Am having problems updating the VPS and may have some blocking software on my system. I have Comodo Internet Security software on my system and have received a Defense+ warning that there is an untrusted file on my system from an untrusted publisher, the file is “clnr.dll”
Unusual feature that has appeared as I was watching the Data folder for Avast4. One file had a ‘0.’ added to the title, that was “clnr.dll” now is shown as “clnr0.dll” and as I was looking at that folder suddenly another one was changed. A total of five (5) files were changed they are “aswar.dll, dllcc.dat, exts.dll, uiaux.dll”. What I would like to know is, “is this normal?”
Those files are now “aswar0.dll, clnr0.dll, dllcc0.dat, exts0.dll, and uiaux0.dll”. I had Avast in a pre-Windows start mode find “CIS_Setup_3.10.102363.531_XP_Vista_x32.xeX is infected by Win32:Small-MLD [Trj], Repair: Error 42060 {The file was not repaired.}” as taken from the 'aswboot.txt file. Now cannot update the Avast vps file, I think that is the virus data base?
On a Dell 531s AMD Athlon 64bit Dual Core Processor 4400+ O/S Vista SP2 32Bit 4GigRam 3.2GigClock.
Thank you for reading this,
CU L8R,
NTxLS
The updating problem could be due to firewall blocking…
You could try to delete the entries for avast! in comodo and try to update again, forcing it to ask, and you can allow it.
Apparently this is normal (at least my system is the same)
The CIS file is the setup for the Comodo Internet Security, and could be avast! alerting on the virus signatures (i’m not too sure)
I am assuming you don’t have the AV element of CIS installed (it wouldn’t be a good idea if you did…)
I would just delete the CIS file if it is causing you troubles…
If this is so, where do I go to delete the AVAST entries in Comodo, why is AVAST attempting to reach a server in Houston, Texas? This is not just once or twice, try 105 in about the last 8 hours. That is from the BLOCKED list in Comodo.
I have more info on those “.dll” files that had their titles changed while I watched them. That was a couple of days after the software had been installed and I also have a list of “.exe” files that are blocked by UAC and labeled as “Untrusted Publisher” by the UAC. I have had the AV in CIS installed but not at the same time as other AV software.
This is so strange, all had been working just fine and then BAM!!!
I’m not really sure how to delete the entries in comodo firewall, but it would be somewhere like trusted file/programs (Even though they are trusted, this sometimes happens and the deletion is necessary)
I’m not sure, but the connections to texas could be the webshield scanning (I’m not too sure exactly how it works, bit of guess on my part) What is the file name of the file making the connection?
As for the .dll files again, I am not too sure about them…
I don’t think the .exe (UAC issues) files are related to avast! (all files are signed I believe) but without filenames, I cannot be sure what to advise…
There seems to be NO access to any area for removal of any trusted apps. I will go to Comodo Forums to see what they have to say on that.
Here are a couple of the TCP/IPs 74.55.235.26 is traced to:Houston, United States; 209.62.112.18 is traced to:Houston, United States and the file is “avast.setup” in the default folder for Avast4\setup.
What I found strange about the .dll files is they changed while I was watching. Not the very first one ‘clnr0.dll’ but the other files did make those changes. Plus - the following information was extracted from each file titled:
"clnr0.dll
[Tab] “PE Header”
Checksum: 0006AD1B,does NOT match file checksum 0006BC59
That is only on a couple of the files and is not all of the data I was able to extract. I have software from Safer Networking that allows me to examine some of these files. NOTE: The line that ‘Checksum’ is on and not a match. That is what I find curious just for one, there are more.
UAC is a Windows file and not sure what is used to trigger it for those warnings. You are correct the .exe for UAC is not related to Avast but those files that I click on are and I can give you a list of them if you like.
The AV from Comodo is removed using their Installation program and that has been done, I left it in when first installing it because they run or recommend a scan by their software, then it was removed and Alwil’s Avast4 was installed after doing my learned trick to get around UAC.
Thank you for reading my information and what you have said to do has been done,
I am not too sure about the .dlls you are talking about (how they work etc.)
And the avast.setup connecting to Texas, again I am at a loss, mine connects to the ALWIL servers in the Czech Republic…
I’m sorry I couldn’t be of more help…
Maybe someone with more knowledge could step in here and explain this?
Thank you for the HELP you have provided and at least reading my messages. So far all seems to be running AOK but not really sure, as I am still getting hits from China, Philippines, and various other points of NON-interest to me. Just do not feel safe and comfortable, yet.
ONE point if I may make it here, you are NOT sorry, you are a very good person and are willing to do what you can and I for one do appreciate the interest shown and willingness to assist. That is what I attempt to do when I can and that is not very often.
As for those files changing and the title even changing, my computer Geek-a-Zoid informed me his system has Avast and those files are redone each time the system is booted. Do not know if this is NORMAL or not but someone else has noticed the same activity.
Thank you for this confirmation of the server found in Houston, Tx, that is the one that has shown up as being connected to by my system. It just seemed strange to have hits from Houston, Dallas, Laredo, (all within Texas) and some in California.
Stupid me, I have those TCP/IPs displayed in my browser, I use FF v3.52 with extension “Show IP” and just never thought to watch that. Only use it when saving a link as a Bookmark, now I will look a little closer.
I have been using ipillion (www.ipillion.com/) for looking up some of those that have been coming from China and Philippines, because they use a map to show where they come from.
I am not trying to find any fault with this different/wide spread servers, just a very curious user and am checking some of the links that appear within Comodo to see where they come from.
I agree they need to have servers every where to assist in keeping the web working as smoothly as possible and not have any down time if one or two go down. I know there are more than one or two that could go down, with the WWW going around the globe there could be from 1/4 to 1/3 of them down at any one given time, I hope that is a little over exaggerated.
Thank you for this better understanding and expanding my knowledge and functionality of Avast4.
Also have been reading the Sticky thread “Understanding avast4.ini file” that has more information within it than I could ever read and understand. Slow reader and too old to be able to absorb that much info at one time. Will work at it anyway to see what could be pickedup by me.
OK, two, this one is about the files mentioned before, five (5) total, that keep changing when rebooting our systems. If this is normal then why is there information recorded in the files “Checksum: 0006AD1B,does NOT match file checksum 0006BC59” which is for the ‘clnr0.dll’. Is this not adjustable when doing these types of changes?
I am using FileAlyzer2 from Safernetworking, creators of SpybotSearch&Destroy, as if you did not know that.
“Warning: this topic has not been posted in for at least 20 days.
Unless you’re sure you want to reply, please consider starting a new topic.”
Thank you for this warning and YES I do wish to post here to bring anyone that reads this thread up-to-date on what we were discussing.
From what I have been through and am sure not the only one, found information and tricks from other posts in other areas as well as some blogs.
My original problem never was really entered into this forum, that is my fault got too wrapped up in those files changing and not really understanding what was going on. Just too curious as to what, why and where are we going with this? If anyone would like to know more about this and what my original issue really was they can PM me instead of filling this great forum with my problems. Unless some of the Admins feel they could be of some use for another user. As you can see I get a little wordy and at my age it is very hard to change now.
Oh, my original problem has been put aside for now, hopefully from now on, only time will tell that tale.
Thank you for reading my post and a very LARGE THANK YOU to those that gave some advice and assistance to this DUMMY,
TIA,
CU L8R,
NTxLS
Your use of the PM function is restricted (you can send) until you have 20 post, e.g. no longer a newbie status. So it would be rather one sided and you wouldn’t be able to answer.
So it may be best to post the actual problem.
If that problem is unrelated to the original topic title than it would probably be better in a new topic so as not to confuse this one.