Author Topic: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning  (Read 12849 times)

0 Members and 1 Guest are viewing this topic.

rangoon_fr

  • Guest
Hello,

I have XP Home SP2 which I just reinstalled.

I have also reinstalled Avast and updated it (automatic Avast update), but now I have this avast popup error "ashMailSv has been modified do you really want to run this program ? Yes / No".
Besides, avast "need to restart your machine" all the time.
I also have this issue with ashWebSv but not with other services (files, IM, ...)

I used to have Avast for the past 3 or 4 years, and I never had any issue with it, but now I can't use it anymore !

I've been through the Windows reinstall process many times these days to try to solve this issue, and came to the conclusion it is closely linked to SP2 installation.

Any idea about it ?

Any solution ?

Many thanks to you all !
« Last Edit: July 13, 2006, 02:06:13 PM by rangoon_fr »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
1. Are you sure this is an avast message about ashMaiSv.exe and not either your firewall or other security software ?
What other security based software do you have that might block new startup entries, e.g. Spybot S&D (TeaTimer), AdAware (AdWatch), SpySweeper, PrevX, WinPatrol, ProcessGuard, etc. ?

2. I trust you did reboot and the prompt keps coming ?
This could be solved, in some systems, by deleting the file C:\Program Files\Alwil Software\Avast4\Setup\reboot.txt
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rangoon_fr

  • Guest
I did reboot indeed : same issue. I couldn't fing the reboot.txt, and this time it doesn't ask for reboot.

see attached screenshot o popup in original post, it looks as an avast message.
If i click "non" (=no), it come back over and over, if I click "oui" (=Yes) no more popup.

any help ?, thanks ! :-)
« Last Edit: July 12, 2006, 01:48:49 PM by rangoon_fr »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Yes it does look like it is generated by avast.

Can you answer my second question in item 1, it could have a bearing if there are other security programs that might hook into either of those programs though why is beyond me.

Was reboot.txt present in the location I gave ? did you delete it ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
What if you delete the file ashMaiSv.exe (you'll have to stop the ashMaiSv service before that) and invoke a program update (or VPS update, or program repair... doesn't really matter). Or, you may just rename the file to something else, even without stopping the service, and then invoke the update.
The correct version of the file should be regenerated.

If the message appears again, I'd probably suggest to send us the file... so that we can check what modifications have occurred.

rangoon_fr

  • Guest

Can you answer my second question in item 1, it could have a bearing if there are other security programs that might hook into either of those programs though why is beyond me.
no other security program than Windows' Firewall and its security stuff (being "windows updated")

Was reboot.txt present in the location I gave ? did you delete it ?
it was not present, and after the last reboot I did before going back to work, it stopped asking for reboot.
hence  currently only remain with the ashMaiSrv / ashWebSv problem.

rangoon_fr

  • Guest
What if you delete the file ashMaiSv.exe (you'll have to stop the ashMaiSv service before that) and invoke a program update (or VPS update, or program repair... doesn't really matter). Or, you may just rename the file to something else, even without stopping the service, and then invoke the update.
The correct version of the file should be regenerated.

I did the following :
 - install with a newly downloaded 4.7 version, same issue. So I thought I had this issue because of an error in Avast 4.7 package (sorry for this thought...),
 - uninstall 4.7 version then reboot then install an old 3.x version then I asked for update using the interface options. It has updated correctly (no error popped up) but the popup problem was still there.

I can install a 4.7 and do you test tonight if you think it could help in anyway ?

If the message appears again, I'd probably suggest to send us the file... so that we can check what modifications have occurred.

I'll do this at first time when I'm back, where should I them them to ?
Could you provide me with the time/date/octets size and versions of all exes related to avast, I'll compare those informations with the files I have later when I'm back from work.

thanks !

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
The installer has various self-checks, so it wouldn't install corrupted files (but display an error message instead). If you reinstalled avast!, then the correct file really should be there...

The ashMaiSv.exe file from avast! 4.7.844 has 245808 bytes - but I'd rather check the content (compare it to the original one), the size doesn't say that much.

Maybe the file is actually OK and the problem is somewhere else... but I find it rather unlikely; if there was a bug in the file-verification code, many people would experience the same problem (which is not the case).

rangoon_fr

  • Guest

I completly agree, but you know how users are, it's always editor's fault, then, maybe, it can be ours...!  ::)

I'll send you the *.exe from the installation folder, can you tell me where I should send those ?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
I'm afraid I've got a bad news for you.
The files really are modified - in particular, they are infected by a virus that avast! currently doesn't detect, unfortunatelly. The virus will be analyzed and detection added in the next VPS update - but it means that many of your other files are probably infected as well... :(

Sorry for the troubles.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
I hope that everyone who reads it take a lesson out of it.
NEVER go online without proper protection.
Here is how to install a OS properly:

1) install the OS

2) install motherboard drivers

3) install other drivers

4) install firewall

5) install av software

Do this BEFORE going online!

6) get ALL security updates and patches.


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Well, in this particular case, it wouldn't help much - as avast! doesn't detect this virus yet (sorry about it).

rangoon_fr

  • Guest
thanks you very much Igor for your close follow up!
I fear to see how deep my PC is infected, I just hope it is limited to Avast...

I look forward the new VPS!

Thanks,

Rangoon

rangoon_fr

  • Guest
I hope that everyone who reads it take a lesson out of it.
NEVER go online without proper protection.
Here is how to install a OS properly:
(...)

Hello Eddy,

though I agree with this "lesson", I just wanted to precise that your procedure is my base one and it lead me to infection however :-(
Besides, I keep wondering how can a virus come to My PC if I did not even start "surfing" but on editor's websites for latest version or updates downloads. I'll try to find this out when the new virus definition come out ! ;-)

For the past 10 year on internet, it the very first time I get a virus, I've been using ThunderByte, InoculateIT, PC Cillin, and finally avast for the past 2 or 3 years. During this time I had very few alerts.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #14 on: July 13, 2006, 04:01:14 PM »
Windows fileinfector that wasn't detected by avast! ? Isn't that a bit unusual considering there isn't many file infectors ?
Visit my webpage Angry Sheep Blog