'An untrusted program is trying to disable Avast' - How to tell what program?

::TOPIC EDITED : Is more… specific of my question::

I was using FPS Creator* when SUDDENLY Avast warned me “An untrusted program is trying to disable avast” in a blue window, then disappeared and then FPS Creator had an error and had to close.
I’ve been using FPS Creator for years and I haven’t updated it in many months so, that means I’ve been using the same version for many months thats never had this problem before.
Also, the other day, I was using the computer (can’t remember what I was doing) and then I left it for a few minutes, when I came back, I noticed Avast mysteriously has a red X on its icon in the Taskbar and so, naturally, I clicked on the icon to see what was wrong and it said Avast was disabled!! I would NEVER disable Avast and just leave it there!
[b]Is there a way I can find out exactly what program was trying to disable Avast?[/b] Because it might not have been FPS Creator that caused this message, it could’ve been a coincidence or an effect of a malware/viruses action.

I am currently doing a full scan with Malwarebytes, then I will do one with Avast & SUPERAntiSpyware, which will take a few hours, but I will post the scan results when done.

Thanks

Windows Vista 32-bit, Avast Free V8.0.1497, MBAM Free, SAS Free.

*FPS Creator is, obviously, a First Person Shoot game creator made by The Game Creators. I have been using it for many years without any problems with Avast with it…

Monitoring

Okay scans are done . . .

Malwarebytes - Full Scan = No malicious items found

SUPERAntiSpyware - Full Scan = Just 2 tracking cookies, I think from google, but I always get that.

Avast - Full Scan = Just some (Okay… ALOT) password protector files and a false positive with SUPERAntiSpyware I get everytime. (Because its actually not the default ‘Full Scan’ scan, its my Scan EVERYTHING scan… :wink: As you can imagine, I’ve selected every single option for scanning, plus the highest sensitivity and all those settings. So it scans memory, which I heard causes some false positives or strange results or SOMETHING I cant remember!!! But its my custom Scan EVERYTHING scan! Anyway I just ignore that false positive since its a memory block and I can’t really exclude it…)

Also, may I ask, essexboy, and excuse my stupidity, but what do you mean by ‘monitoring’? Monitoring for what exactly? My… scan results? :confused: Again sorry…

Nope, just to let you know there is someone waiting if you need further assistance. Has Avast reported the attempted shutdown again ?

No, not yet, I will continue to use FPS Creator and avast! and let you know if it happens again.

But, is there a way to tell what program was trying to disable avast? Does password protecting avast help?

Yes, by password protecting, you’d need to enter a password to disable Avast. Bearing in mind, that the default is set to no anyways.

Okay it happened to me again! But I wasn’t using FPS Creator so I don’t think it was that…
I payed attention and it said taskmgr.exe was trying to turn off Avast! I did have task manager open but I didn’t try to shutdown avast! I only just turned on this computer 11 minutes ago and the only thing I did different was open up Catalyst Control Center to see what the heck it was (Its always been there but I’ve never opened it, I think its got something to do with my graphics card. I just never knew exactly what it does).

Also, in task manager at around the same time taskmgr.exe tried to disable avast, there were a couple of msiexec.exe in task manager and I think Windows was trying to install an update: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941). My computer has been having trouble installing it, giving me errors or getting stuck half way and makes my computer completely unresponsive.

Why would taskmgr.exe be trying to disable Avast… on its own?

For the sake of it… could you upload the file to:

http://virustotal.com and post the results

I scanned taskmgr.exe with virustotal and none of the antiviruses detected it as a threat.

So that means it’s not an infected version of taskmgr (or a modified one),

This is odd…

You mentioned your windows updates updates not working correctly but even if that were to be the case, it wouldn’t disable avast!.

Could you check in device manager if any avast! drivers have a yellow triangle… you may need to go to view>show hidden devices and look at non-plug and play drivers

Could you check in Task Scheduler (should be in Administrative Tools in XP) if there is anything related to avast! OTHER than avast! emergency update?

I checked and I dont see a yellow triangle on anything in device manager…

I checked in Task Scheduler, all I could find that looked like it was related to avast! was the emergency updates, I showed hidden tasks aswell.

Also, Windows Update does update correctly, but its just this one update that constantly has errors or freezes.
Heres what it says in event viewer about the update attempt it tried today:

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 28/12/2013 8:55:12 AM
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: User-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
Event Xml:



20
0
2
1
13
0x8000000000000028

247595


System
User-PC



0x80070643
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941)
{343E12E8-8772-4A72-9982-570122E959DB}
203

I also had problems with that .net 1.1 on my mothers xp laptop. I went ahead and just uninstalled the program and hid the update.

This might help http://support.microsoft.com/kb/976982

Thanks, I’ll try the fixes later.
The thing that mainly concerns me is taskmgr.exe was trying to disable avast!.
Would it say that taskmgr.exe was trying to disable avast! if I were to end the process through task manager?(Though thats not what I did)

You might open an elevated CMD window and type the command:

SFC /VERIFYONLY

This runs the Windows System File Checker to see if all files under system protection are as expected.

If this returns any errors, that could indicate that malware (or something) has modified your Windows system files. There is a similar command to correct errors. The one listed above just checks; it doesn’t attempt any restorative activity.

-Noel

Okay I ran the system file check and it found integrity violations.
The log is veery long and wont let me post… Do I attach it or do I run a different scan to fix it or…?

Well, if you trust Microsoft’s own repair tool to actually repair your OS, the command to do it is:

SFC /SCANNOW

Hopefully it will tell you all problems were fixed, then you should reboot.

Do you have your critical data backed up? I’d suggest backing things up.

-Noel

Thank you for your help so far… I appreciate it. But I have a stupid question…

Im not really sure how to back up… Like I have this hard drive thing I think its for backing up stuff onto it or something… ‘_’
Um like can I backup files onto a disc or a USB flashdrive or a hard drive or where do I put the data?

Also, what can cause integrity violations? Is it limited to malware…?

One way is simply to copy files to a backup drive - for example an external USB drive (I use Western Digital MyBooks).

The intent is that you’re protecting your valuable data from the possibility of loss, though that possibility may be small.

It pays to take some time to understand your backup system and what you’ll need to do to restore files, since when you need it it’s never convenient, and you’ll be without your computer system with which you could have done the research.

-Noel

Heh, sorry if this is a little late, but I have not forgotten about this topic.
I have backed up 98% of my files and I was going to do the SFC scannow command but I have a question, do I need a Windows Vista installation disc or something like that? because I don’t have one, the computer came with Vista already installed… I think.