Hello,
I regularly monitor remote/foreign connection addys data
with TCPView and also use the C prompt 'netstat', 'tracert'
commands to view who & where while surfing. I also utilize
a seemingly reliabe web based proxy or startpage.com
/with integrated proxy.
I'd noted with interest an event around November, 10th.
MpCmdRun.exe:2580 TCP (My system IP) >(Remote connection > 96.6.124.25:80 ESTABLISHED)
This:^ There were quite a few seconds of communication and ^machine grinding. My
system is loud, considering the side panels are removed.
At this point I'd thought it wise to password protect Avast, which I did.
C:\Documents and Settings\My system>tracert 96.6.124.25
Tracing route to a96-6-124-25.deploy.akamaitechnologies.com [96.6.124.25]
over a maximum of 30 hops: Trace complete.
Over the next three days I'd noticed a progression of events. My avast is
set to update automatically every four hours, which it wasn't. Then Avast
let me know that it was unable to update definitions altogether.
I'd gotten it in my head that perhaps, passwording Avast may be the problem.
Then I used the old reboot system technique and observed the TCP/Ip action.
There was little or none to Avast, which I found peculiar. In addition, my
Netgear wizard/ monitor application displayed the following:
An unsupported operation was attempted WG111v3. Another reboot
produced the message below.
Avast stepped up and notified me of 'suspicious files' and requested
permission to study them. TemporaryInternetFiles (serverimage[2].png)
I'd looked myself to no avail and approved the study request by Avast.
I've heard nothing since.
Question: I've noticed the real-time behavior shield shows little stats, yet
pulling up the history stats in the behavior shield chart shows much.
A great deal of red.
The behavior shield monitor stats actually starts to chart red on October 26th,
midnight. Since then, there is a blend of safe & infected, only in the behavior
chart history graph, not in real-time, on my system. All other system shield
stats, real-time and history appear clean.
Behavior shield history chart: 13/11/2010 scanned/infected 9/9 (nine of nine infected)
The latest development is the discovery that Windows Defender which had
worked well on its own and seemlessly with Avast has now ceased updating
its definitions both automatically & manually.
This is how connections to Windows Defender usually appear.
Active Connections
Proto Local Address Foreign Address State
TCP (My system) cds35.iad9.msecn.net:http ESTABLISHED
TCP (My system) 65.55.27.220:https ESTABLISHED
NOT:
MpCmdRun.exe:2580 TCP (My system) >(Remote connection > 96.6.124.25:80 ESTABLISHED)
Partial log infos:
05:33:00 min/gen Started: 10.11.2010, 05:33:00
05:33:05 nrm/int Used server:
http://download666.avast.com/iavs5x09:48:28 min/gen Started: 10.11.2010, 09:48:28
09:48:28 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
09:54:09 nrm/int SYNCER: Type: use IE settings
09:54:09 nrm/int SYNCER: Auth: another authentication, use WinInet
09:54:09 dbg/int while trying to get file 'servers.def', error 0x20000004 has occured, try 9
09:54:36 nrm/int ERROR:HttpGetWininet, catch returned 0x00002EFD (12029)
09:54:36 nrm/gen InvalidateCurrent: invalidated server 'Download830 AVAST5 Server' from 'main'
09:54:36 nrm/gen SelectCurrent: selected server 'Download725 AVAST5 Server' from 'main'
09:54:36 nrm/int SYNCER: Type: use IE settings
09:54:36 nrm/int SYNCER: Auth: another authentication, use WinInet
09:54:36 dbg/int while trying to get file 'servers.def', error 0x20000004 has occured, try 10
09:54:38 min/int tried 10 servers to get file 'servers.def', but failed (0x20000004)
09:54:38 min/fil servers.def not changed, 1289325398
09:54:38 min/pkg Tried to download servers.def but failed with error 0x20000004.
09:54:57 min/gen Error:Cannot connect to 174.120.184.234 (174.120.184.234:80).
09:55:56 nrm/pkg Transferred: files 20, bytes 0, time 330226 ms
09:55:56 nrm/pkg Retries: total 20, files 2, servers 21
09:55:56 vrb/fil NeedReboot=false
09:56:15 min/gen Return code: 0x20000004 [Cannot connect to 174.120.184.234 (174.120.184.234:80).]
09:56:15 min/gen Stopped: 10.11.2010, 09:56:15
I'm appreciative of the reliabilty with the Avast product despite this peculiar hiccup.
Avast's update of definitions connectability has resumed,though questions remain. The
functionality of the Netgear application has also resumed. Windows Defender firewall
appears to fucnction although updating definitions are not an option presently.
Any ideas or infos?
Thank you.
