Need to manually update avast definitions - possible?

I have a two computer home LAN (one desktop + one laptop)

Currently the Desktop machine (which had been running AVG-free) has a bad virus infection and as part of that infection (perhaps something stupid I did while trying to sort some of the problems out with HijackThis) does not internet access, but the two computers can exchange files on the LAN (they are behind a Linksys router (not wireless) connected to the web via cable. The laptop is and has been running Avast 4-Home for sometime.

The technician at my ISP suggested that it would make sense to dump AVG on the desktop and use Avast 4 Home on both. I already had the installer so I did that but now (of course) my Avast virus definitions are badly out of date and I can’t update through the normal method.

so … after the long intro … how can I either use the Avast definitions already on my laptop or download them them separately to the laptop and then copy them to desktop and install them there?

Any suggestions appreciated … hopefully this is easy to do ???

Regards … Alec

Alec,

You can simply download the current VPS update from the download link at http://www.avast.com/eng/update_avast_4_vps.html
and then copy it across to the other computer. It is a file named vpsupd.exe. Put it somewhere handy and just run it to update you VPS files.

The way will be what olddog posted.
But, doesn’t the desktop computer connect the Internet? You’ve said they’re on a LAN.
It’s better and wiser get incremental updates than having to download the full virus database each time to update the off line computer.

Hi Tech:totally agree but the problem is that the virus (or something I did accidentally - see first post) has made me unable to connect to the internet on my Desktop machine.

As it happens … the installer I had was 4.7 so I downloaded the current 4.8 installer using the laptop connection but but in my downloaded files on the desktop using its mapping of Z:\ drive to Desktop machine. Running that on the Desktop forced me to uninstall 4.7 first then install 4.8. hopefully with more current virus definitions included.

I’m still in trouble since running a full system scan from boot prompt has NOT apparently cleared the virus.

I’m currently trying to restore an NTbackup made two weeks ago - hoping that will clear the problem and allow me to regain internet connectivity on the Desktop machine.

wish me luck - this is turning out to be a major PITA!

regards … Alec

After restoring your backup, install and update avast and post back the results :wink:

Hi tech - your post came in while I was composing this.
As I said first below … the update of Avast 4.8 failed … see below that in this post

OldDog:
Running NTBackup-Restore did not clear the virus … oh well …
I d/l’ the VPS update from above link and transferred it to infected machine.
Running the vsupd.exe gives this error msg:

Error

Can’t install VPS update. Please, report following errorcodes:
Ver:4.8.1229
SI: 0x00000002
ST: 0xFFFFFFFF
LE: 0x00000000.

OK

While that error was on the screen and I was responding here I got a “virus was found” msg from Avast. I know I’m supposed to be seeking assistance elsewhere on this forum (?-where?) but since I already here … ignore following if inappropriate … I can always copy it somewhere else.

File name: C:\Documents and Settings\Alec\Local Settings\Temp.tt25.tmp.vbs
Malware name: VBS-Malware-gen
Malware type: Virus/Worm
VPS version: 080723-1, 2008-07-23

Of course … I can’t complete the virus report but the URL I’m being sent to is:
http://www.avast.com/go.php?verb=virus-report&lang=eng&name=Owner&virus=VBS:Malware-gen

As soon as I moved above to virus chest I got a popup from Windows Defender saying
Auto Start change occurred.

This agent monitors the various mechanisms that software can use to automatically start when you log on to Windows. Programs that auto start can affect system performance and start without your knowledge.

Path:
C:\WINDOWS\system32\gcjnxxae.dll

Detected changes:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BMaf005c5b
FWIW - I’ve been seeing those … every time I deny one I get another with a different random alpha name.

Also relevant …?
Looking at C:\Windows\System32 and sorting by Modified date I’m getting entries appearing at the top ie. recent date-times like these:
Filename Modified date Creation date Size
statfi.dll 2008-08-28 20:45:07 2008-08-28 20:45:07 1882112
xabIQtwa.ini 2008-08-16 19:27:19 2008-08-15 06:30:35 543867
xabIQtwa.ini2 2008-08-16 19:24:21 2008-08-15 06:30:35 543867
blphcjnoj0e74n.scr 2008-08-16 19:14:04 2008-08-16 19:14:04 70144
phcjnoj0e74n.bmp 2008-08-16 19:00:02 2008-08-16 19:00:02 90838
lphcjnoj0e74n.exe 2008-08-16 19:00:01 2008-08-16 19:00:00 144896
vengtnku.exe 2008-08-16 18:57:03 2008-08-16 18:57:03 2048
lwbovjwr.ini 2008-08-16 18:54:14 2008-08-16 18:54:14 294
rwjvobwl.dll 2008-08-16 18:54:03 2008-08-16 18:54:02 85504
mtkntb.dll 2008-08-16 18:51:02 2008-08-16 18:51:02 107008
wpkgvwyc.dll 2008-08-16 18:51:02 2008-08-16 18:51:01 107008
olpbxfna.dll 2008-08-16 18:48:01 2008-08-16 18:47:59 93184
a710abb9-.txt 2008-08-16 18:46:46 2008-08-15 06:31:30 0

I just did a scan of the ones currently at top of System32/ - Avast is not recognizing anything wrong.

Note: statfi.dll shows a date-time of today-20:45:08 - its 19:25:52 as I write
the file xabIQtwa.ini seems to be getting its time stamp refreshed every 10 seconds.

Wonder if procmon will tell me anything …

Alec,

You obviously need the assistance of someone experienced in removing infections, and I am not qualified to give the advice you need. I think you should post in the Avast Viruses & Worms forum - see
http://forum.avast.com/index.php?board=4.0 with a “Need Help” title.

I’m not sure from your last post whether the virus warning came up on the known infected computer, or whether there is now a virus on the previously OK one. For the moment I would disconnect the known infected one from the network.