Almost looks like a Ccleaner temp file (Undo file) that’s being scanned.
I don’t have the problem but don’t have Ccleaner installed either.
[b]@ DavidR[/b]I had some cpu spikes as explain above
Yes, but my instance isn’t anywhere near as severe as yours was, so my CPU wasn’t an issue and the tray icon as mentioned would generally rotate once.
mmmh… thanks for the info, guys.
@ Bob
Thank you for your idea, but no, it is not a CCleaner file. It is a file for SoundBlaster Audigy integrated audio.
Well I started to delete files from FSS exclusion list and it did not work. Avast is back like crazy scanning all those files again and again. >:(
My system has been up a little over 2.5 hours and the FSS shows 2130/0. I have \firefox\profiles*sessionstore.js as an exclusion on write ( due to a recommendation from someone ). You might see if that will help. At the time I entered that exclusion in the distant past, it did help a particular situation but it might not even be necessary now. The sad thing is that I don’t remember the details, now.
I don’t have WinPatrol installed. Is it possible that it is touching some file and triggering the FSS on it? I’m not familiar with that program, just that it is highly recommended by many.
The other thing is that many of the files that are being scanned, shouldn’t be being scanned in any case under the default FSS settings.
Take some of those listed by iroc9555:
C:\Documents and Settings\Hernan Perez\Configuración local\Temp\clclean.0001.dir.0000
C:\Documents and Settings\Hernan Perez\Configuración local\Temp\clclean.0001
C:\Documents and Settings\Hernan Perez\Configuración local\Temp\clclean.0001.dir.0000~df394b.tmp
C:\Documents and Settings\Hernan Perez\Configuración local\Temp\clclean.0001.dir.0000~efe2.tmp
These aren’t executables or dlls, so why the FSS shield would be even scanning them outside of the issue being covered here, is beyond me.
I have seen several such files being scanned that aren’t .exe or .dll, etc.
I have had the \firefox\profiles*sessionstore.js exclusions for absolutely ages, in fact I believe it is now a default exclusion.
WinPatrol link avast is meant to be on-access so something would have to make a system change, etc. for it do reach out to check.
I am seeing the same thing on XP as I reported at http://forum.avast.com/index.php?topic=94168.msg749722.
I am seeing processlasso.exe every second, and am seeing KiwiLogViewer.exe and notepad++.exe every few seconds.
d
Update:
I appear to have many, more files in this repetitive scan cycle.
Switched OK files on in the FSS Report file settings, Stopped FSS to enable changed setting, Started FSS. Left on for 3 minutes, unchecked the OK files in the Report file, Stop and Start FSS. In that 3 and a bit minutes over 900 files were scanned.
25/02/2012 17:54:31 C:\PROGRAM FILES\ROCKETDOCK\ROCKETDOCK.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\JAVA\JRE7\BIN\JQS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\JAVA\JRE7\BIN\JQS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\POWERQUEST\DRIVE IMAGE 7.0\AGENT\PQV2ISVC.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\POWERQUEST\DRIVE IMAGE 7.0\AGENT\PQV2ISVC.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\CAPS LOCK CHANGER\CAPS_LOCK_CHANGER.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\CAPS LOCK CHANGER\CAPS_LOCK_CHANGER.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\BELKIN BULLDOG PLUS\MUPS.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGIT32.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGIT32.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\TSCHELP.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\TSCHELP.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGPRIV.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGPRIV.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGITEDITOR.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGITEDITOR.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\JGSOFT\EDITPADLITE\EDITPADLITE7.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\JGSOFT\EDITPADLITE\EDITPADLITE7.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\7-ZIP\7ZFM.EXE is OK 25/02/2012 17:54:31 C:\PROGRAM FILES\7-ZIP\7ZFM.EXE is OK 25/02/2012 17:54:33 C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQSmeCOM.dll is OK 25/02/2012 17:54:33 C:\Program Files\PowerQuest\Drive Image 7.0\Agent\gwlangEN.dll is OK 25/02/2012 17:54:34 C:\WINDOWS\system32\gearaspi.dll is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\ROCKETDOCK\ROCKETDOCK.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\YAHOO!\WIDGETS\YAHOOWIDGETS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\JAVA\JRE7\BIN\JQS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\JAVA\JRE7\BIN\JQS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\POWERQUEST\DRIVE IMAGE 7.0\AGENT\PQV2ISVC.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\POWERQUEST\DRIVE IMAGE 7.0\AGENT\PQV2ISVC.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\CAPS LOCK CHANGER\CAPS_LOCK_CHANGER.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\CAPS LOCK CHANGER\CAPS_LOCK_CHANGER.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\BELKIN BULLDOG PLUS\MUPS.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGIT32.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGIT32.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\TSCHELP.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\TSCHELP.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGPRIV.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGPRIV.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGITEDITOR.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\TECHSMITH\SNAGIT 10\SNAGITEDITOR.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\JGSOFT\EDITPADLITE\EDITPADLITE7.EXE is OK 25/02/2012 17:54:41 C:\PROGRAM FILES\JGSOFT\EDITPADLITE\EDITPADLITE7.EXE is OK 25/02/2012 17:54:42 C:\PROGRAM FILES\7-ZIP\7ZFM.EXE is OK 25/02/2012 17:54:42 C:\PROGRAM FILES\7-ZIP\7ZFM.EXE is OK
I’m far from happy as this was never how it was, and there really shouldn’t be a need for a user to go to these lengths, analysis & exclusion of tens of files. When the Transient cache is meant to cater for this repetitive scanning of the same file, until the user reboots, a virus definitions update or the file actually changes.
So it is broken, I can think of no other words to better describe is not working as it should.
For me most of these files although loaded would be pretty dormant.
David, I think I have managed to replicate this to some extent.
I think there is a settings within FSS settings that causes this. I turned them all pretty much all the way up on every page and I saw what you saw in the report file.
I will test further, to see if I can pin down which one it is.
A small portion of what I see…
25/02/2012 18:28:30 C:\Program Files\Rainmeter\Rainmeter.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files\Rainmeter\Rainmeter.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [+] is OK
25/02/2012 18:28:30 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [+] is OK
25/02/2012 18:28:33 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [+] is OK
25/02/2012 18:28:33 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [+] is OK
etc.
Which setting is it (I had a look and didn’t see anything obvious) and I can play with it too, as there is no way I’m going to manually add all of these to the FSS Exclusions.
It still doesn’t account for why the Transient cache isn’t doing what is intended.
Ok,
I changed a lot initially, had to narrow it down to one…
David, (and others) do you have this checked:
avast → Real Time Shields → File System Shield → Expert Settings → Scan when opening → “Scan all files”
I found when this is checked, I see what you see.
Not sure what it implies at the moment, or why this happens.
I guess we still need more info from avast on what is really going on.
It’s unchecked here and I’ve no problems.
Its unchecked here and always has been as it is a default action and I know the impact that this could have on scanning.
God help my system if I had that enabled as it wouldn’t just be being repetitive on .exe, .dll, .js and a couple of other file types.
I examined the behavior on my XP system and I don’t see anything different from the way it acts on Win 7. There is no unusual FSS activity as far as I can see.
It was here, and I changed it to see. That setting caused the repetitve scanning that others saw, but I guess that is not the issue that others are seeing…
Ok then. I guess it was worth a look.
Yes, it would be nice if Vlk rejoined the party, having made a fleeting visit, suggested using ProcMon and left the building.
If only we knew what to monitor.
Yes, he was a bit vague. :-\
David,
Will you please attach a copy of your FileSystemShield.ini file? You will have to change it to text.
I would like to compare it to mine. I have attached mine if you would like to view it.
The only changes I have made is in the actions for all 3- virus, PUP, suspicious.
1.ask
2.move to chest
3.no action
I don’t have this issue of repetitive scans. Would comparing settings be useful?