Avast screensaver detects AntiVir as Virus/Worm

Avast! v4.6 Home (fully updated) on WinXP Pro SP1 (fully updated except SP2, of course).

Using only the screensaver scanner of Avast!, scanning halts when process XXXX (exact PID changes with each new Windows session) is detected as the Virus/Worm Suela-1042.

Using Windows Task Manager identifies this running process as AVGUARD.EXE (AntiVir on-access scanner).
The file/process is legit as certified by numerous other products and even by the Avast! main on-demand and shell-extension scanners!

Bear in mind that Avast! is currently being used only in screensaver mode while AntiVir is being used only in on-access mode, so to my thinking they ought to be able to co-exist.

Since this is a running process being detected rather than a file on disk, apparently no action can be taken on it. It cannot be excluded from scanning and no actions are available after detection except the “OK” button which then shuts the Avast! virus alert dialog box and returns to the Windows desktop. Since scanning cannot continue, this makes the screensaver scanner essentially useless right now. This situation has only developed after a recent update of Avast! and/or AntiVir. The exact information given (in both the on-screen alert dialog and subsequent alert email is as follows:

avast! [COMPUTERNAME]: File “Process 1220, memory block 0x00E00000, block size 1572864” is infected by “Suela-1042” virus.
“Screen saver” task used
Version of current VPS file is 0518-5, 05/08/2005

While I AM a self-proclaimed computer security expert, I AM NOT an expert on Avast!, particularly the screensaver scanner mode. I have carefully checked all configurations and see no way for the end user to circumvent this situation.

The only solution that I can forsee is a correction to Avast!'s virus definition database so that it does not recognize the running process “AVGUARD.EXE” as malware.

If anyone has any other suggestions, I will eagerly eat some humble pie and try them out. Otherwise I hope that the authors of this fine program will make the necessary database correction.

Sincerely,

tgeer

p.s. Here is the complete version info for the AntiVir program that is being detected:

Build: 1035, 03/16/2005
Main Program: 6.30.00.17, 03/07/2005
AntiVir Guard Service: 6.30.00.06, 02/28/2005 (This appears to be the process being detected)
Control Program: 6.30.00.01, 02/17/2005
Search Engine: 6.30.00.12, 05/05/2005
AVREP.DLL: 6.30.00.160, 05/07/2005
Virus Definition File: 6.30.00.161, 05/07/2005

I have also avast pro and antivir installed on my computer and i didn’t notice any problem even when running avast screensaver. ???

But I don’t activate avguard ! which may cause troubles with ashserv…

It’s very dangerous to use two AV programs simultaniously! Chose one - it’s my recommendation! You may have more problems in the future, as no one recommends use two AV’s, even expersts. For this purpose is online scaners. Just decide, which av you like more, and leave it on your pc. and I hope so you’ll make a right choise! ;D

Thanks, Ylap,

I am aware of the possible conflicts associated with running two AVs simultaneously.
As stated in my original post, Avast! is ONLY used in its screensaver mode, not in full-time on-access mode.
Conversely AntiVir is used ONLY in on-access mode as it lacks a screensaver mode (at least my free version does). While this might be construed as two simultaneous AVs running, that’s debateable in my mind at least. I really love having AntiVir scan everything on-access and having Avast! as a backup in screensaver mode so I get at least two good scans per day with different scanning engines and virus databases - all with little-to-no intervention on my part. Bear in mind also that this problem only surfaced after a very recent AV update so it doesn’t seem to be an intrinsic problem with the program itself, just a VDF issue.

BTW: I have found a temporary and not very acceptable workaround until the problem can be resolved in a more definitive manner. I have configured Avast! screensaver to not scan ANY running processes before beginning it disk file scan.

Many thanks to yours and the preceding suggestions and I still welcome any and all future comments and suggestions. Do the program authors read this forum? Can I reasonably expect a reply from them?

Be safe,

tgeer

If you want to fell more secure - try to look here http://www.ewido.net/en/ I don’t know, maybe you have this program, but it’s free, and think not very bad program for searching other threats (not viruses) on your PC. And it’s compatible with any AV. 8)