Can't delet Temp files

Have two 0 length temp files and avast folder that cannot be deleted in my C:\TEMP folder. Noted the following log:

05/06/2005 8:03:21 PM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/06/2005 8:03:22 PM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 2:21:40 AM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/07/2005 2:21:41 AM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 3:07:18 AM Default 4278649643 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.

How do I resolve this issue?

Which is your Windows? 98, Me, XP?
Do you use any other antivirus in your computer?

Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Repair function in the popup window (Repair).
You must be connected to the internet while repairing.

After booting, can you delete the files?

There’s nothing wrong about those 2 TEMP files - they are perfectly normal.

I’m using Win98se. Just removed McAfee to switch to Avast. Hopefully all of McAfee is gone! Cannot delete files after reboot. Will try to repair and get back to you.

Thanks for response.

Anyway, attempt to what Igor posted… that two files belong to the normal avast behavior… Don’t care that much 8)

Tried to ‘Repair’ Avast. The process completed successfully within a few seconds. Does not seem there was enough time to ‘Repair’ the program … ??

After reboot these undeletable, 0 byte, temp files and Avast folder were present:

Volume in drive C is QV14D0
Volume Serial Number is 2A31-1401

Directory of C:\WINDOWS\TEMP

. 06-09-99 12:35p .
… 06-09-99 12:35p …
AVAST4 05-11-05 7:56a avast4
JETE209 TMP 0 05-13-05 10:31p JETE209.TMP
JETF970 TMP 0 05-13-05 10:31p JETF970.TMP
2 file(s) 0 bytes

Directory of C:\WINDOWS\TEMP_avast4_

. 05-11-05 7:56a .
… 05-11-05 7:56a …
WEBSHL~1 TXT 0 05-13-05 10:30p Webshlock.txt
1 file(s) 0 bytes

Total files listed:
3 file(s) 0 bytes
5 dir(s) 1,326,899,200 bytes free
Are these files characteristic of the Avast program? Will my temp folder always contain ‘Access is denied’ temp files and folders from Avast or is this some form of malfunction? The Avast folder is deleted each time I clean my Temp folder, but the result is another error when emptying the recycle bin.

Associated with the temp files is a ‘Warning’ log:
05/06/2005 8:03:21 PM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/06/2005 8:03:22 PM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 2:21:40 AM Default 4294849355 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/07/2005 2:21:41 AM Default 4294849355 An error has occured while attempting to update. Please check the logs.
05/07/2005 3:07:18 AM Default 4278649643 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.

Based on my limited understanding of this log, it appears there is an install error. Is this true? How can I resolve this error? Seems the repair process did not clear the problem, but just added another entry into the warning log.

As you can tell, I have just started to use Avast after a very disagreeable experience with McAfee. I want to understand all the features of the free version of Avast and be assured it is set up correctly for full AV protection before moving up the the next level of your AV program.

It could be fast, depends on how is your system state, the traffic on Internet, etc. Generally, less than 5 seconds if your installation is ok.

The Jet files are related to Microsoft Jet drivers loaded by avast. It’s ok. Don’t worry. You can delete them because they’re being used.
The last one belongs to WebShield provider. It’s ok again.

Let them there. They’re legitimic. If you delete them you could mess avast behavior.

Verbose of the logs… Don’t worry. The repair function passed over all of them. They promissed to remove these messages in next versions.

So, we’re here to help you 8)

Hi, I have a similar question about “temp/avast” directories.

Besides Avast I have installed also Spysweeper. Spysweeper alert me that some files in that directory are “rootkit suspicious”. That should be pretty normal, in fact, I image that Avast driver loaded in the kernel probably hide these files and when spysweeper uses tipical techniques used to detect rootkit (raw disk access vs system call access) it finds an inconsistency and alert me.

However, I tried to empt the chest but these files remain there. So, I tried to use erd commander first to boot and remove drastically these files but nothing. So, this thing has begun to bother me.
Is there any way to removed definitly these files from my hard disk?

I have also another question. My administrator chest result empty after I empt it. Precedently it contained kernel32.dll winsock.dll e wsock32.dll. Now it’s ok. But if I log on as a normal user they still compare in the chest. How come?

                                                                    Thanks in advance

The Chest files are on \DATA\chest folder, so…

avast needs that files to normal function.
Can’t you exclude them from Spysweeper scanning?

These three files are there for backup purposes, what do you mean with ‘still compare’?
If you remove these files they’ll be there next time.

The …\Temp_avast4_ folder is where avast unpacks archive files for scanning and on successful completion they are removed. These files begin with UNP with a numerical value after that.

There should be nothing to stop you removing files from that folder providing they aren’t in use. Are you getting any errors ?

I can’t see why avast would want to hide or protect these files, other than if it is scanning a suspect or infected archive file, when unpacked it could possibly be detected by another security program, which may cause conflict as both battle for control. Personally if I am going to run an on-demand scan I pause other resident scanners, one this stops duplicate scanning as one is opening a file to scan, so to does the other and avoids possible conflict if both programs recognise a malware infected file.

yes, of course. I only needed to be assured that these files are not a problem. Now, I excluded them.

These three files are there for backup purposes, what do you mean with 'still compare'? If you remove these files they'll be there next time.

I’m sorry, “appear”, not “compare”. However also in this case it is not a problem, so I should be clean. Thanks.

You’re welcome, fell free to come back any time you need help.
Enjoy avast! 8)

I can’t cancel them even if I boot with erd commander or other bart cd. Tipically I receive a pop up indicating that the path of these file are not found or things like that.
It seems that their structure has been modified so that other programs find inconsistencies related to normal file system structure. This is the reason I am worried. Things like that are tipical of rootkit or program like antivirus / antispyware / firewall loaded at boot time as kernel modules.

If it is avast that create these files so that they are undeletable, no problems. But if it was no avast …

I wish Alwil programmers drop a word about this… Can you explain a bit about the apparent rootkit behavior?

:slight_smile: Hi All :

 saronno : For Rootkit "detection", it is Best to use a specialized rootkit
              detection program, such as the Good and FREE "RootkitRevealer"
              at www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

avast! doesn’t hide any of its files - and the only “protection” performed on the temporary folder is keeping one open file inside, so that it can’t be removed.
If you boot from a CD, you certainly should be able to remove them (and if you don’t, it has nothing to do with avast! - because it’s not running at the moment).

What filenames in particular are you referring to?

Well, problem solved.

The path was so long that the system cannot manage it. Just reduce some name on the path and I was able to remove everything.

Sincerely I was a bit ashamed :slight_smile:

but some months ago I wrestled with a real rootkit and now I am very sospicious …

Thanks to all for the help.

Did you change the default path for the temp files?

No, just the name of the directories contained in …/temp/avast/

I see… Your logon name much be long too…