When I turned on the pc this morning I noticed that the Avast resident protection did’nt start and that the firewall didn’t launch.
I turned on the Avast protection manually but it shut down shortly after with an error message.
Can’t turn on the Sygate firewall at all.
I’m running virus scans but nothing has come up yet.
I didn’t download any software or files recently.
I’ve got a few important files that I haven’t backed up yet and I’m terrified at the idea of losing them. Ima try and back them up after scanning each one.
If someone has ever heard of such a thing?
after rebooting several times the resident protection and firewall finally came back uo and running.
The virus scan has found Win32 Trojan-gen UPX…
Restore mode is disabled so I deleted the file.
Any suggestions anyone? …Anybody?
I have heard that there has been some problems with SPF free 5.6.2808 of not shown started. But I am not familiar with it and thought it was still protecting, just not shown. Never did experience it myself.
I did run that latest free one maybe a month, and once I got a warning from avast! network shield, when it was slow starting.
I am currently running as trial SPF Pro 5.6.2818 beta and it is working fine in my XP Home.
Soon I will revert back to SPF free though, bad economics, hehe.
So I maybe test it more but sounds bad if you got trojan cause of the slow start. Might be rather that the trojan disabled SPF?
Remember always to uninstall the current version of SPF from Control Panel before installing an other version.
You can find a link where to install SPF 5.5.2710 that is known to be very stable from Sygate forum:
Just do a search there with ‘5.5.2710’ keyword.
I might revert also back to SPF 5.5.2710 cause of your posting.
And that one experience 5.6.2808 was slow starting as I mentioned.
It is just fine though not recognized from XP SP2 security center, so you have to tell the security center “that you are controlling the firewall” then it will be just fine and no more prompts from it.
What was the error message? Can you post a screenshot of it?
sorry RejZor, I can’t do screen shots, but the alert panel that appears when avast shuts down translates by (I use the French version):
"avast!: the AAVM sub-system has detected an RPC error
the operation could not be done"
And after that I can’t even open or use a web browser. It’s
Concerning the firewall, yes Jarmo you’re right, it’s working but it doesn’t appear on the tray before I get an contact attempt alert.
Then it gives me a panel saying the NT Kernel_System has changed…
The executable has changed since the last time you used: C:\WINDOWS\System32\ntoskrnl.exe
File Version : 5.1.2600.1634
File Description : NT Kernel & System
File Path : C:\WINDOWS\System32\ntoskrnl.exe
Process ID : 0x4 (Heximal) 4 (Decimal)
Connection origin : local initiated
Protocol : UDP
Local Address :
Local Port : 138
Remote Name :
Remote Address :
Remote Port : 138 (NETBIOS-DGM - Browsing datagram responses of NetBIOS over TCP/IP)
Ethernet packet details:
Ethernet II (Packet Length: 266)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-0e-a6-75-40-b3
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
.0… = Don’t fragment: Not set
…0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x15b0 (Correct)
User Datagram Protocol
Source port: 138
Destination port: 138
Length: 8
Checksum: 0x6a8c (Correct)
Data (218 Bytes)
Binary dump of the packet:
0000: FF FF FF FF FF FF 00 0E : A6 75 40 B3 08 00 45 00 | …u@…E.
0010: 00 EE 05 34 00 00 80 11 : B0 15 C0 A8 01 66 C0 A8 | …4…f…
0020: 01 FF 00 8A 00 8A 00 DA : 8C 6A 11 02 80 1B C0 A8 | …j…
0030: 01 66 00 8A 00 C4 00 00 : 20 46 44 45 46 45 44 45 | .f… FDEFEDE
0040: 49 45 42 45 4F 43 4E 44 : 41 44 42 43 41 43 41 43 | IEBEOCNDADBCACAC
0050: 41 43 41 43 41 43 41 41 : 41 00 20 41 42 41 43 46 | ACACACAAA. ABACF
0060: 50 46 50 45 4E 46 44 45 : 43 46 43 45 50 46 48 46 | PFPENFDECFCEPFHF
0070: 44 45 46 46 50 46 50 41 : 43 41 42 00 FF 53 4D 42 | DEFFPFPACAB…SMB
0080: 25 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | %…
0090: 00 00 00 00 00 00 00 00 : 00 00 00 00 11 00 00 2A | …*
00A0: 00 00 00 00 00 00 00 00 : 00 E8 03 00 00 00 00 00 | …
00B0: 00 00 00 2A 00 56 00 03 : 00 01 00 01 00 02 00 3B | …*.V…;
00C0: 00 5C 4D 41 49 4C 53 4C : 4F 54 5C 42 52 4F 57 53 | .\MAILSLOT\BROWS
00D0: 45 00 0C 00 E0 93 04 00 : 4D 53 48 4F 4D 45 00 00 | E…MSHOME…
00E0: 00 00 00 00 00 00 01 00 : 03 0A 00 10 00 80 D4 FE | …
00F0: 9C 02 53 45 43 48 41 4E : 2D 30 31 00 00 00 00 00 | …SECHAN-01…
0100: 00 00 00 00 00 00 00 00 : 00 00 | …
Can I still save files without risking to save the virus. I mean, if this thing has gotten though Sygate and Avast, I can’t really trust file scans, can I?
Concerning the firewall, yes Jarmo you're right, it's working but it doesn't appear on the tray before I get an contact attempt alert. Then it gives me a panel saying the NT Kernel_System has changed....
That is a normal prompt from Sygate after MS security update patches, no need to worry about that if that is the cause for that prompt.
About viruses, there are more knowledgeable people here, so you just keep asking
I think you have SPF packet logging enabled.
I read in SPF forum some posts that doing so, is not so recommandable normally.
If Sygate does not start in systray, I really recommend in my limited knowledge you to install 5.5.2710.
And you could also ask in the firewall forum.
try an online scanning with another antivirus or install as i did : avast! my main antivirus running all the time + a second antivirus (antivir) disabling the resident scanner that i update every 2 weeks then scan with the second antivirus every 2 weeks.
Thanks Jarmo, what does having “SPF packet logging enabled” mean?
Does anybody know what exactly this Win32 Trojan-gen UPX does to the computer?
Why can’t Avast start, why does it shut down after a few minutes if I start it manually?
Has anyone seen a message like this before:
"avast!: the AAVM sub-system has detected an RPC error
the operation could not be done"
Usually just security log and traffic log and system log are enabled.
The dump you gave made me suspect you have enabled also the Packet log. It takes resources, and I refer to those few posts I have read in SPF forum.
You can disable it from ‘Tools/Options/Log’
No “full packet logging” isn’t enabled, security, system and traffic logs are.
Why is avast not working?
I’ve used it for 10 months without a problem.
Does anybody know what exactly this Win32 Trojan-gen UPX does to the computer?
Has anyone seen a message like this before:
"avast!: the AAVM sub-system has detected an RPC error
the operation could not be done"
RPC error is generally related to other antivirus present or, at least, firewall blocking.
Anyway, RPC error is most likely correct by this procedure:
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Repair function in the pop up window (Repair).
If this does not help, can you uninstall / boot / install / boot again?
repair didn’t work so I re-installed. Hope it solves the problem.
Is it possible that Trojan-gen UPX corrupted avast? It’s quite a coincidence that it came up in a full scan I did after seeing avast wasn’t working anymore…
By the way, do you advise setting the protection level to normal or high?
I’ll say disable, mess… but not corrupt. Anyway, glad you have avast! woriking again.
Nowadays, the difference is not that big.
But if you set custom and disable open/create/modified files scanning, then you’ll see a big difference in performance. But, in this case, the protection level is low. I mean, you can ‘have’ an infected file in your computer. It can’t infect your system as the virus cannot be executed. But you have it there. Some users can’t live with the ‘bad guy’ inside of the house. Others, need performance, and when the file is executed then the virus is stopped and nothing happens, so, they left the ‘bad guy’ silently into the computer… It’s a risk, but they want more performance. You must choose.