Scanning error 00000005 - Firefox settings.

I have noticed a few errors in the antivirus event log like this:

Event Type:	Error
Event Source:	avast!
Event Category:	Client 
Event ID:	90
Date:		2008-11-21
Time:		07:26:38
User:		N/A
Computer:	*********
Description:
AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.  

It doesn’t seem to be anything serious and is not reproducible. Manual scan does not produce any events.

The famous error code 00000005! What could it be? ???

XP pro SP2++, Avast Home

The famous error code mean access denied. Maybe file is in use, maybe not enough rights.

This must be an ordinary on-access scan with administrator rights that fails. Are you suggesting that Avast cannot scan all files that are accessed?

No, I’m not. But we’re discussing verbose of the log… Of course avast can access all files on-access and being load in the memory. On-demand is another history…

Thanks a lot, Tech.

This leads to 2 new questions.

What can cause an access violation in an on-access scan?

Is there any documentation about the limitations of on-demand scanning? I haven’t noticed any.

I just noticed that there is also a warning in the log, just after the error:

Event Type:	Warning
Event Source:	avast!
Event Category:	Client 
Event ID:	90
Date:		2008-11-21
Time:		07:26:38
User:		N/A
Computer:	*********
Description:
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS) returning error, 00000005.  

Maybe this clarifies something?

Update:

I found this in the error.log:

20-11-2008	11:56:40	1227178600	bank	1428	AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.  
21-11-2008	07:26:38	1227248798	bank	1184	AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MZPVQBMS.DEFAULT\PREFS.JS failed, 00000005.  

This shows that Avast tries to scan a file in the administrator account, when I’m logged on the “bank” account! This should give an access violation, of course. But, as I said, it must be an on-access scan. I don’t run any scans when i do banking :slight_smile: I just run Firefox and Java.

The problem seems to be reproducible. Maybe it is related to logon. I have seen other files in DOCUMENTS AND SETTINGS being involved. Seems to be a little random.

Is there any way to find out what causes Avast to scan these files, like which program tried to access the file?

I need answers from the programmers.

avast does not go and scan files of its own accord. It is scanning the files being accessed by the programs running on your system.

In this case you appear to logged on as user “bank” (and I am guessing that this is a non-administrator user). It appears that your default Firefox profile is set up in the administrator account. Firefox is trying to access the prefs.js (Firefox settings) in the administrator’s account when you are logged on as “bank” and avast is trying to scan the file under those credentials too. So the access is denied.

I’m afraid that this has nothing to do with Firefox. It happens at logon as bank. Today these errors we logged:

2008-11-23 09:20:41	bank	924	AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\documents and settings\****\application data\google\google earth\googleearth.exe failed, 00000005.  
2008-11-23 09:20:43	bank	924	AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\documents and settings\****\application data\mozilla\firefox\profiles\2rzymred.default\flashgot.exe failed, 00000005.  
2008-11-23 09:39:57	bank	924	AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.  
2008-11-23 09:39:57	bank	924	AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping failed - client probably died, 00000008.  

Is it possible to make Avast inform about the program that tries to access the files? Debug log level?

I managed to solve this problem! It turns out that my firewall checks a lot of files for some good reason, and only a few files are inaccessible.

I used Sysinternals’ Process Monitor to produce a boot log of an entire session. Awesome program! It will tell you all about which program opens those inaccessible files (and everything else!). I recommend this procedure to all users with 00000005 problems. :slight_smile:

I take it that this also relates to your other topic on the error numbers (00000002 and 00000008) e.g. the firewall poking around ans avast being forced to scan what it is poking ?

http://forum.avast.com/index.php?topic=40344.msg337861#msg337861

No, the other errors were the only errors at that time, so there is no relation between the 2 situations.

Yes, but what caused the files to be scanned in the first place (for the scan to fail) is the point I was also trying to make.

Nice to meet you again, David :slight_smile:

The cause is unknown. A random on-access scan, I suppose. That’s what the event message should tell you.

We are now cross-posting in 2 threads. I suggest that we consider this one solved and closed.