Pro: Win32/FSmall.gen!Z not detectet - Boot Time scan "refused"

[al_pacino34]

Avast!4 Pro, up to date (automatic program and AVS updates, permanent connection)
Since I have a (SPI) firewall appliance I only use Windows XP (SP2) firewall.

Observed suspicious network activity. Therefore I tried to perform a boot-time scan.

Have done this many times with the current and unmodified configuration, but now avast claims always a keyboard error.
Message: 0 files scanned ... and the boot continues. I have a standard PS/2 keyboard, entering and modifying the BIOS setup and/or the RAID controller BIOS is working OK, therefore the "keyboard error" must be false !

Performed a online Scan with Microsoft One Care. Win32/FSmall.gen!Z detected (Alias: Trojan-Downloader.Win32.Small.gen )
Unfortunately I let MOC simply remove the affected file instead of trying to isolate and send to Alwil for analysis first ...

Performed scans in save mode with 4 different scanners (Kaspersky, Sophos, Trust, McAfee) - nothing found, therefore I am quiet sure that my system is clean now.

Reinstalled Avast!4 Pro - but boot-time scan still does not work !!

The "Trojan-Downloader.Win32.Small.gen" Virus is known since early 2006 at least and I am frustrated that Avast did not detect the infection. I don't remember having performed any dangerous action. Recently installed programs are all original and mainstream standard applications ...

I am quiet intrigued. Until now I was sure having the best antivirus solution - but now I am afraid that Avast is not as sure as I believed ...

Questions:
Has anybody a idea where the keyboard-error on boot-time scan might come from ?
Is there any avast.ini parameter allowing to force a boot-time scan ignoring the keyboard ?

Thanks an best regards
AL

[Lisandro]

Therefore I tried to perform a boot-time scan.
Have done this many times with the current and unmodified configuration, but now avast claims always a keyboard error.

Am I reading correctly that avast is showing a keyboard error while you're scanning at boot time?

Reinstalled Avast!4 Pro - but boot-time scan still does not work !!

Can you post the full error message?

I am frustrated

Me too... a 2006 virus!!!

Is there any avast.ini parameter allowing to force a boot-time scan ignoring the keyboard ?

No.

[al_pacino34]

oi brasileiro ...

enclosed a pic of the situation (sorry, it's a german version)

1. Avast starts
2. Message: ESC to stop the scanning (off course I didn't touch anything at this stage ...)
3. Immediately Avast shows : Keyboad error and (skipping the scan) three lines telling that 0 files, 0 folders where scanned, and 0 infected files have been found
4. 1 second later, without asking any confirmation the boot process continues.

I tried everything, even telling Avast to delete all infected files and to delete or move system files (without prompting for permission)  ... see pic 2

By the way, I forgot to tell, in the very beginning avast could'nt be opened.
Therefore I made first a scan with an up-to-date avast cleaner: w.o. any result.
After reboot avast could be opened again and I sceduled a boot-time scan (with the above effect ... skipping the scan with keyboard error)
I therefore scanned the machine with Microsoft One Care ... it found and deleted the virus.
I then updated the 4 other AV scanners mentionned, deactivated the NIC, rebooted in save mode. The 4 command line scanners didn't find anything apart of a few corrupded files in non critical areas ...
I then reinstalled a Avast (latest download), but the keyboard error at boot-time scan remains!

    

Hope we can find a solution - it's only 2 month ago I upgraded my system with a Core Duo Quad and a new mainboard. Thinking about reinstalling the whole system again turns me nuts ...

[Lisandro]

But the keyboard error at boot-time scan remains!

It`s beyond my knowledge. Hope Alwil team could help you on this one.

[Hannu]

I tried boot time scan today, but it didn't complete because of keyboard error. I am using wireless USB keyboard, Logitech internet 1500 laser cordless desktop. Can't understand why avast! gives this error, because BIOS recognizes at the startup my usb keyboard and mouse. Have no problems with windows use either. Have the trojans on my virus chest; Win32:LoadAdv-H [trj] and Win32:Agent-LUK [trj] Could they give the keyboard error

[oldman]

I'm sure I'll muddle this up. This has been reported before, it seems on some systems, avast starts before the handoff from the bios drivers to the windows drivers.

Do you have the option to plug in a ps2 keyboard?

[Lisandro]

avast starts before the handoff from the bios drivers to the windows drivers.

Hmmm... bios 'drivers' are loaded before avast...
avast should work with USB keyboards when this hardware is allowed into bios settings.
That's the reason I've read but did not post here before... It's strange.
But, indeed, a PS2 keyboard will do it.

[oldman]

How long di the bios drivers stay active. In other words, which drivers are used during the boottime scan?

[Lisandro]

How long di the bios drivers stay active. In other words, which drivers are used during the boottime scan?

I don't think the bios drivers are piece of software but hardcoded in the chips.
But you're question remains. I'm not the one will be able to answer it for sure.

[oldman]

Thanks Tech.

Not 100% sure where I came across, but there is a hand off from the bios drivers to the windows drivers.

If the windows drivers handle the bootscan, but aren't loaded, then the keyboard may not be detected.

But if the bios drivers handle it, then the keyboard should be remain detected.

Maybe there is a "gap" between the time the two drivers are active and avast is loading in that period?

I'm just trying to puzzle out why the scan fails on some computer with the keyboard error.

[vojtech]

Please try the beta version (http://forum.avast.com/index.php?topic=31426.0). The keyboard handling was modified so that problems with USB keyboards may disappear.

[Hannu]

Please try the beta version (http://forum.avast.com/index.php?topic=31426.0). The keyboard handling was modified so that problems with USB keyboards may disappear.

Updated to 4.7.1083 and boot time scan works now. Good job avast team!

[sanctuary24]

So is that virus from 2006 not covered by Avast?

[vojtech]

Hannu, please send me the Avast4\DATA\log\aswBoot.log file so we can be sure that is was not just coincidence.

[Hannu]

Hannu, please send me the Avast4\DATA\log\aswBoot.log file so we can be sure that is was not just coincidence.

Here you go.