Can't Start Avast!4

Avast Free Antivirus / Premium Security
1

I have installed Avast!4 Home and can’t start the program. A pop-up seen and it says: C:/Program Files/Alwil Software/Avast4/ashAvast.exe is not a valid Win32 application. How to solve this problem to enable my computer to be protected. Thanks.

2

What operating system do you have? Service Packs? Do you have any other Anti Virus software running at the time you tried to install Avast!4 Home edition?

You might also have a corrupted download that did not install correctly. Download the correct version and overwrite the current saved installation file and re try installing.
This page also offers ideas and suggestions: http://www.computerhope.com/issues/ch000726.htm

3

I use Windows XP Professional Service Packs 2. There is no other Anti Virus softeare running in my computer. I would try to download a correct version and reinstall it.

4

:slight_smile: Hi :

  SPECIFICALLY, WHAT antivirus program(s) have you had on this 
  computer ? Some, like Symantec/Norton and McAfee, have
  "Removal Tools" that should be used PRIOR to installing Avast and
   having "It" function properly .
5

I agree with Spiritsongs about prior AV software. Seems like there is always lingering entries in the registry somewhere. Even on my comptuer there is a Symantec service that I disabled START RUN services.msc and if there is reference to Symantec in there, click on it and choose “disable”.
Try the download again and save it and re-try. S

6

I have seen this in a recent post “pop-up seen and it says: C:/Program Files/Alwil Software/Avast4/ashAvast.exe is not a valid Win32 application.”

I believe it was related to a possible bagle rootkit infection. So you may have been infected when you installed avast.

Bagle Rootkit variant:
See http://forum.avast.com/index.php?topic=26554.0
http://forum.avast.com/index.php?topic=25941.0
This seemed to have the best results with this type of attack and is reasonably user friendly.
http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx
Also F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight - Direct line, ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

7

Beagle…

8

Any other advice on how Moonwind might resolve this other than the spelling of Beagle ?

9

Sure

Download the following programme But when you save it to disc re-name it to Gotcha.exe, otherwise the programme will not run. This is very important

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

10

the same problem was discussed (in last few days) already, so i wanted to point the thing, that sometimes is good to use search button before creating a new thread imho… :wink:

11

and it was a unjoyful sigh about the situation with Beagle… but avast will be more bullet-proof in future and should be able to resist against this type of attack…

12

The Beagle/Bagle removal tool mentioned here seems to have been effective for another user, as Maxx_original’s suggested search revealed.

http://forum.avast.com/index.php?topic=31119.msg258505#msg258505

Direct link here:

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Maybe the beagle ate the Bagle.

13

Everything tried but still failed.

14

:slight_smile: Hi “Moon” :

  Did you try what "essexboy" recommended !?
15

Eventually the attempt of using combofix.exe has been proved successful in fixing the errors. And, now the avast!4 is able to start without any problem. Many thanks to everyones and special thanks to essexboy and Spiritsongs.

16

Hi moonwind - glad it worked . Would it be possible to post the combofix log as there is probably one file that it did not remove. Also did combofix work first time or did you need to do something else, as this version is only a day or so old and you are the first to have success with it

17

Hi Essexboy

I only used ComboFix to fix it. Hereunder is the ComboFix.txt (Due to too long only the lower part of the txt is shown):-

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-02-28 12:00 15360]
“USB Safely Remove”=“E:\Documents E00002\USB Safely Remove v3.1.4.478\USBSafelyRemove.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2006-02-28 12:00 208952]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2006-02-28 12:00 455168]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2006-02-28 12:00 455168]
“P17Helper”=“P17.dll” [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 17:35 32768]
“StandardInstall”=“”
“PPHIDPAD”=“D:\WINPENJR\win32\pphidpad.exe”
“iRiver Updater”=“\Updater.exe” [2004-07-01 16:20 212992]
“Ad-Watch”=“D:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe”
“ezShieldProtector for Px”=“C:\WINDOWS\system32\ezSP_Px.exe” [2002-08-20 10:29 40960]
“BellCanada_McciTrayApp”=“C:\Program Files\BellCanada\McciTrayApp.exe” [2007-11-19 09:33 1468928]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-01-28 14:06 185896]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 08:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-02-28 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2005-06-20 18:53]
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys [2001-10-09 23:00]
R2 McciCMService;McciCMService;“C:\Program Files\Common Files\Motive\McciCMService.exe” [2007-11-01 10:59]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 16:51]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 16:51]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the ‘Scheduled Tasks’ folder
“2008-02-01 17:49:10 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job”

  • C:\Program Files\MalwareBot\MalwareBot.ex
  • C:\Program Files\MalwareBot
    .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 15:57:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-02-03 15:57:26
ComboFix-quarantined-files.txt 2008-02-03 20:57:24
ComboFix2.txt 2008-02-02 17:53:56
.
2008-01-23 14:41:37 — E O F —

18

Thank you for your reply moonwind - I am now happy that it works