Avast 5 Can't Access the Server to Update Virus File

I am cleaning a computer for a friend. It was riddled with viruses and threats. I have managed to rid it of three major viruses and over 570 threat objects.

It had remnants of three other virus checkers that had been previously installed. I used the individual uninstall programs since none of them appeared in the install list. Windows security still thought that several virus programs were resident. I found how to eliminate that problem on the Internet.

I have installed Avast 5 free. Windows security agrees that Avast is the only virus checker in the system. I have run a full scan and found one virus that I eliminated.

I have not installed a firewall, yet, since I am going through a router. However, Avast says that it cannot connect to the Avast server to update the virus files even though I can download Avast, install and register it. My own computers that access the Internet through the same router have no difficulty updating Avast virus files.

I have run Stinger, Malwarebytes Anti-malware again, and find nothing. Spybot, and Lavasoft find nothing, either.

I have also discovered that I cannot install Zone Alarm. It crashes when I run the installer.

The computer is a Dell Dimension B110 run Windows XP, SP3.

What may be the problem?


While reading other posts, I saw that Spybot could cause problems with Avast. I uninstalled Spybot and Avast now can access its server to update.


Zone Alarm would crash when I tried to install it, so I uninstalled Avast to see if it was contributing to the problem. It was not. When I reinstalled Avast, it could no longer access the server to update the virus files.

I have solved the Zone Alarm problem by discovering that there were remnants of an earlier version that was installed in 2005 and later uninstalled. The Zone Alarm forum gave instructions to manually delete the remnants in the System32 folder and the registery.

Try: Direct Connection (No Proxy)

I have not installed a firewall, yet, since I am going through a router
Router and firewall are two entirely different things, although many routers have a build in firewall nowadays.

Please post a HijackThis log file here and let me have a look to see it tells us something.

Here is the Hijack This log after I successfully installed Zone Alarm.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:38 PM, on 2/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Mouse 4.0\mouse32a.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM..\Run: [lxdxmon.exe] “C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe”
O4 - HKLM..\Run: [lxdxamon] “C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe”
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Mouse 4.0\mouse32a.exe
O4 - HKLM..\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM..\Run: [Bing Bar] “C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe”
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 - HKCU..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18..\Run: [icikxhdj] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mgegckryb\vfdxabdtssd.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [icikxhdj] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mgegckryb\vfdxabdtssd.exe (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 9354 bytes

I have read some where before that zone alarm does not work well with avast, McAfee spam killer might also be an issue and there is numerus toolbars shown in the logs also which i would delet.

Just to clarify a bit, I know the OP has fixed this problem.

It’s not really Spybot that causes this problem, it’s the Teatimer module that protects access to the registry. If you wanted to, you could leave spybot installed (even though it’s pretty useless nowadays).

Another place to check other than the “Direct Connection” setting in avast is to make sure that the Internet Options settings don’t have a proxy set. A lot of malwares setup a proxy to route all web traffic through it. Removing the proxy allows the internet to work properly again in most cases (after you remove the malware with MBAM or similar of course).

I went to Settings, Updates, and Proxy Settings. It was set for auto to use the IE settings. I changed it to Direct connection and now it is downloading the updates.

Thank you. Now I can get rid of this computer and do something else.

You’re welcome…!
asyn

u can also use the offline update file if proxy doesnt work
http://www.avast.com/download-update
… while updating avast for the first time, this would be faster than server update

No, it wouldn’t…!
asyn

ystrday i reinstalled avast! 5.0.677 and had to dwnld 2 months updates… server update dwnlded at 60kbps (doesnt fully use up available bandwidth) while offline update file, dwnlded thru idm made full use of available bandwidth @ 250kbps

Well, if you install an old version…
That’s something completely different, as the old installer hasn’t got the latest definitions.
asyn