Runtime Error! (R6034)

system · January 7, 2007, 6:14pm

http://img402.imageshack.us/img402/1121/avasterrorfz0.png

The following Error message was displayed before the Avast! Virus warning was displayed after I visited youareanidiot.org with Firefox 2.0.0.1 on WinXP SP2.

Displaying the Virus warning is OK, but the error should not be displayed.

I use avast! Version 4.7 Home Edition
Build 4.7.892
Xtreme Toolkit Version 1.9.4.0
ActiveSkin Version 4.2.7.3
VPS version is 0701-1

Lisandro · January 7, 2007, 7:46pm

Dr. Web could not scan this page:

Can`t fetch file pointed by your url. This may be caused by several reasons: * Remote file is not available (not found, requires authentication, permission denied) * Remote site is down, or very slow, or busy * No network connectivity between Dr.Web online server and remote web-site

Not even with www before…

DavidR · January 7, 2007, 8:22pm

McAfee Siteadvisor review of www . youareanidiot.org One reviewer comment reports a virus infection at that site.

However, I was able to check it with DrWeb and shows clean.

With firefox and noscript extension, no avast detection. Other than the infuriating flash presentation, nothing.

system · January 7, 2007, 10:24pm

My avast gives the following warning

…
Dateiname: h t t p : / / y o u a r e a n i d i o t . o r g / s c r i p t / y o u . j s
Malware-Name: VBS:Malware [Gen]
Malware-Typ: Virus/Wurm
VPS Version: 0701-1, 05.01.2007
…

so it is clear that there is no alert with noscript extension, because the Problem comes with the JS

DavidR · January 8, 2007, 12:02am

DrWeb link checker also finds a virus in http :// youareanidiot.org /script/you.js a different name but a trojan.no.close. So the detection would appear valid for the you.js file.

VirusTotal also detects it under many names, mainly spawn, windowbomb, noclose, etc.

system · January 8, 2007, 10:09am

Displaying the Virus warning is OK, but the error should not be displayed.

So, as I said, for me it is clear that the virus warning is displayed. But the Runtime Error should not be there.
My questions are:
1 What is wrong that it is displayed?
2 What can I do that it will not be displayed in future?

I already uninstalled avast! and reinstalled it but the error is still there!

(The JS produces 5 Windows that change Position every second, checks if there are 5 Windows open and open new ones if there aren’t. Pretty nasty )

Lisandro · January 8, 2007, 12:27pm

We need help from the programmers…
The warning is ok as you’ve said. avast shouldn’t crash…

Vlk · January 8, 2007, 2:30pm

Quelb, is the problem reproducible? I don’t seem able to simulate it here…

system · January 8, 2007, 3:35pm

Yes, it is reproducible. Every time I visit the website the error occurs.

system · January 9, 2007, 1:37pm

Now I uninstalled avast and used aswclear.exe to clear everything but the Problem is still there after reinstalling (setupger.exe).

German WinXP home SP2

igor0 · January 9, 2007, 1:53pm

So, the error appears after you close the virus dialog with the “Abort connection” button, or even before, when the virus dialog is still visible?

system · January 9, 2007, 4:59pm

The first thing I see is the Runtime Error, the dialog with the “Abort connection” button appears after I clicked OK on the Runtime Error dialog.

Vlk · January 9, 2007, 11:15pm

Could you please try upgrading to build 4.7.932 and see if it has any effect on the problem?
http://forum.avast.com/index.php?topic=25697.0

Thanks
Vlk

system · January 10, 2007, 12:02am

I have now updated to 4.7.932 and did a reboot. (VPS now 702-0)
There is still the same Error message before the avast! virus alert window opens.

The sound is already played during the error message is displayed.

Vlk · January 10, 2007, 5:19pm

I have a couple of more questions:

Is Microsoft Visual Studio 2005 installed on your machine?
Does the problem happen if, instead of waiting for the virus dialog, you simply double-click the avast tray icon (and the avast on-access scanner dialog appears)?
Please try doing the following: download Process Explorer from http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx, simulate the problem (i.e. have the R6034 dialog on the screen), then run Process Explorer, scroll the process tree to ashDisp.exe, press Ctrl+L to display the lower pane, press Ctrl+D to have DLLs in the lower pane, and then click Ctrl+A to save the contents of the window to a text file. Then post the contents of that file (or attach it to your post).

Thanks
Vlk

system · January 10, 2007, 6:15pm

No, Microsoft Visual Studio is not installed
If you mean clicking without visiting the website: there is no error.
will follow soon

system · January 10, 2007, 6:23pm

Here is the output of Process Explorer:

Vlk · January 10, 2007, 6:29pm

These are the foreign modules that are loaded in the process:

~DF6E71.tmp
DM2.dll
RollWindows.dll

Do you know what they belong to? And can you please please send (the DLL files) them to my email address? (you can find out their full path by double-clicking on them in the Process Explorer lower pane).

Thanks
Vlk

system · January 10, 2007, 6:41pm

I do not know the first one (looks like a temporary one) the others belong to DM2 (http://dm2.sourceforge.net/)
With DM2 closed the Error still occurs, but the DM2.dll and the RollWindows.dll are not in the list.
The ~DF6E71.temp is in my %TEMP% folder.

Mail is sent

Vlk · January 10, 2007, 8:52pm

Hmm, neither of the files seems relevant… :-\

What I’m looking for is someone that’s loading the msvcr80.dll library. This library should NOT be there (and before the Runtime error message occurs, it’s probably not - can you pls confirm?)

This is the Microsoft C++ runtime library from Visual Studio 2005. Any idea who installed it and how it got loaded to the avast process?

Thanks
Vlk

Runtime Error! (R6034)

Announcements