On Vista (again) "..red circle on avast! a-ball icon.."

Hi. I’m running 4.7.942 on Vista Ultimate.

I have a red circle on avast! a-ball icon.
I have read this faq which does not solve the problem.

I cannot start Avast.

Can you help??

This is often associated with having another AV installed or remnants on your system, this may not be correct if you did a clean install of Vista

Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?

It was totally clean install of Vista - not an update.
Avast was one of the first apps I installed.
I’ve not got any other third-party security apps installed. Though the windows firewall and Defender are running.
Otherwise it is a fairly generic dev machine. Vista, Office07, Visual Studio, platform & .net sdks, Virtual Server RC2, Firefox.

I’m not sure how that FAQ entry applies to Vista as it was for earlier windows versions, even then I don’t recall many actually having much success with it anyway. For some reason one of the windows services is hanging up the RPC service and that causes the red circle.

This has gone away after a short time once the RPC service is freed, does the red circle go away or is it there all the time ?

What avast version are you using, Home or pro ?

I think we will need some intervention from one of the Alwil team.

Although this relates to the RC versions of Vista, the checking of the logs, etc. may reveal something, http://forum.avast.com/index.php?topic=23102.msg190815#msg190815.

I’ll keep an eye on the icon. As far as I know it’s always there. I’m not near the machine right now but will watch it when I am.

It is an RPC error. When I left-click on the icon I get an Avast dialog pop up giving me a message about an RPC problem.

I’m using Avast Home.

The post you linked to looks promising. I’ve not read it all, but it seems to be about the Vista RC’s, whereas I’m using the RTM.

I’ll read the entire thread when I’m near the machine and check the logs.

I’ll let you know how I get on.

Later then, welcome to the forums.


The red blob is always there.
The link was all about pre-release versions of vista.

When I try to start the service it fails:


I’m a little out of my depth her not having used Vista, but the services are the same as XP The first two being ‘automatic’ and the second two ‘manual’ all should after a period have been started.

I guess the fact that the ashServ.exe the main scanning engine hasn’t started the two manual ones require this services to be able to scan can’t start. All the protection is dependent on this main scanning engine.

The windows error “The dependency service does not exist or has been marked for deletion.” is somewhat strange as it doesn’t state what dependency service it means, but it is usually the RPC service that causes the issue with the red circle (in XP) as you saw when you click on the avast icon.

I simply don’t know if this is one of the issues with the Vista UAC measures but since nothing is popped up I doubt it. Having gone through your original posts again I have a couple of questions, 1) how is this set-up ‘Virtual Server RC2’ and 2) what does it do, as the avast home/pro isn’t a server AV solution.

When you installed avast was it from the administrator account or a user account (that may have had UAC restrictions) ?

The avast services I have are:
avast! Antivirus (Automatic, Not started)
avast! iAVS4 Control Service (Automatic, Started)
avast! Mail Scanner (Manual, Not started)
avast! Web Scanner (Manual, Not started)

The above error is from starting the “avast! Antivirus” service.
Looking at the properties of the service I see:


Both the RPC and the DCOM service are running.

I suspect this could be a UAC thing.

The ‘Virtual Server RC2’ is probably a red-herring. The machine runs Vista as its base OS. VS allows me to run a XP instance as a virtual machine on the vista box.

When I installed avast I was an admin and probably (though I can be certain) had UAC off.

Please try running RegEdit and go to the folder HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast! Antivirus.

What does it say in the DependOnService value, exactly?


it’s a multi sz with values:

dmw: open a console window and enter two commands “fltmc” and “fltmc instances”, then post their respective output here. Thanks.

Hi pk.

Initially I ran the command prompt normally and got an access denied when I ran fltmc:


Filter listing failed with error: 0x80070005
Access is denied.

Then I started command prompt by right-clicking & run as administrator and got:


Filter Name                     Num Instances    Altitude    Frame
------------------------------  -------------  ------------  -----
luafv                                   1       135000         0
FileInfo                               12        45000         0

C:\Windows\system32>fltmc instances
Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
luafv                 C:                                      135000       luafv                    0
FileInfo              \Device\Mup                              45000       FileInfo                 0
FileInfo              C:                                       45000       FileInfo                 0
FileInfo              \Device\RdpDr                            45000       FileInfo                 0
FileInfo              H:                                       45000       FileInfo                 0
FileInfo              \Device\HarddiskVolume1                  45000       FileInfo                 0
FileInfo              \Device\HarddiskVolumeShadowCopy6        45000       FileInfo                 0
FileInfo              \Device\HarddiskVolumeShadowCopy7        45000       FileInfo                 0
FileInfo              \Device\HarddiskVolumeShadowCopy8        45000       FileInfo                 0
FileInfo              \Device\HarddiskVolumeShadowCopy9        45000       FileInfo                 0
FileInfo              M:                                       45000       FileInfo                 0    Detached
FileInfo              \Device\HarddiskVolumeShadowCopy10       45000       FileInfo                 0
FileInfo              M:                                       45000       FileInfo                 0

C:\ is my system volume
H:\ is my home drive
(C:\ and H:\ are the same physical disk)
M:\ is the DVD

Try performing this command from the console (start as Administrator):

fltmc load aswmonflt

Does that work?

Also, please check that the file \Windows\System32\Drivers\aswMonFlt.sys exists.


No joy :frowning:

Copy & Paste of my command prompt:

C:\Windows\system32>fltmc load aswmonflt

Load failed with error: 0x80070002
The system cannot find the file specified.

C:\Windows\system32>cd drivers

C:\Windows\System32\drivers>dir asw*
 Volume in drive C has no label.
 Volume Serial Number is 1061-3869

 Directory of C:\Windows\System32\drivers

15/01/2007  09:25 AM            44,376 aswMonFlt.sys
15/01/2007  09:26 AM            23,352 aswRdr.sys
15/01/2007  09:25 AM            43,176 aswTdi.sys
               3 File(s)        110,904 bytes
               0 Dir(s)  14,878,523,392 bytes free

C:\Windows\System32\drivers>fltmc load aswmonflt

Load failed with error: 0x80070002
The system cannot find the file specified.

C:\Windows\System32\drivers>fltmc load aswMonFlt.sys

Load failed with error: 0x80070002
The system cannot find the file specified.



Please try the following: in Explorer, go to the folder \setup\inf, right-click the file aswMonFlt.inf and choose “Install”.

Then restart the machine. Does that solve the problem?


It rebooted and I heard the reassuring:
“Virus database has been updated.”

That did it.

Thanks Vik (and all at Avast).

Vlk, is this a Vista option or can it also be used with XP, win2k, NT or is it only specific to this particular problem ?

I ask because (I haven’t seen this option in the forums previously) when the other FAQ options have been tried and failed, plus the usual culprits another AV, etc. have been ruled out, could this be as an option of last restore ?

aswMonFlt is certainly for Vista only (replaces aswMon2/aavmKer4 drivers on other NT-based systems).