This is my very first forum message (ever) and I hope I’m doing it right because I could sure use some help!

I’m a new Vista Home Premium user and I’ve been using Avast! for the past few months. I’m very happy with Avast! and thankfully, I haven’t run into any viruses, etc. so far. About an hour ago, I got a Threatfire alert stating that ASHSERV.EXE is logging keystrokes and it’s considered to be a potentially malicious program. This hasn’t happened before so naturally, I’m a bit concerned. Web searching hasn’t been able to uncover any information regarding this issue, so here I am…

Below is what the alert stated:

Risk: High
Name: avast! antivirus service - ASHSERV.EXE
Path: C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4
What happened: This program is logging keystrokes

I’m not sure whether to quarantine this process as it could be safe and I may be shooting myself in the foot protection-wise. Then again if it is some nasty “booger” in hiding, I don’t want to allow it to have it’s way with my machine (and personal information).

I’ve keep my machine as secure as possible via Avast!'s updates combined with daily scans, MS updates, and using trusted antispyware/malware programs. All scans have been clean whether performed in safe mode or not.

I merged the VRDB generator with the main Avast! icon a few weeks ago and it remained that way - until today. Since I’ve received the alert, the VRDB icon now appears then disappears again on the task bar every few seconds. A right click on the wildly spinning VRDB icon says I have the option to separate it from the main icon. Since Avast! already merged the 2 icons, why is the generator icon now popping up? Could my 'puter possibly be infected in spite of my efforts? What should I do (besides hang my head in shame)? :-[

I apologize for being long-winded, but I wanted to give as much information as possible. Any helpful advice will be appreciated and I offer my thanks in advance.

If you do quarantine it then avast is stuffed, assuming the avast self-defence module doesn’t block the attempt.

The ashServ.exe isn’t a key logger it is the main scanning engine of avast and it will be monitoring activity, when you click on a file, before that file opens it will be scanned by avast, if it is clean then it allows it to be run. It is not a key logger.

This is a screw-up, false positive by threatfire and should be reported to them as a false positive detection so it can be corrected. Ignore the alert.

Thank you, David!

You certainly put my mind at ease and I’ll report it to the TF folks right away.

You earned your “angel wings” and this, too :-*

Cheers!

Karen

He has a parachute too,just in case ;D

Since Avast! already merged the 2 icons, why is the generator icon now popping up?

ashServ monitors keystrokes and mouse movement to determine if the computer is idle. After 8 seconds VRDB will start generating when mouse is not moved (and keyboard not pressed). If you give any input to your PC within these 8 sec VRDB will NOT start generating.

No problem, glad I could help.

The other feedback should also put your mind at rest.

Welcome to the forums.

Hi guys!

I notified the folks at ThreatFire about the “boo-boo” and their reply follows:

[i]Thank you for contacting PC Tools, Karen,

Thank you for letting us know, this is no doubt a false positive. We will add this to a white list to make sure this stops happening!

Thank you,
Ethan Bennett
PC Tools Technical Support[/i]

You are all knights in shining armor!

Thanks again and have a great weekend,

Karen

Your welcome, nice to see a prompt response, that admits it is an FP, many dodge that little admission (it is a fact of life in security applications) ;D