Avast!4 Pro, up to date (automatic program and AVS updates, permanent connection)
Since I have a (SPI) firewall appliance I only use Windows XP (SP2) firewall.
Observed suspicious network activity. Therefore I tried to perform a boot-time scan.
Have done this many times with the current and unmodified configuration, but now avast claims always a keyboard error.
Message: 0 files scanned … and the boot continues. I have a standard PS/2 keyboard, entering and modifying the BIOS setup and/or the RAID controller BIOS is working OK, therefore the “keyboard error” must be false !
Performed a online Scan with Microsoft One Care. Win32/FSmall.gen!Z detected (Alias: Trojan-Downloader.Win32.Small.gen )
Unfortunately I let MOC simply remove the affected file instead of trying to isolate and send to Alwil for analysis first …
Performed scans in save mode with 4 different scanners (Kaspersky, Sophos, Trust, McAfee) - nothing found, therefore I am quiet sure that my system is clean now.
Reinstalled Avast!4 Pro - but boot-time scan still does not work !!
The “Trojan-Downloader.Win32.Small.gen” Virus is known since early 2006 at least and I am frustrated that Avast did not detect the infection. I don’t remember having performed any dangerous action. Recently installed programs are all original and mainstream standard applications …
I am quiet intrigued. Until now I was sure having the best antivirus solution - but now I am afraid that Avast is not as sure as I believed …
Questions:
Has anybody a idea where the keyboard-error on boot-time scan might come from ?
Is there any avast.ini parameter allowing to force a boot-time scan ignoring the keyboard ?
enclosed a pic of the situation (sorry, it’s a german version)
Avast starts
Message: ESC to stop the scanning (off course I didn’t touch anything at this stage …)
Immediately Avast shows : Keyboad error and (skipping the scan) three lines telling that 0 files, 0 folders where scanned, and 0 infected files have been found
1 second later, without asking any confirmation the boot process continues.
I tried everything, even telling Avast to delete all infected files and to delete or move system files (without prompting for permission) … see pic 2
By the way, I forgot to tell, in the very beginning avast could’nt be opened.
Therefore I made first a scan with an up-to-date avast cleaner: w.o. any result.
After reboot avast could be opened again and I sceduled a boot-time scan (with the above effect … skipping the scan with keyboard error)
I therefore scanned the machine with Microsoft One Care … it found and deleted the virus.
I then updated the 4 other AV scanners mentionned, deactivated the NIC, rebooted in save mode. The 4 command line scanners didn’t find anything apart of a few corrupded files in non critical areas …
I then reinstalled a Avast (latest download), but the keyboard error at boot-time scan remains!
??? ??? ???
Hope we can find a solution - it’s only 2 month ago I upgraded my system with a Core Duo Quad and a new mainboard. Thinking about reinstalling the whole system again turns me nuts …
I tried boot time scan today, but it didn’t complete because of keyboard error. I am using wireless USB keyboard, Logitech internet 1500 laser cordless desktop. Can’t understand why avast! gives this error, because BIOS recognizes at the startup my usb keyboard and mouse. Have no problems with windows use either. Have the trojans on my virus chest; Win32:LoadAdv-H [trj] and Win32:Agent-LUK [trj] Could they give the keyboard error ???
I’m sure I’ll muddle this up. This has been reported before, it seems on some systems, avast starts before the handoff from the bios drivers to the windows drivers.
Hmmm… bios ‘drivers’ are loaded before avast…
avast should work with USB keyboards when this hardware is allowed into bios settings.
That’s the reason I’ve read but did not post here before… It’s strange.
But, indeed, a PS2 keyboard will do it.
I don’t think the bios drivers are piece of software but hardcoded in the chips.
But you’re question remains. I’m not the one will be able to answer it for sure.