It would be most appreciated if the Avast technical team could provide some brief explanations to a few unanswered questions to get a little closer to resolving this issue:
– What does the Ashavast executable require to run?
– When the process is stalled, I have to kill Active Skin Helper to shut down. Is this an outcome of the stalled process or the problem?
– When I check the security settings of the actual Avast.exe file, it indicates Read as well as Read and Execute for ALL USERS. Is that correct and is there any other file whose privileges I should be checking?
– Why would all functions from the System Tray run except for the Avast function that lanches Ashavast.exe?
– Are there any known conflicts with other applications? (e.g. Spybot Search & Destroy (with Teatimer disabled), SpywareBlaster, Kerio 2.15, etc.)
– While Ashavast.exe seems to keep CPU at 100% (a straight green line), the Kernel process (red line) is high, but not at 100%. It seems to increase and decrease cyclically. Does that suggest anything?
Any insights that could be provided would be helpful. As previously indicated, since others report different issues with a similar symptom (100% CPU usage), is this related to an errant module or setting? Thank you.
What I was asking is if the Ashavast.exe executable requires specific DLLS to run different than other Avast executables, and which may require elevated priviledges to run. For example, one CANNOT run ImgBurn as a limited user, because you receive the error “‘You need Administrative privileges to use SPTI’”. Then there is a workaround to change the privileges on SPTI if necessary.
By try to “run” ashQuick.exe “*STRT-MEM-SHORT” - does it work/finish?" do you mean type that line as written at the run command or something else?
What is this “Active Skin Helper” process that has to be shut down to close the Ashavast process in order to reboot when the machine is stalled? I don’t find anything with this name on my system and a google search reveals only three occurences of this phrase, with mine being the only one spelled exactly this way. So is this an underlying process of Ashavast.exe because I’d like to understand where this comes from if I have to shut it down manually?
Yes, you’ve got it. You need to open a cmd window and go (browse) to the avast folder and run the command from there. Or run:
“path of the ashquick file\ashquick.exe” “*STRT-MEM-SHORT”
No, there’s nothing special about Ashavast.exe (at least I’m not aware of anything); it uses the same DLLs as other avast! executables.
Yes.
Honestly, I have no idea what it is - it’s not avast!'s own process.
ActiveSkin is the 3rd party skinning library used by avast! GUI. It is possible that it needs to spawn a special process sometimes to do something… but I must say I’ve never heard of it (it’s not running under normal circumstances - at least not for longer periods) - so I don’t have any more info on that.
When I try to “run” ashQuick.exe “*STRT-MEM-SHORT” from a limited user profile, it opens two pop up windows but indicates 0 files scanned. It does NOT show any progress in running the memory test as it normally does when it is run as an administrator. So it does NOT seem to run.
I previously provided a screenshot showing that the kernel times are high, but not at 100%.
Well, it’s done, but not without creating its own issues (as I had suspected it would). I followed the procedure exactly as described, though your procedures ought to clearly mention, as is customary, to back up the registry before making ANY such modifications.
I saved the original registry key, then created the new DWord value, blue screened the machine and created the memory dump. I then rebooted, replaced the key with the original one and rebooted. And the Logon screen appeared but the trackpoint was frozen. I tried safe mode with command prompt but that too left me without any functionality. So I had no way to get back to the registry.
In the end, I booted from a clone of the drive from a week ago, and copied all the user files as well as the memory dump on the “stuck drive” to the clone. Then I re-cloned back to the original drive.
NOT exactly what I’d call fun, nor the kind of additional troubles I’d like to create when trying to analyze why a program isn’t working properly. I will now upload the dump file with the name blue2memory.dmp, but I sure hope that after all this trouble, it was worth it and shows something of value.
Yes, thanks, but I’ll try it once again to be sure: disabling it, rebooting under administrator, then switching to limited user profile and testing it again. (I’ve had a few instances where changes didn’t take if the reboot wasn’t done to the Admin profile first).
As you see, the dump was 650 MB, and I needed to find a 2 1/2 hour window to ftp this to you!
Just tried it again, with self defense, memory scan and rootkit scan all turned off. It made no difference. The Ashavast.exe still stalls as a limited user every time.
Blue2, sorry the thread is long now, but do you use a firewall? Which one? Do you have any other antivirus installed in your system? Did you have in the past? Any other security programs that could interfere?
The machine had KAV on it at one time, but it was removed, followed by the KAV removal tool, followed by CC Cleaner (to remove any traces that might have remained).
I would doubt the issue is caused by a previous AV install, since it works fine as Administrator, works for quick scans as a limited user, but stall as a limited user if the Ashavast.exe process is started. If, of course, I use “Run as” and run Ashavast.exe with administrator privileges while a limited user, it runs fine. That is what lead me to think that this is a permission related issue of some kind, and one would want to know what is requiring elevated permission before it runs correctly.
Yes, I realize that CC Cleaner is not very aggressive as a registry cleaner, but removal of KAV, followed by their removal tool, followed by CC Cleaner should remove it. And if it did not, I don’t think it would just affect limited users but all profiles.
I have not touched user access rights and I also installed Avast in its default location. I tried removing it, using the Avast cleaning tool, and then manually installing the newer 4.8.1195 build, but that also did nothing.
So I hope the 650MB memory dump provides some clues…
“I tried removing it, using the Avast cleaning tool” are two separate steps indicated by the “,” in between them. To spell it out further:
I removed it via Add/Remove. Rebooted.
Then used the Avast cleaning tool. Rebooted.
Then deleted the program folder. Then used CC Cleaner to remove any traces found.
Then installed the newer build. Rebooted.
And nothing changed.
After trying to fix this with two Avast builds, what makes you think the third build will do the trick?
I would have thought that there was a point to creating the 650MB dump file, modifying the registry, crashing the computer, creating several hours of work to re-install the computer back to where it was, and tying up the computer for 2 1/2 hours ftping the dump file. If the answer would be as simple as to install the latest build, I surely would have started there!
Perhaps the new build will create other problems, which is why I don’t like “testing” products, but don’t install them until I know that they are stable and reliable.
Also, check the folder \data\log
Are there any files called unpXXXX there (where XXXX is a random number)?
If so, send them to vlk (at) avast.com
They may contain more information about the problem (maybe a link to this thread).
Haphazardly trying newer Avast builds in the hopes that one of them will solve a problem that the new build isn’t designed to address is not worth the trouble or risks it may create. Plenty of newer builds bring with them newer problems. I’ve seen this with NAV, I’ve seen this with KAV, I’ve seen this with MS, and I don’t think it would be any different with Avast.
I already followed the precise instructions to the letter to create the dump file. It caused me several hours of work after the registry modification prevented the machine from rebooting. That is why I hesitated to do it in the first place.
I will check to see if there are any log files, but again I would hope that the 650MB dump file provides the answer.
there’s no need for new dump files, I was just asking if the problem is solved by disabling the self defense or not.
please try the following: log on using the non-admin account that has the problem, disable avast self defense, run Regedit, navigate to HKEY_CURRENT_USER\Software\ALWIL Software\Avast\4.0 and create a new string value called “CurrentSkin” (without the quotation marks). Make the value data “silver panel.asws” (again, without the quotation marks). Re-enable the self defense module, and see if it resolves the problem.
Since I can’t get into Avast settings from limited user, I had to sign on as Admin to disable self-defense.
Then signed off and signed on as local user to change the Avast\4.0 key you indicated. And it gave me an “Error Opening Key” message. I can navigate to the “Avast” level of that branch, but NOT to “4.0”.
Just in case, I rebooted and tried it again, but no luck.
So, does this suggest some type of privilege issue?