Hi, I’m new to Avast, I have been using AVG for virus scanning for a while but started reading on some forums that AVG could miss some viruses and was generally nicer. And what do you know, as soon as I uninstalled AVG and installed Avast it found a virus. However as soon as it did that (this was during the memory scan) it disappeared and brought up the screen saying that an error had occured and that I could send a message to support (I have done but thought I might get a response here).
If I skip the memory check I can start the normal scan but again when it finds a virus on the hard drive it says an error has occured and brings up the message screen. I did manage to find out one virus file that it was refering to and delete it but obviously there must still be others on my system. I’ve tried repairing it but not totally uninstalling it yet. System is Win 98 Second Edition 4.10.2222 A with Internet Explorer 6. Can’t think of anything else that might be of help, it’s such a pain that it exits with pretty much no notification of what happened so I can’t really provide you with more details.
If you can, it would be helpful to give the exact error message (word for word) you are getting. This way, you can get better help. You did good by including your OS.
Yes, it happens every time, during the memory scan it says ‘Memory is infected’ in the bottom left corner. The program disappears and you get the loading mouse cursor for a second then this window pops up:
EDIT: If I stop the memory scan and go straight into a disk scan it at least gives me a normal illegal operation window as well as the above contact one. Here’s the code it gives:
Hmm, may be a problem with the skinning library. Did avast! ever successfully display a skinned window (either the program interface, or in the Explorer Extension, for example)?
If I skip the memory scan then it comes up with a window, says avast! Simple User Interface in the taskbar if that’s what you mean. I can go into the menu and change skins etc. with no problems. I don’t know what you mean by the explorer extension exactly.
If you right click a file into Windows Explorer you will see an icon for avast.
It will run ashQuick.exe application which is under your avast folder.
That is the ‘Explorer Extension’
Ah right, yeah I’ve done that and it also works but just disappears when it finds a virus. By some sleuthing and watching when the program crashes I’ve worked out that I have a file called PICSGORE.DLL in my Windows/System folder which is a virus. I can’t delete it though as it says windows is using it.
If you boot up into safe mode can you run a scan then? Is there anything unusual in your startup file or in your startup registry key? Good chance the name of the file you found is random; I can’t find anything that links picsgore.dll to a virus name, (perhaps someone from avast! can help there…) did you find any clues that might have given you an idea of the actual virus name?
I cant find any info on that .dll file.Wahts it say when you right click it and click properties?.Also if you are sure its malware can you rename it to.txt to stop it running in normal or safe mode?Also its sometimes wise to have an on demand scanner as well as your resident avast.Try escan free from here http://www.mwti.net/antivirus/free_utilities.asp
It uses kaspersky engine.Extract to a folder and use the mwavscan.com to scan and the kavupd.exe to update the virus defenitions.Its handy as a backup to avast , and is not a resident scanner.
me
At boot time, this should not happen, can you schedule it?
You can disable the memory test (section [UserInterface] value SplashTestMemory=0 and got access to the program in order to schedule it…
Thanks for all the advice everyone, sadly I haven’t made any progress though.
Booted into safe mode, the same crashes occur when scanning with avast. My Startup folder has nothing other than Shockwave init and I’m not quite sure what registry entry is for startup but I seached the whole thing and found nothing abnormal. I’ve tried the avast cleaner but it hasn’t found anything, though it did say a couple of dat files couldn’t be scanned, there is also a picsgore.dat which I can delete but comes back when you restart.
I’ve also tried the kaspersky based one but that also didn’t find anything other than a few registry entries it thought were wrong, I think from previous viruses. There is nothing special in the properties for picsgore.dll btw.
I get the feeling that this may need to be sorted at boot time but the schedule boottime scan option in avast is greyed out, is this something only in the professional edition? If so is there anything simple but effective I could get for scanning at boot time, an exe I can just add at the top of autoexec.bat or something? I mean I could start up and go to the command line so windows is never in the equation but maybe deleting picsgore.dll will not get everything and it’ll keep re-appearing just like the dat file.
I think the problem is not on avast, not only, we need to solve other thing that is crashing the computer
I was talking about avast4.ini file and not the Windows Registry. Did I misunderstand you?
I’ve never heard about that file but could be normal that dat files are blocked by the system and cannot be scanned by avast :
Do you mean on-line scanning I suppose? ??? Do you install Kaspersky?
Boot time scanning is a Windows 2k/XP feature. Home and Professional version of avast have it, it’s an OS problem not avast. You can’t make an autoexec.bat or link for it. You can edit the Windows Registry but I’m afraid this won’t be the best moment for that. If you want, I can guide you…
About memory scanning, you can try:
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*MEMORY”
The *MEMORY parameter causes avast! to scan the operating memory of the computer: the true virtual memory.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STRT-MEM-SHORT”
The *STRT-MEM-SHORT scans (besides the startup items) the modules loaded in memory: the corresponding files, not the real memory.
While the *MEMORY parameter may catch unknown (packed) variants of viruses that may not be detected on disk (they can be found since the packed file is already unpacked to memory), it may also fail to detect the viruses for which only a packed variant exists (and the VPS does not contain a signature for the unpacked code). Generally, avast! virus database is optimized (and checked) for the file detection - the memory scan is rather a special additional feature.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STARTUP”
The *STARTUP parameter will scan all startup user accounts items.
“C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*STARTUP-SHORT”
The *STARTUP parameter will scan the current user startup items.
So, if you want a real thorough check of the memory/ startup, I’d rather recommend using both the parameters *STRT-MEM-SHORT and *MEMORY together (or, *MEMORY, *MEMORY-SHORT and *STARTUP for all the user accounts).
Like this: “C:\Program Files\Alwil Software\Avast\ashQuick.exe” “*MEMORY” “*STRT-MEM-SHORT” “*STARTUP” “*STARTUP-SHORT”
Tried a few more things and they didn’t work so I went for the brute force, boot into dos and delete the offending files option. I also searched the windows registry and removed any references to picsgore (there were about 5 little odd ones). I’ve just performed a full scan with avast and there were no crashes and no viruses ;D
Only weird thing is that the skin for avast has changed itself from the blue one to something very ‘standard’ looking. Maybe this links back to what was said right at the start about it being a skinning problem, who knows.
Thanks again all, I will be continuing to use avast! ;D