Author Topic: AAVM Subsystem detected a RPC error  (Read 16583 times)

0 Members and 1 Guest are viewing this topic.

Portillas

  • Guest
AAVM Subsystem detected a RPC error
« on: November 26, 2007, 09:52:20 PM »
I've exclusively used Avast Home edition for years now with no problems whatsoever - until now. The on acces scanner will no longer work which also disables the Chest. I followed the instructions in the FAQ link provided by the statement (title of this topic) when I try to access the On Access Scanner control. I have two RPC running in my system services and as I recall this is normal. I used the repair option under add/remove programs to no avail. I uninstalled the product, downloaded a new copy, installed it, updated it, rebooted and boot level scannned my drive. Still no resolution.

Shortly before this problem surfaced, during a thorough scan with archive scan enabled, Avast showed to have the PC-Flu II virus and put it in the chest. After it finished scanning, I immediately ran another scan with same options and it detected Win32:Adware-gen [Adw]. It could not put the second virus in the Chest so I deleted it. I've run a thorough scan again and nothing is detected. During the installation of the newly downloaded Home Edition version 4.7 and updated today, 26 Nov, 2007, I noticed something unusual in the parts of the installation listed - The Bat! It is the only thing that was listed without an option not to install.

I am using a Compaq Presario 2200US with a Pentium Celeron M 1.4GHz. with 1GB RAM, 40GB Hitachi Hard Drive running Windows XP Pro. Any advice to resolve my on access scanning issue will be greatly appreciated. Thanks.
Cliff

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #1 on: November 26, 2007, 10:39:42 PM »
I uninstalled the product, downloaded a new copy, installed it, updated it, rebooted and boot level scannned my drive. Still no resolution.
What's happening now? How are you scanning with avast?

During the installation of the newly downloaded Home Edition version 4.7 and updated today, 26 Nov, 2007, I noticed something unusual in the parts of the installation listed - The Bat! It is the only thing that was listed without an option not to install.
It's ok. The Bat! will only be available if you have this email client installed.
The best things in life are free.

Portillas

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #2 on: November 26, 2007, 10:59:59 PM »
I can scan using the simple user interface. The Chest is unavailable due to the on access concern. A thorough scan including archives found nothing.
« Last Edit: November 26, 2007, 11:50:05 PM by Portillas »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #3 on: November 27, 2007, 01:51:14 AM »
I can scan using the simple user interface.
So you have on-demand scanning but not on-access protection...
Is it right?
Does avast icon on system tray have a red cross on it?
The best things in life are free.

Portillas

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #4 on: November 27, 2007, 05:45:12 PM »
Right, I have on demand scanning but no on access protection. I have since tried the uninstall with the aswclear.exe I downloaded to no avail. Upon reinstallation, I still have the same concerns with the red circle and cross in systray.

hotmog

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #5 on: November 27, 2007, 07:18:59 PM »
I started getting exactly the same problem a few days ago. I noticed the red circle on avast! a-ball icon which produced the same error message above when I clicked on it. It also appeared to cause all my Internet Explorer 7 and Outlook Express connections to fail.

The first couple of times it happened, I was able to resolve the problem by doing a system restore to a point a day or so before this all started. I had to do another one late last night, and it was fine up until this afternoon when the familiar "Webpage cannot be found" error recurred, and lo and behold, the dreaded red circle had once more reappeared on the Avast icon. I performed another system restore, and decided to uninstall Avast, then re-install it. Unfortunately, immediately I had completed the uninstall I lost all IE connectivity again so I was unable to connect to the site to access the download. The only thing for it was to do another system restore. However, horror of horrors! this time I was confronted by a message saying that my computer could not be restored to the earlier time.

I started to have nightmares about having to perform a complete Windows re-installation. However I tried logging on using another (non-admin) user account, and although the Avast red circle was still present, I found that I could at least connect to the internet. The next step was to log back in on the admin account and grant the other user account admin rights, then log back in on that and hope it had still had internet access - it did!

I was then able to download and reinstall Avast. I checked that all the startup settings, etc, are on automatic, updated the database, rebooted ...... but still the red circle is there. I have followed all the instructions in the FAQ link from the error message, including the Repair option in change/remove programs, which stated (wrongly) it had been successful, but I am now without any effective run-time virus protection. The only saving grace is that I still have internet connectivity, although it was still dead on the original admin account I used, so I ended up having to delete that account and create another with the same name and attributes.

Being naturally paranoid about my pc being open to infection from viruses and other nasties, I would very much welcome urgent advice as to how this issue can be resolved.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #6 on: November 27, 2007, 07:59:03 PM »
I noticed the red circle on avast! a-ball icon which produced the same error message above when I clicked on it.
Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
The best things in life are free.

hotmog

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #7 on: November 27, 2007, 09:28:30 PM »
Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
Thanks for the suggestion. I've downloaded and run the AVG anti-rootkit freeware; it has not detected any rootkits on my pc.  ???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #8 on: November 27, 2007, 10:49:30 PM »
Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
Thanks for the suggestion. I've downloaded and run the AVG anti-rootkit freeware; it has not detected any rootkits on my pc.  ???

Try Panda and TrendMicro. I mean, some infections mess the antivirus installation, and I can't guess what is messing your avast installation...
The best things in life are free.

RJARRRPCGP

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #9 on: November 28, 2007, 01:36:02 AM »
Could this be a Blaster attack?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #10 on: November 28, 2007, 01:42:15 AM »
Could this be a Blaster attack?
Yes, it could. So the rootkit suggestion...
The best things in life are free.

Portillas

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #11 on: November 28, 2007, 03:50:58 AM »
I ran Trend, AWS & Panda Rootkit detectors on thorough and detected nothing. I also ran Panda thorough scan for viruses, spyware, etc. and it only detected 9 low level spyware cookies. I cleared my cache and all cookies and temp files and still the red crossed circle with Avast on access scan. I am also concerned that Panda showed Windows Defender is both disabled and out of date. According to Defender it is active and up to date. I also use Spybot S&D fully updated with all products unchecked for exclusion (they do have some checked for ignore with the installation.) Neither detects any spyware. I also tried the online Symantec check which detected nothing. ::) Microsloth's security alerts keeps prompting me that I have no virus protection. The solution they give is to get a different AV provider. To me, either it is a bug in the software or a virus that hasn't been removed or discovered and identified correctly. Heuristics scans detect nothing. ::)

hotmog

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #12 on: November 28, 2007, 10:33:09 AM »
Update: I ran Trend anti-rootkit last night, but that didn't detect anything either, so I then downloaded and ran Trend HouseCall. It  took about an hour and a half (didn't finish until 00:45am), but it did detect 2 viruses which I deleted (I can't remember what they were called). I'd previously run a "medium strength" Avast scan which hadn't revealed anything. The red circle was still present after this operation, but at this point I'd had enough, switched off the pc and went to bed.

This morning after I'd booted up, no red circle! It seems to have done the trick. ;D Many thanks for the rapid responses and suggestions.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AAVM Subsystem detected a RPC error
« Reply #13 on: November 28, 2007, 01:35:20 PM »
it did detect 2 viruses which I deleted (I can't remember what they were called).
It would be very helpful if you check down the name and the path of these infected files and submit them to avast team for analysis. This help them to increase detection and improve your security ;)
The best things in life are free.

hotmog

  • Guest
Re: AAVM Subsystem detected a RPC error
« Reply #14 on: November 28, 2007, 02:38:11 PM »
it did detect 2 viruses which I deleted (I can't remember what they were called).
It would be very helpful if you check down the name and the path of these infected files and submit them to avast team for analysis. This help them to increase detection and improve your security ;)
I've managed to track down the location of the HouseCall folders. There are various log files, some of which are to do with the software download and installation. There are 3 others that do appear to relate to the pc scan, however they are obtuse to say the least and I can find nothing specific relating to the two viruses that were identified and deleted. All I know is that they were located in the directory path C:\Documents and Settings\Christopher\My Documents\ImTOO.3GP.Video.Converter.v3.1.8.0720b.WinALL-CHiCNCREAM\, and the only two files referenced by the log with that path are \cncita4c\cncita4.r01 and \cncita4c.zip, so I assume they are the likely culprits. If you give me the contact address I can email the log files to you for examination. Note that the dates and times in the logs are completely wrong.