Gents,

I was just poking around in my system folders and came across some entries in the system32 folder which I think can be deleted but I wanted to ask first. Running Windows 7 64bit I have about 568 entries of these “2014-11-25-19-59-14.021-AvastVBoxSVC.exe-2336.log” dating back a year or so.

They are about 1kb and the log contains this entry

“Log created: 2015-07-10T17:48:19.058800000Z
Executable: C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
Commandline: “C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe””

I assume these are standard logs that can be deleted but curious why they are being stored in the system32 folder.

Thoughts?

I don’t know why they are in that location, but I wouldn’t have thought they would be standard .log files or they would be in the C:\ProgramData\AVAST Software\Avast\log folder.

I don’t see any .log files much less those file name format/structure in my system32 folder on my win7 netbook, this however is a win7 SP1 32bit starter edition version.

The Avast self-defence module would normally be protecting avast files, I don’t know for sure if that is the case for log files (in that location). I have been able to delete some .old copies of .log files without the self-defence module getting involved.

That was my thought as well David that’s why I thought I would ask before deleting them as most logs are kept in the Avast folder and the last dated log is 7-20-2015 so on the newer versions of Avast they are not being stored there. I’m somewhat of a security guru as I used to read Hijackthis logs and remove virus/malware/spyware for members and I did peek into the file and scanned it for any unknown calls but it looks like a standard log file created by the avast NG component.

I just got curious as to it’s location in the system32 folder as that is an attack point. Will wait for more input.

Edit:

Few of these logs entries also “2015-03-02-21-12-36.041-aswFe.exe-4816.log” which contain

“Log created: 2015-03-05T19:33:15.616200000Z
Executable: C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
Commandline: “C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe” --comment NgBase --startvm 849f2afc-8c1d-42c7-8fc2-a162ff0a20f5”

My only guess would be that the NG executable or file might have been located there and logs were retained there also, which seems a poor decision to dump log files in the system32 folder.

As far as I’m aware the NG (Virtual Machine module) isn’t going to be local any longer (will be refined and operate from the avast cloud) as some system specs weren’t enough to cope with this.

The beta session that is running now (https://forum.avast.com/index.php?topic=187525.0) has a cloud module CyberCapture, which I believe replaces the old NG module. Whilst this doesn’t answer your question (other than NG won’t be around much longer), just a bit of background as to what is going on for the future.

Thanks. I’m just going to create a folder and move those out of the system32 folder and see what happens then delete if there is no issues. Thanks for your thoughts!

You’re welcome.

Update:

Moved, waited a few days then deleted. Still not sure why they where there but no issues deleting them. Thanks again! Thread is solved!

No problem, you can use the modify button in your first post and add [Solved], etc. to the topic Subject. As in my example subject.