Re: Avast: Ini File Modification screen

Over the last few days I keep getting this screen that pops up and says:

Avast: Ini file Modification

A program is attempting to modify an Avast Ini file possibly changing some of its system wide settings. Some of the settings can even disable realtime protection.

Of course I say No to it but am wondering on this…help :slight_smile: I am using 4.8 Professional version.

Thanks in advance.

Natalie

This is part of the new self-defense function in avast 4.8.

At the bottom of that popup message from avast is the name of the process that is trying to make the change.

Next time you see it please post it here.

Hi,

I’m not the original poster, but I get this same pop up every time I’m saving my disk.
When asking for details, the program attempting the modification is said to be :
ntbackup.exe
which, of course, is the program I’m using for saving under Win XP Pro SP2
My Avast home version : Apr2008(4.8.1169)

I’m not really anxious about this problem, excepted you have to remain present
while saving, since you have to answer!

Thanks for your attention, Alain

Edited : this is a strange behaviour by ntbackup, after all, since it is only supposed
to read what it is saving!

anaigeon, as far I know, this issue will be addressed in the next program update.

To temporarily disable the avast self defense module:

  1. Right click the ‘a’ blue icon on system tray.
  2. Programs settings > Troubleshooting (tab)
  3. Disable self defense module

anaigeon said:

When asking for details, the program attempting the modification is said to be : ntbackup.exe

Yes, this is a confirmed problem. The problem is that ntbackup.exe is trying to reset the last file access time, but technically, this is also considered as ‘change’ by avast and therefore triggers the consent dialog.

It will be fixed in the next avast program update.

Thanks
Vlk

Here is what is at the bottom of this Avast: Ini File Modification screen:

Requesting process C/avast\system32\zonelabs
avsys\scanning process.ext

Also today I got another box to appear it said Virus in Root detected. I do also have ZoneAlarm Professional on my pc.

Thanks so much for all the help :slight_smile:

Natalie

This also affects Veritas Backup Exec. The BEREMOTE background service is also triggering this. Every workstation on my network can no longer be backed up automatically :(.

Thanks, it worked for me - no pop up, backup wasn’t interrupted. :smiley:

Now I have a strange idea about this last access date : suppose I just want to read it → I have to access the file, and thus, it will update this date ::slight_smile:

You may temporarily disable the avast self defense module:

  1. Right click the ‘a’ blue icon on system tray.
  2. Programs settings > Troubleshooting (tab)
  3. Disable self defense module

Which is the name of the process that appears at the bottom of the avast warning message?

Disabling the function, will we be at a higher risk of getting viruses?
Anybody knows if the Avast people is aware of it? It would be good to inform them so that they can fix it and launch a new version quickly…

Yes, a new update will be released soon. This particular problem has already been fixed in our internal builds.

Bagle viruses could disable and destroy avast installation. But, of course, it won’t be present in a safe browsing… Maybe you can stand with it more days until next update.

I have just updated to V4.8 and am now getting the message:

"Avast!: INI file modification

A program is attempting to modify an avast! INI file, possibly changing some of its system-wide settings. Some of the settings can even disable avast realtime protection.

Do you want to continue ?

(Select No unless you are performing the action intentionally)…"

I select ‘no’.

This is causing considerable problems for me as the message keeps re-appearing and more concerningly is significantly slowing down my PC and affecting a number of functions including stopping me closing-down my PC using Windows shut-down function.

I am using Windows XP Profewsional and never had any such issues when using V4.7.

I note the comments posted from oher users where similar problems have been encountered but no-one has citred the wider Windows issues I am experiencing.

Pleaswe could Tech advice what I need to do ASAP and when teh update that corrects is being issued.

Many thanks

It would be helpful if you could include the name of the process trying to update the avast4.ini file - this appears at the bottom of the popup alert.

The alert is coming from a new self-defense function of avast that has been introduced in avast 4.8.

If this is causing you problems in using your system them you can temporarily disable this function via:

avast Program Settings > Troubleshooting > check the "Disable avast self-defense … " box > OK

Disabling this feature does not affect the other antivirus protection of avast and will leave you no worse off than you were with avast 4.7. However, please keep an eye out for the next update to avast and remember to go back and uncheck the box to see if the latest avast updates have taken care of the problems you are encountering.

windows/system32/zonelabs/avsys/scanningprocess.exe

This is what I’m showing as the requesting program on teh re-write ini popup.

I’m running XP Pr and ZA Security Suite 7.0.470.000

I believe you need to uninstall/disable the ZA anti-virus module as having two resident AVs on the same system is the recipe for conflict.

Can you answer the questions from Alanrf?

I install 4.8.1178. It seems to me that the problem with ini file modification was not solved in this pre-release. At least I’m obtaining the same modification warninng during search in Far Manager.

Well, the Far issue…
As a long time Far user, I’m sad to say that this issue is virtually unsolvable.
The problem is that when doing a file search, Far indeed opens all files with full Read/Write access and there’s no way for us to distinguish between the Search case and an Edit case.

Vlk