red icon missing in the tray

Today, when I disable “boot scan”, the red icon with a white cross in the tray doesn’t pop up anymore. I can only see a little red circle on the “a” blue icon. Someone can help me?

Well avast doesn’t use a Red icon with a White cross, so that is something entirely different.

The red circle on the avast ‘a’ icon is an indication avast isn’t running.

  • Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?

  • What avast processes are running in Task Manager, they begin with ash or asw, see image ?

You shouldn’t have to disable a boot-time scan as it is set to run after initial install (if you choose to do that) or you actually scheduled it, so I’m not entirely sure it is that you are doing here.

I suggest you remove your email from your post (Modify) unless you like spam as it could be harvested by a spambot.

Thank you very much, DavidR, for your answer: now I think I have understood the “missing Red icon”. It was a warning of “Windows XP (home edition) Security Center” (I hope this is the right translation): for some mysterious reason now they have decided to eliminate that red icon when I disable the boot-time scan. Note that I do this disable only during the installation of some heavy new program (after downloaded and “avast checked” it).
No other AV ghost programs in my PC, and Task Manager is mirror of yours.
About your suggest to remove my email, I have hidden it from my profile, but I don’t know how to remove it from my first post…
Thanks again
Paolo

PS: I successfull removed my email from the first post with “modify”! Excuse me for my fault.

Well WSC icon is a Red Shield (not circle) and has a white X not + cross and is normally accompanied with the speech bubble.

See image, is that what you say ?

Remove the email from the bottom of your first post, you are the only one that can see the little email envelope in your profile, we can’t.

Edit: Quoted text removed.

I’m still unclear, but I believe you don’t mean boot-time scan but disable avast, frankly this is crazy as when you install something heavy or otherwise is when you need your AV most.

If so then it looks like the WSC is disabled or you aren’t monitoring the AV, in the WSC ?

Excuse me for that confusion: yes, the little red circle is what you say:

The red circle on the avast ‘a’ icon is an indication avast isn’t running
, and pops up when I disable “Protezione all’avvio”.

Well WSC icon is a Red Shield (not circle) and has a white X not + cross and is normally accompanied with the speech bubble. See image, is that what you say ?
: yes, is that what I said, but I don't understand why it doesn't pop up anymore.
If so then it looks like the WSC is disabled or you aren't monitoring the AV, in the WSC ?
: The WSC is perfectly enabled, and I'm monitoring AV...
this is crazy as when you install something heavy or otherwise is when you need your AV most.
: I disabled AV because I remember that on an old PC (with McAfee AV) they suggested to temporary disable AV during a program installation! From today I will not do it anymore! Email removed at all, thanks.

OK so the GUI of the Windows Security Center appears to be enabled and monitoring avast, there are however some registry entries than can be disabled so the WSC doesn’t actually report, run this application as that will check for this type of registry modification.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Yes, years ago it was common practice to disable AVs before installing many applications (mainly because the application suggested you do it). However, operating systems, applications and anti-viruses have advanced from then where you shouldn’t need to disable them.

There as always some exceptions to this rule, as some high powered malware cleaning tools need to have the AV disabled or it would stop them doing their cleaning. These aren’t your regular anti-spyware/malware applications (like MBAM above) and anyone advising a particular one would give instruction on how to use, including if your AV needs to be temporarily disabled.

Just to show you no one else can see your email in the post details to the left of every post, see image, you can see the envelope and we can’t.

Thank you again for your time spent for me, DavidR, tomorrow I’ll execute that application and I will notify you all the results: have a good day.
PS: If you like trekking and nature, look at attachment: That’s a flower I found during one of my treks in Appennini mountains, near Florence.

No problem, glad I could help.

Very nice image, but my trekking days are over bad knees 27 years in the military much of it parachuting.

Welcome to the forums.

OK so the GUI of the Windows Security Center appears to be enabled and monitoring avast, there are however some registry entries than can be disabled so the WSC doesn't actually report, run this application as that will check for this type of registry modification. If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

OK, I’ve installed Malwarebytes and run a “quick scan”; that is the log:

Malwarebytes’ Anti-Malware 1.36
Database version: 2145
Windows 5.1.2600 Service Pack 3
17/05/2009 19.04.30
mbam-log-2009-05-17 (19-04-30).txt
Scan type: Quick Scan
Objects scanned: 77150
Time elapsed: 3 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

After quarantined the infected registry key, that is the log of another scan (“Full”):

Malwarebytes’ Anti-Malware 1.36
Database version: 2145
Windows 5.1.2600 Service Pack 3
17/05/2009 20.16.14
mbam-log-2009-05-17 (20-16-14).txt
Scan type: Full Scan (C:|)
Objects scanned: 160637
Time elapsed: 26 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Seems that you’ve corrected the problem, haven’t you? Is it everything ok now?

I don’t believe so, as that registry entry doesn’t seen to have anything to do with the windows security center, so we will have to wait for ponticelli to confirm.

I don't believe so, as that registry entry doesn't seem to have anything to do with the windows security center, so we will have to wait for ponticelli to confirm.

You are right DavidR: even if I’ll never disable boot-scan (It’s what I made every time I installed a program, not disable Avast in the WSC!!), if now I try to disable boot-scan, no “Red Shield with white X accompanied with the speech bubble” pops up. When I made this disable some days ago I saw red shield popping up and a warning balloon: now it doesn’t happen anymore.

You are still confusing me with your use of the term “now I try to disable boot-scan, no Red Shield”

Disabling the avast boot-time scan has nothing to do with disabling avast, so I don’t actually know what it is that you are doing. The avast boot-time scan has a distinct function and is independant of avasts on-access protection, so disabling that makes no difference, not to mention is isn’t enabled unless you specifically schedule it for the next boot. So I’m confused as I was in my very first reply…

If you right click on the avast icon and select Stop On-Access protection (that is disabling avast, see image) then the WSC Alert should, is this what you are doing ?

I’m sorry, but that confusion comes from a bad translation of Italian “protezione all’avvio”; now, seeing your image, the disable that I mean is just “Stop On-Access protection” (the man who translated from English made an error, because “boot” means “avvio” in Italian, so the misunderstanding).

If you right click on the avast icon and select Stop On-Access protection (that is disabling avast, see image) then the WSC Alert should

No Alert pops up, some days ago it popped up, like I said in my last post.
Excuse me again.

OK, that has cleared up the confusion.

Well there is certainly something wrong with the WSC then but what is the question.

If it reports that the anti-virus is running in the WSC interface when it is running, then it should report using the Red shield when it is disabled.

Try this:
Windows XP SP2, SP3 Start, Run, type cmd and click OK.
From the command prompt type ‘rundll32 wbemupgd, RepairWMISetup’ without the quotes and enter.

If that doesn’t work try:

* Click Start, Run and type CMD.EXE
  • Type this command and press Enter:

net stop wscsvc
net stop winmgmt

  • Using Windows Explorer, rename the folder %windir%\System32\Wbem\Repository. (For example, %windir%\System32\Wbem\Repository_bad.). %windir% represents the path to the Windows directory, which is typically C:\Windows.

  • Switch to Command Prompt window, and type the following and press ENTER after each line:

net start winmgmt
net start wscsvc

EXIT
Reboot

The above are related to problems with the WSC not recognising the anti-virus or firewall, so I don’t know if this process will bump start it into working properly.

I’ll be glad to try your work for this problem: now here in Italy is 9 pm and tomorrow morning I’ll try that (I usually wake up at 5 am…)
Thanks again

You’re welcome.

Try this: Windows XP SP2, SP3 Start, Run, type cmd and click OK. From the command prompt type 'rundll32 wbemupgd, RepairWMISetup' without the quotes and enter.

I’m testing your patience… Sorry, but my knownledge of DOS is veeery poor: this is my first try (see attach)

Whilst you shouldn’t have to CD into the system32 folder, the system Path setting should have taken care of that. However, it doesn’t give a reason why that would make it fail, I don’t know what the ‘Voce mancante’ means, but google does Item missing, which is strange as I though that the RepairWMISetup was like a parameter for the wbemupgd.

So all I can suggest is to try the second longer option that was contained in the quoted text of the same post.

I don't know what the 'Voce mancante' means, but google does Item missing
Yes, the translation is OK.
So all I can suggest is to try the second longer option that was contained in the quoted text of the same post.

I tried that second longer option but same result: If I disable Firewall from control panel or disable “Avast Stop On-Access protection”
from “a” icon in the tray, nothing happens…

To conclude this strange story, I am conscious about the WCM status, either for Firewall or for Avast (Avast in any case adds the red circle on the “a”), so I should think to make sleep this problem…