I’d had a problem with Avast Home Edition balking at any updates, and then wanting to download full, not incremental, updates. But after posting about it here, the generous folk of the forum helped me get that pretty much fixed.

One leftover element persists, though: Avast still will not automatically update. After multiple re-installations, the antivirus will not seek an initial update with the Avast servers. The program setting for VPS (not program) updates has been left at the “automatic” default, but it will only do so manually.

Jiri Forejt of Alwil had e-mailed me about his seeing, in the setup.log files I’d sent, that a re-installation didn’t result in an automatic attempt to update. I gladly did another re-install, set some files aside, and sent further logs — all at his request, though after a few days’ personal delay.

Avast has been behaving normally in all other ways, including making only (manual) incremental VPS updates to v4.8.1351, 17 Aug 2009. (The program was updated, as of this morning, to the new v4.8.1356.)

I responded to Jiri that it still wasn’t updating the VPS automatically. Unfortunately, he hasn’t yet answered my e-mails, and another week had passed, so I thought I should bring the problem back here.

I’m using Windows XP SP3, 1.5 GB RAM, 320 MB HD, 2.0 mbps DSL. Comodo Firewall Pro v3.0.25.378 is letting all Avast traffic proceed normally.

Into avast logs (use avast Log Viewer) in Warning/Notice sections, isn’t there any info about automatic updates?
Try to open avast settings - Update (Connections), press Proxy button, and select Direct connection, press OK to confirm. Then wait for an automatic update (by the way, which is the time interval you’ve set between automatic updates?).

All that’s noted in Warning is a single failure to update after the reinstallation I made on 17 September, and in Notice, the generation of VRDB.

Try to open avast settings - Update (Connections), press Proxy button, and select Direct connection, press OK to confirm.

Done - it had been "Auto detect (use Internet Explorer settings)". On the Update (Connections) main screen, [i]neither selection[/i] had been made; I just now chose "My computer is permanently connected to the Internet" (since I use DSL).

Then wait for an automatic update (by the way, which is the time interval you've set between automatic updates?).

The auto-update interval is the default, 240 minutes. And now, it's updated itself automatically, after about 10 minutes.

Problem is apparently solved, although — in the sense of providing notes for any Alwil folk reading this, as to glitches — I wonder:

~ Why the selection on the Update (Connections) main screen had been undone, as I’d checked the “permanently connected” choice many months ago. (It allows for checking both choices. Methinks a radio button is in order, as few have both a dial-up and a “permanent” connection.)

~ Why the “auto detect” apparently became inoperative on its own, as I made no changes to my Net connection settings.

In any event, having it set up to connect directly apparently works, and I thank you once again for your help.

That setting is just to accelerate the way avast discovers a connection and update. You can check both, you can check none, avast will detect the connection anyway. But I agree with you that a radio button will be more intelligent.

Differences between auto-detect proxy and direct connection are the use of two different download engines - wininet.dll (used by IE, it’s the auto-detect setting) or winsock (direct connection).
Usually direct connection (winsock) helps for users with ADSL connection where the wininet engine fails.
Also, some malware can install as wininet proxy and when it detects connection to their servers, the downloaded stream returns just a file filled with zeros instead of real data. Setting direct connection bypasses this too. So, it’s good to check if your computer is virus clean right now.

Thanks for these additional notes and leads.

I don’t know if this matters, but I never use IE (still the MS-patched v6). When I have a choice, that is, as I don’t with MS Windows Update. I use only Firefox v3.0.14. Apparently Avast uses components of IE in a passive way.

Usually direct connection (winsock) helps for users with ADSL connection where the wininet engine fails.

According to the 17 September install log, the wininet engine repeatedly failed in getting updates. Would it have switched to using winsock without my making that setting explicitly?

Also, some malware can install as wininet proxy and when it detects connection to their servers, the downloaded stream returns just a file filled with zeros instead of real data. Setting direct connection bypasses this too. So, it's good to check if your computer is virus clean right now.

Apparently it is clean, as I just did a standard scan on the two partitions affected, C: (system partition) and D: (data, including browser and e-mail caches).

I opened the Virus Chest, however, out of curiosity. Normally I empty this as soon as possible after the rare occasion of dealing with an infection. But now, it wasn’t empty.

I found three WinXP system files in it that I never recalled as being flagged as infected, all from \windows\system32: kernel32.dll, winsock.dll, and wsock32.dll. They had been transferred to the Chest immediately after the last (re)installation of Avast, on 17 September, and just before any attempts at VPS updates. They weren’t noted in the setup log — I’m going by the times stamped on them in the Chest.

The Chest display doesn’t note any virus as being associated with these three, all stored under “System Files,” and NOT “Infected Files.” They have, of course, long ago been automatically replaced by WinXP, using the copies in \system32\dllcache (for kernel32.dll and winsock.dll) and the Service Pack 3 file archive (wsock32.dll).

Should I e-mail these three Chest files to Alwil? Can you identify or recall any reason why these would have been transferred, without any identified infection? Is that transfer related to malware behavior?

… As to the last question, I’m sure the answer is “yes, at least potentially” — although I do believe my system has been clean. I take great precautions as to not opening attachments or suspect Websites. Only an occasional Trojan has been identified by Avast, on an occasional Webpage, during the past year.

Is IE set to work in offline mode?

If it is then set it on:

1. With IE open, click Tools - Internet Options, and click the Connections tab.

• Make sure it says “never dial a connection”
• Click Apply, then OK.

2. With IE still open, Click FILE and check that “WORK OFFLINE” does NOT have a checkmark next to it. If it does, just left click it once.

Remove Automaticaly detect settings in Connections then LAN settings.

No. The problem is that Windows ships IE inside of the operational system. Because of this, I suggest you upgrade to v8 of IE.

They’re there for backup purposes as it is on help files. They’re clean.

Thanks for the response.

Well, it has the apparently default “Never dial a connection” selected, but it’s grayed out, as I currently have no dial-up connection or VPN configured. I only have a LAN (Ethernet motherboard port connected to DSL) configured. Does such a grayed-out “phantom” choice have any effect on actual connections?

2. With IE still open, click FILE and check that "Work Offline" does NOT have a checkmark next to it. If it does, just left click it once.

It's not checked, and it has never been set up to "Work Offline."

[3. In "LAN Settings,"] remove "Automatically detect settings".

That had already been unchecked.

The net effect is that nothing has been changed in IE 6 from what it was. Should I expect anything different in regard to Avast updates from this? (It won’t affect general Web use, as, again, I only use Firefox, not IE — except at Windows Update.) I fear that I’m missing the point of what you’ve asked me to do here.

Thanks for the response.

Well, it’s been hard to avoid knowing that IE is part of the OS, which is Microsoft’s single biggest security blunder, and the source of huge headaches for all of us.

I appreciate the suggestion, but I’m sticking with Firefox. I’m not going to burden this XP SP3 system by adding on IE v8. At least not until I can no longer use v6 to reach the one site for which I have to use IE, Microsoft’s own Windows Update site. Or when MS stops patching v6 for WinXP, which won’t be any time soon.

You said that three system files were copied to the Virus Chest

[...] for backup purposes as it is on help files. They're clean.

That's a relief to know, but I then wonder why this isn't noted during the installation, to avoid needless fears on the user's part. I just now found this mentioned in the Avast help file, but it's well-buried.

I was going on a hunch as Malwarebytes’ Anti-Malware (MBAM) users are complaining about automatic updates not working and that was one of the cures provided in their forum.

1. being grayed out is OK.

As Tech says that IE is so integrated with Windows it would be a good idea to update at least to IE7 as IE6 is a quite down level to be running on XP.

Even Windows Explorer uses IE to display information.

perhaps a relevant link to that thread in mbam, YoKenny? Save my search for it. Otherwise I go look myself.

I had a few problems with download mbam updates a week or so ago when setting up XP systems, but all seems ok now. Still wouldn’t mind read through when I have spare time.

These are ones I remember:
http://www.malwarebytes.org/forums/index.php?showtopic=24605
9. ISSUE: I’m unable to update Malwarebytes’ Anti-Malware it either does nothing or I get an error 732
http://www.malwarebytes.org/forums/index.php?showtopic=10138

Thanks. appreciate response

Edit - I seem to have good connectivity with mbam now. I’ve joined the forum anyway and I put a follow on their twitter account since they only post out important info - so they wont flood out my twitter inbox.