Can somebody please help me with this problem? I have a big problem with avast.setup which uses 60 - 70% of the CPU and uses (which I can see in the task manager) around 100,000 KB memory. The computer frequently blocks when this starts.
I have un-installed and re-installed several times. I have searched the forums here and found this: http://forum.avast.com/index.php?topic=60528.0
I have followed the info by Tech in the second post but didn’t work.
I have found this: http://forum.avast.com/index.php?action=printpage;topic=33145.0
I have searched the Avast files for the file mentioned but couldn’t find it.
However, this problem is every time AVAST tries to update.
Any suggestions apart from un-installing again?
Thanks in advance.
Any other security program? Specially, any other firewall?
Please, upload (attach) the avast log:
C:\ProgramData\AVAST Software\Avast\log\Setup.log
or C:\Program Files\Alwil Software\Avast5\Setup\setup.log
If the file is too big for the forum, post the last 400-500 lines of it.
the cpu and the memory of the computer are really low, especially the memory.
you should consider to add at least 512mb if not more… (it’s actually really cheap).
however, if you want to be sure that there is no software conflict on your machine, can you tell us if you have any other defense softwares (av am fw etc.)
Hi,
The other security programs are:
Anti-spy: Spyware Blaster, MBAM and SuperAntispy. These three I added I don’t know if I can run them with AVAST as the shop gave me AVAST but not these three. I have Comodo Firewall only. I don’t use any other firewall or anti-virus except for the occasional online scanners as back up. Yes it’s a desktop computer.
Here is part of the log (a great deal has been deleted):
12:45:19 min/gen Started: 14.05.2011, 12:45:19
12:45:20 min/gen Running setup_ais-3e8 (1000)
12:45:20 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
12:45:20 nrm/sys Memory: 84% load. Phys:78736/522988K free, Page:735620/1275232K free, Virt:2068904/2097024K free
12:45:20 vrb/sys Computer WinName: XP PRO
12:45:24 min/sys Windows Net User: SYSTEM
12:45:43 min/gen Cmdline: /downloadpkgs /noreboot /updatevps /silent /session “33”
12:45:44 vrb/gen DldSrc set to inet
12:45:44 vrb/gen Operation set to INST_OP_UPDATE_GET_PACKAGES
12:45:44 min/gen Old version: 3e8 (1000)
12:46:32 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
12:46:36 nrm/sys Using temp: C:\WINDOWS\TEMP_asw_aisI.tm~a03040 (7280M free)
12:46:36 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
12:46:36 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1000;p)
12:46:49 vrb/sys Computer DnsName: XP PRO
12:46:49 vrb/sys Computer Ip Addr: 182.23.8.166
12:46:49 nrm/sys Installed in: C:\Programmi\AVAST Software\Avast (7280M free)
12:46:54 nrm/int SYNCER: Type: use IE settings
12:46:54 nrm/int SYNCER: Auth: another authentication, use WinInet
12:46:55 vrb/pkg Part prg_ais-3e8 is installed
12:46:56 vrb/pkg Part vps_win32-11051400 is installed
12:47:01 vrb/pkg Part setup_ais-3e8 is installed
12:47:02 vrb/pkg Part jrog-a7 is installed
12:47:13 vrb/pkg Part jrog2-1fd is installed
12:47:14 vrb/gen LoadState: Edition=2
12:47:16 min/gen Old version: 3e8 (1000)
12:47:17 vrb/fil skipped CPackageEngine_File::SetExistingFilesBitmap
12:47:17 min/gen GUID: 21979295-2436-4f44-9d71-df1129a2504c
12:47:41 nrm/gen Server definition(s) loaded for ‘main’: 296 (maintenance:0)
12:47:45 nrm/gen SelectCurrent: selected server ‘Download336 AVAST5 Server’ from ‘main’
12:47:48 nrm/int SYNCER: Type: use IE settings
12:47:48 nrm/int SYNCER: Auth: another authentication, use WinInet
12:47:49 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1000;p)
12:50:54 nrm/int Used server: http://download336.avast.com/iavs5x
12:50:56 min/fil GetFileWithRetry: servers.def.vpx downloaded .
12:50:56 min/fil servers.def.vpx not changed, 1305298756
12:51:26 nrm/gen Server definition(s) loaded for ‘main’: 296 (maintenance:0)
12:51:26 nrm/gen SelectCurrent: selected server ‘Download646 AVAST5 Server’ from ‘main’
12:51:26 nrm/int SYNCER: Type: use IE settings
12:51:26 nrm/int SYNCER: Auth: another authentication, use WinInet
12:51:29 nrm/int Used server: http://download646.avast.com/iavs5x
12:51:29 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
12:51:29 min/fil prod-ais.vpx not changed, 1305353629
12:51:29 min/pkg LoadProductVpu: C:\Programmi\AVAST Software\Avast\Setup\prod-ais.vpx
12:51:29 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
12:51:29 vrb/pkg LoadPartInfo: jrog2 = jrog2-1fd returned 00000000
12:51:29 vrb/pkg LoadPartInfo: program = prg_ais-465 returned 00000000
12:51:29 vrb/pkg LoadPartInfo: setup = setup_ais-465 returned 00000000
12:51:29 vrb/pkg LoadPartInfo: vps = vps_win32-11051400 returned 00000000
12:51:29 min/pkg LoadProductVpu: C:\Programmi\AVAST Software\Avast\Setup\prod-ais.vpx ended with 00000000
12:51:33 min/gen Customer 999999
13:04:38 min/int submit has nothing to send
13:04:38 nrm/pkg Submit: files 0, bytes 0, time 0 ms
13:04:38 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
13:04:38 nrm/pkg Transferred: files 2, bytes 0, time 164860 ms
13:04:38 nrm/pkg Retries: total 0, files 0, servers 2
13:04:38 vrb/fil NeedReboot=false
13:04:38 min/gen Return code: 0x20000001 [Nothing done]
13:04:38 min/gen Stopped: 14.05.2011, 13:04:38
14:49:13 min/gen Started: 14.05.2011, 14:49:13
14:49:13 min/gen Running setup_ais-3e8 (1000)
14:49:13 nrm/sys Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
14:49:13 nrm/sys Memory: 80% load. Phys:99896/522988K free, Page:618928/1275232K free, Virt:2068904/2097024K free
14:49:13 vrb/sys Computer WinName: XP PRO
14:49:13 min/sys Windows Net User: SYSTEM
14:49:19 min/gen Cmdline: /checkupdate /verysilent
14:49:19 vrb/gen DldSrc set to inet
14:49:19 vrb/gen Operation set to INST_OP_CHECK_UPDATE
14:49:19 min/gen Old version: 3e8 (1000)
14:50:05 vrb/reg Deleted registry: Software\AVAST Software\Avast\UpdateReady
14:50:06 nrm/sys Using temp: C:\WINDOWS\TEMP_asw_aisI.tm~a01148 (7191M free)
14:50:06 nrm/gen SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled to 1
14:50:06 nrm/int SYNCER: Agent=Syncer/5.00 (ais-1000;p)
14:50:09 vrb/sys Computer DnsName: XP PRO
14:50:09 vrb/sys Computer Ip Addr: 110.164.181.126
14:50:09 nrm/sys Installed in: C:\Programmi\AVAST Software\Avast (7191M free)
14:50:19 nrm/int SYNCER: Type: use IE settings
14:50:19 nrm/int SYNCER: Auth: another authentication, use WinInet
14:50:20 vrb/pkg Part prg_ais-3e8 is installed
14:50:20 vrb/pkg Part vps_win32-11051400 is installed
14:50:21 vrb/pkg Part setup_ais-3e8 is installed
14:50:21 vrb/pkg Part jrog-a7 is installed
14:50:22 vrb/pkg Part jrog2-1fd is installed
14:50:22 vrb/gen LoadState: Edition=2
14:50:22 min/gen Old version: 3e8 (1000)
15:01:58 vrb/fil SetExistingFilesBitmap: 811->308->307
15:01:58 min/gen GUID: 21979295-2436-4f44-9d71-df1129a2504c
15:01:59 nrm/gen Server definition(s) loaded for ‘main’: 296 (maintenance:0)
15:01:59 nrm/gen SelectCurrent: selected server ‘Download884 AVAST5 Server’ from ‘main’
15:01:59 nrm/int SYNCER: Type: use IE settings
15:01:59 nrm/int SYNCER: Auth: another authentication, use WinInet
15:02:19 nrm/int Used server: http://download884.avast.com/iavs5x
15:02:19 min/fil GetFileWithRetry: servers.def.vpx downloaded .
15:02:19 min/fil servers.def.vpx not changed, 1305298756
15:02:21 nrm/gen Server definition(s) loaded for ‘main’: 296 (maintenance:0)
15:02:21 nrm/gen SelectCurrent: selected server ‘Download339 AVAST5 Server’ from ‘main’
15:02:21 nrm/int SYNCER: Type: use IE settings
15:02:21 nrm/int SYNCER: Auth: another authentication, use WinInet
15:02:22 nrm/int Used server: http://download339.avast.com/iavs5x
15:02:22 min/fil GetFileWithRetry: prod-ais.vpx downloaded .
15:02:22 min/fil prod-ais.vpx not changed, 1305353629
15:02:22 min/pkg LoadProductVpu: C:\Programmi\AVAST Software\Avast\Setup\prod-ais.vpx
15:02:22 vrb/pkg LoadPartInfo: jrog = jrog-a7 returned 00000000
15:02:23 vrb/pkg LoadPartInfo: jrog2 = jrog2-1fd returned 00000000
15:02:23 vrb/pkg LoadPartInfo: program = prg_ais-465 returned 00000000
15:02:23 vrb/pkg LoadPartInfo: setup = setup_ais-465 returned 00000000
15:02:23 vrb/pkg LoadPartInfo: vps = vps_win32-11051400 returned 00000000
15:02:23 min/pkg LoadProductVpu: C:\Programmi\AVAST Software\Avast\Setup\prod-ais.vpx ended with 00000000
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\DataFolder=C:\Documents and Settings\All Users\Dati applicazioni\AVAST Software\Avast
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\Version=6.0
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\VersionShort=6.0
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\SetupVersion=1000
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\ProgramFolder=C:\Programmi\AVAST Software\Avast
15:02:23 vrb/reg Set registry: Software\AVAST Software\Avast\Product=ais
15:04:20 nrm/pkg Transferred: files 2, bytes 0, time 20593 ms
15:04:20 nrm/pkg Retries: total 0, files 0, servers 2
15:04:20 vrb/fil NeedReboot=false
15:04:20 min/gen Return code: 0x20000000 [Something done]
15:04:20 min/gen Stopped: 14.05.2011, 15:04:20
What other security software did you have in the past on this machine including:
Antivirus (AV)
Firewall (FW)
Trial versions of AV, FW and other security programs
Other security software.
If they were in the past, how did you remove them (the vendor’s uninstaller’s tool or another way)? Remnants from past security software can often cause conflicts.
Thanks for the replies. I will answer them one at a time. Did you have any other antivirus on the computer before avast?, Norton/ symantec have removal tools & Macafee also! No, I’ve used AVAST for several years now. I do use the NOD32 online scanner sometimes though. I had to use Combofix (under the directions of a spyware forum) about 6 weeks ago for an infection which Avast hadn’t detected. 1 Is SuperAntispy SuperAntispyware?
2 Is it free or paid (resident)?
3 Do you use Windows firewall I suppose… 1+2 SUPERAntiSpyware Free Edition 3 Comodo Firewall ONLY What other security software did you have in the past on this machine.
I did have Ad-aware and Spybot but that was before a reformat of the computer and therefore not relevant now.
Uninstall avast from Control Panel (if possible). If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after that.
Run the avast! Uninstall Utility saved on 1. If, for any reason, you can’t run it, try booting in Safe Mode and doing it from there. Anyway, boot after you’ve run it.
Install avast! using the setup saved on 2. Boot.
Register your free copy or add the license key for Pro. Or even upgrade your key from old versions.
Check and post the results. If, for any reason, you did not solve, try doing the step 3 in Safe Mode anyway.
To SafeSurf
SAS is on-demand and as for the other AVs there is no trace of them after the reformat that happened last year. And Comodo is ONLY the Firewall
To Tech
You didn’t see it in my first post but this I have already done as you said to do this to somebody else in this thread (2nd post) http://forum.avast.com/index.php?topic=60528.0
I have re-installed AVAST several times now. The update total time is always over the ten minute mark. The last attempted update to which there was NOTHING to update to (the database was already up to date) took the following: TOTAL TIME 10.44 minutes, Download Time 56s, Downloaded files 2 (0.00KB,) and server download337.avast.com (109.123.117.2)
I can’t explain this as everything else seems to download or open without problems. Before somebody asks (preempt strike here!!) “No” no downloads or internet traffic was being used at the time. I have given AVAST free go with the Comodo Firewall and for all activities.
Could it be that something was left with one of the tools that was used during the infection cleaning the other month? These tools were TDSS Rootkit Removing Tool, Combofix, aswMBR.exe and ESET Online Scanner.
Follow the directions for obtaining the OTS logs (save it as ANSI and not Unicode). Post the OTS log as an attachment (Additional Options > Attach > Post).
I reviewed your past post regarding a malware issue http://forum.avast.com/index.php?topic=74162.msg615014#msg615014, but I see no mention of these tools. Either way, I confirmed with our malware removal expert, Essexboy, that with the OTS log, we can do the following:
Check if you still have malware.
Check if these malware-removal tools are still on your machine.
Check if there is another problem that we haven’t identified yet, we might be able to see it in this log as well.
So I strongly suggest that you run the OTS log so we can help you resolve your problem.
Essexboy will be monitoring this thread as well. After you provide your OTS log, he will jump in and provide additional assistance.
Hi,
I’m writing this on another computer. My desktop has gone funny. I started running OTS without touching it. I went off for a cup of tea!! After some time I heard the computer beeping. There were several windows opened which said that a file “UNKNOWN” as it had no name for the title of these windows, was “Not a valid Win32 application”
After a while the computer crashed and after rebooting several AVAST shields were deactivated. Being very suspicious of this I re-booted again but once again these shields were still deactivated. It seems OTS woke something up!! I updated AVAST and ran a quick scan and saw the results nothing (no log saved). The scan was too quick, 20 minutes. I checked the settings and exclusions. There should have been nothing but there was C:\Windows\System32
I tried to run Superantispyware it gave the “Not a valid Win32 application”, so I decided to rename it which worked for me!! It found 16 infections of Bagle in different flavours (not the one I like though!!) in the system 32 file and also 2 Trojans along with a rootkit…There is no log file which is strange or not so strange from reports I’ve seen in doing research about this kind of infection.
My wife said that her brother-in-law came the other day with a pen drive to print a few photos!! Now alarm bells are ringing!!! I’ve just called him to ask him to scan his computer. He called back a few minutes ago saying he can’t start up his AV!! Before I continue does anybody think I can trust my computer 100% anymore?
Luckily, I don’t keep passwords on the computer.
Yes, programmi is OK. The OS is an Italian version. These tools were suggested in Bleepingcomputer website.
I suspected you may have malware on your machine when I asked you to do an OTS log in an earlier post, and this would allow us to see if you still had malware-removal tools still left on your machine. Because your machine was acting very slowly, we have to look at the big picture, and sometimes we have to consider malware as the problem. Since I looked at other issues, this was my next step. It appears that we stumbled upon the problem.
If you follow Essexboy’s instructions, we can very likely fix your machine. So please run the OTS log so we can see what is going on in your machine and begin removing the malware. If you cannot download the OTS, at least follow his instructions and download the aswMBR.exe and follow those instructions.
It is normal to feel overwhelmed when you get malware on your machine, but please try to work with us and we will help you fix the problem. Feel free at any time to ask questions.
Hi,
The situation is bad. Whatever my “brother-in-law”, not for the lack of a word, put onto my desktop computer has completely crashed the system and the computer will not boot at all now. The last error message seen was just as the desktop appeared. A little window seemed to open and close for a split second (strange never seen before) and then svchost.exe is not a valid Win32 application. The computer froze at that point. After rebooting it never starts. I have tried rebooting in safe mode, a rescue disk. I have also tried to get into the bios to change the booting configuration but nothing!!
My friend, who works for a computer company near here, is helping me. He is going to put the hard drive on to one of his test computers at work as a slave drive (is that correct) to see if that will at least get it started. I’ll let you know how it goes.
Thanks anyway for those who tried to help. From what I understand now, it seems that my brother-in-law clicked an allow box to one of the security programs on my computer. One of them blocked this thing. I’m going to put a password onto my computer from now on!!!