Ashavast.exe - stalls as local user, causes multiple processes, runs CPU to 100%

I’ve recently installed Avast Home build 4.8.1169. It installed without a problem and seems to run fine with one exception: the Avast icon on the desktop which links to Ashavast.exe CANNOT be run as a local user. So I can’t access the program interface, although I can access everything else via the system tray.

If the desktop icon is clicked on multiple times, it will open multiple processes of Ashavast.exe in task manager. When I had three open, the CPU was at 100% without any apparent activity, other than this process being stalled.

As Ashavast.exe can be run as the administrator or via the “Run As” command, it appears to be an issue with permissions and not with the application itself. Just in case, I tried the Repair option in Add/Remove, but that made no difference. So while I can right click and scan a file by the context menu, I can’t schedule a scan without administrator permission?

Is this by design, a bug, a permission problem caused by using an optional skin, or something else?

ashAvast.exe needs admin rights, or elevation in Vista.
ashQuick.exe (the context menu scanning) doesn’t.
It’s not a but, it’s like it works.
Do you have Vista or XP?

Thanks for that quick reply. Sorry, forgot to mention this was installed under XP Pro SP2, although I understand that SP3 won’t be a problem.

I imagined that this might be by design, but could find no mention of it in the help file or through a quick google search. It’s possible that I added the desktop link to All Users and the program perhaps defaults only to administrator.

What confused me was why I’d have to be an administrator or use the "Run As’ command while a local user to schedule a scan? I wanted to have less knowledgeable members of my family run as local users, and it would still be nice to have them get into the habit of scheduling scans.

P.S. It would also be nice if this is by design, to NOT allow the process to even be opened. I got it up to 5 instances of ashavast.exe and I imagine that one could simply lock up a system by installing the icon on a local user profile that does not have permission to run it.

In Home version, there isn’t a schedule possible… Are you using Windows Scheduler for it and ashquick.exe?
Scheduling is only available in Pro version.

Sorry, by “schedule” I meant to schedule a boot scan, or to run a HDD scan on a habitual basis (not as a formally scheduled task).

I assume one could use the Quick Scan via right click context menu to scan the entire HDD but was not sure if that uses the pre-set default configurations (e.g. scan archives, use heuristics, etc.)

I’ll remove the Avast desktop icon from local user profiles because I don’t think it’s a good idea that it opens a process even though it can’t continue without Admin. permission. As I demonstrated, a naive user could easily click on it many times and open up several processes that lock up the CPU, which can’t be a good thing.

No, ashAvast does not need administrator privileges, and it can be run under restricted user, as far as I know.

Please try to generate the dump of the frozen process (as described e.g. here, just change the process name) and send it to our FTP.
Thanks.

Common users can’t schedule the boot time scanning. But also is not a thing for daily basis…
But I think they can run a scanning into Windows, can’t they?

It’s better to use the interface and run the scanning from there.
Although, ashQuick uses the deepest sensitivity, scanning archives.

Well, it seemed odd to me to have an AV that would prevent a local user from running a scan. I could understand why you wouldn’t want processes to be killed under a local user account (so malware couldn’t turn off AV functionality).

Is the hangrep.exe a standalone app or does it get installed/removed in Add/Remove programs? Can it be installed AND run under a local user account, since that is where the issue is occurring?

It’s just a standalone executable, and I don’t see a reason why it shouldn’t work (to dump executables the current user has started).

You may have to disable avast! self-defence feature from the Administrator account first (avast! settings / Troubleshooting page) - the process couldn’t be dumped without it, I guess.
Now, I hope that disabling the self-defense won’t “solve” the problem :wink:

Yes, it would be funny if that “solved” the problem. One never knows…

I checked the security settings on ahavast.exe and all users have permissions. I then thought I could probably find what DLLs are called and change the permissions on each of these to see which one might be the offending one requiring escalated permission. But messy fixes like that, particularly with an AV program, have the habit of causing unexpected, and usually undesirable, consequences.

Thanks for the suggestions. When I’m in the front of the other machine, I’ll run the suggested hang executable and see what it generates.

Sorry for the dealy. Now that I have had access to the friend’s machine I installed Avast on, I’ve created the dump file (ashAvast.exe.dmp) of the Ashavast process that stalls under a local user profile. I even deactivated all skins, but this too makes no difference.

However, following Vik’s procedures, I am unable to upload this to your FTP site via your website (I don’t use FTP) via drag and drop. Do you have an email or another way to upload this?

Thank you.

What browser are you using ?
With firefox the drag and drop doesn’t seem to work, but with IE or one of the IE clones the drag and drop does seem to work.

Good suggestion. I’ll try that right now.

No luck. Tying to drag and drop to your web link using both Firefox and IE 7 results in a dialog box to save the file rather than uploading it to your FTP server via the web.

Not my site I’m just an avast user like you.

Do you get something like this (my example IE6) when you paste the ftp link ftp://ftp.avast.com/incoming/ into IE7 address bar and click, see image ?

If so dragging the file from its location in windows explorer into the right pane, arrowed, in IE7 and it should upload automatically, you won’t be able to see it in the folder that it has been uploaded to as you don’t have permissions for that.

Using the command-line FTP from Windows is not that hard:

  1. start ftp.exe (e.g. from Start Menu / Run)

Now, type the following (excluding the numbers in the beginning of the lines, means Enter key):
2. lcd <local_directory_with_the_dump_file>
3. open ftp.avast.com
4. anonymous
5. guest
6. bi
7. ha
8. cd incoming
9. put <dump_file_name>
10. bye

Thank you. That worked fine. I just don’t use DOS commands often enough to remember any of them.

DavidR, thanks for the suggestion. However, using FTP via the weblink did NOT work for me with either Firefox or IE7. Both opened a “Do you want to save file” dialog when I attempted to drag and drop the file. As I also had to open up my firewall ruleset to allow each outgoing FTP connection, I imagine I would have been been prompted to open an FTP port if FTP via the weblink had worked.

Once the dmp file has been looked over, will something get posted here? I can always suggest that those whose machines I’ve installed Avast run scans as administrator, but I was trying to avoid that.

That is the idea and the reason for using a unique file name so it can be linked to the topic. Once you upload it successfully, post that fact in the topic and give the name of the uploaded dmp file.

Perhaps I missed it, but didn’t remember anyone indicating to use a unique file name for the dmp file or even to link it to this thread. That’s why I asked how the file would ever lead back here. :wink: I’m only trying to help out a friend whose machines I installed Avast on, and it’s easier if the procedures to be followed are spelled out.

The file has now been uploaded again, this time with the filename blue2_Ashavast.exe.dmp.

And again, I appreciate any help that can be provided on why the scan engine won’t run using local user privileges under XP Pro SP2.

Perhaps you should test the latest 4.8.1195 version.