't change, as long as you are on the same version of the program that worked before... and if it changes for the worst for no apparent reason then it's just a bad product... no offence.
You mentioned "Emergency Updater" (AvastEmUpdate) thing before, that is exactly doing what you say "bad"; i.e. changing its behavior without changing major version number (internal versions of each file may be changed).
And, in most cases, what has been changed is not disclosed.
I think most of them are bugfixes, but I don't really know as there is little information about what is changed.


Quote
Quote
11.1.2262 still has NG inside. NG is removed since 12.1.2263.

P.S.
You wrongly added "EDIT:" into my post when you quote it, please be careful not to do that.

Ahhh... but according to Eddy... NG has been around for a while in Avast! but I've not seen much activity from it in any previous versions of the program... nor did I see much activity of it in this version of the program when I first installed it from an older 2015 version.

Wonder why it's decided to be so aggressive now. And it only seems to run it when instup.exe attempts to update the virus definitions automatically or manually.
Most NG drivers are already there (kept installed when once installed), so you don't see any "Aggressive" activities (installing driver everytime) as there is no need to do that.
NG is (was) part of the DeepScreen technology and when DS is triggered, NG is also activated (without installing drivers, because they are already there).

So, it is no doubt you did not see any driver-installing activities before.


Quote
Also.. finally... what about this behaviour? Is this normal? doesn't seem normal to me, Avast! keeps refering to parts of the product I initially refused to install such as Browser Protections...


[2016-06-07 02:14:32] [info   ] [instupcore     ] [ 1824: 1828] Checking for updates has started.
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Delayed Chrome SP installation
[2016-06-07 02:14:32] [info   ] [chromesp       ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Delayed Firefox SP installation
[2016-06-07 02:14:32] [info   ] [firefoxsp      ] [ 1824: 1828] Waiting for 5 days from Avast installation (install time: 1465265672, current time: 1465257513)
[2016-06-07 02:14:32] [warning] [chromeaos      ] [ 1824: 1828] Chrome was not installed by Avast.
The log says "Delayed installation", because you refused to install them. I think it is just a wording problem.
« Last Edit: June 07, 2016, 04:49:57 PM by NON »
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast! file ngiodriver running during definition updates.
« Reply #27 on: June 07, 2016, 05:19:21 PM »
Quote
Why the hostility?
There is no hostility in this thread.
Quote
I'm just a bit worried is all, can you not sympathize?
As we said several times, stop worrying.
I do have a lot of knowledge/experience with computers (both hardware and software)
I don't know RejZor and NON personally, but I have no doubt at all that they have too.

Only start worrying if one of us tell you to do so.
If you see one of us worrying, it is time for a serious panic ;D

Although a version number of avast hasn't changed, it doesn't mean everything has stayed the same.
Sometimes (rare, but it happens), avast rolls out a (very) small update/change while they keep the version number the same.

NG isn't activated on every update.
It is always running if you have the option for it enabled.
If you have the option disabled, there are still (at least) parts of it present in case it need to start running.

REDACTED

  • Guest
Re: Avast! file ngiodriver running during definition updates.
« Reply #28 on: June 07, 2016, 07:04:30 PM »
Quote
You mentioned "Emergency Updater" (AvastEmUpdate) thing before, that is exactly doing what you say "bad"; i.e. changing its behavior without changing major version number (internal versions of each file may be changed).
And, in most cases, what has been changed is not disclosed.
I think most of them are bugfixes, but I don't really know as there is little information about what is changed.

I know that occasionally... AvastEmUpdate can change certain things on the system, as I've seen it run before and setup things... but to this degree is a bit weird...


Quote
It is almost impossible to instantly detect whether there is any malware on the computer or not, that is why Self defense is always activated just in case there is some.

Well I've ran 3-4 different virus/malware scanners... Malwarebytes... Avast... Virustotal's online scanner and the Windows Malicious Software removal tool, all full-scans and it never found anything... so isn't that conclusive to say I don't have any virus?

Quote
Most NG drivers are already there (kept installed when once installed), so you don't see any "Aggressive" activities (installing driver everytime) as there is no need to do that.
NG is (was) part of the DeepScreen technology and when DS is triggered, NG is also activated (without installing drivers, because they are already there).

So, it is no doubt you did not see any driver-installing activities before.

So why is it doing it now then? I don't think I've ever had NG run before when I had previous versions of the program... and I always had the Deepscreen option ticked. Because it's supposedly bad to untick it.

I find it suspicious because it installs newly randomly generated services on every manual or automatic update... I see the logs every time Avast! updates the definitions and it always refers to 2 new services being loaded into the system... which are then shortly after removed... I don't know why it sees the need to do this EVERY TIME. :/


Quote
The log says "Delayed installation", because you refused to install them. I think it is just a wording problem.

I dunno... it creates this same log every time Avast! tries to update as well. I have Avast! set to run the instup.exe every 120 minutes. (As I always have) and I checked the logs from every 2 hours ago and each one has the same wording and the mention of previously refused installations not made. Can't say I've seen this activity in previous versions of Avast! via the logs either.

Quote
There is no hostility in this thread.

Well you were rather rude. I may not know anything about Avast! very much, but I certainly am not stupid when it comes to PC's and such... but I do tend to have problems with stress levels... I have some problems, yes... And when things I don't expect happen I usually can't handle it very well...

Quote
As we said several times, stop worrying.
I do have a lot of knowledge/experience with computers (both hardware and software)
I don't know RejZor and NON personally, but I have no doubt at all that they have too.
Only start worrying if one of us tell you to do so.
If you see one of us worrying, it is time for a serious panic ;D

I appreciate that, I'm sure you have extensive knowledge with Avast! and programming and such other things but the difference to how Avast! was performing a week ago and now... there is a lot of differences that I can''t help but notice and worry about... I'm pretty OCD about how my computer runs. And Yes... I'm also sure that Rejzor and NON have very good experience too... NON has been particularly helpful in calming me down a little...

Quote
Although a version number of avast hasn't changed, it doesn't mean everything has stayed the same.
Sometimes (rare, but it happens), avast rolls out a (very) small update/change while they keep the version number the same.

You mean via AvastEmUpdate? I have seen this run many times before and am fairly aware that it can change settings for Avast! at any time, without your knowledge of it. But I'm not sure if this is the case in this situation. I've freshly reinstalled Avast! 4 times now in the past couple of days and whenever I do... it just does the same things as it does now. So I'm not sure if it may be a problem with the initial installation of Avast! because of some corruption or such thing so... meh.


Quote
NG isn't activated on every update.
It is always running if you have the option for it enabled.
If you have the option disabled, there are still (at least) parts of it present in case it need to start running.

Well it is for me... currently. Every time I do a manual check for updates via the AvastUI... the logs always state that 2 randomly generated services coming from the file "ngiodriver_64" were installed into the system, but they shortly disappear. instup.exe creates 2 processes when it checks for updates too so it's blatantly related to it...

2 processes of instup.exe
2 services created by ngiodriver_64

It always does this when it actually updates too but not when doing a automatic check (with no update available)... which is weird.

What is the setting for it to be enabled? Deepscreen? I've always had that enabled, on every version and never saw anything like this.

Anyways, thanks for the replies.
« Last Edit: June 07, 2016, 07:13:33 PM by Braver »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast! file ngiodriver running during definition updates.
« Reply #29 on: June 07, 2016, 07:17:30 PM »
Quote
I find it suspicious because it installs newly randomly generated services on every manual or automatic update
No, it doesn't.
It is the same service every time.
The name of the file is just changing to prevent malware from detecting/blocking/infecting it.