Hello everyone, I already posted a similar thread in the Spanish forum but nobody is there, so sorry If I post this here. My English is limited, so forgive my mistakes.
I’ve been an Avast user since a long time and today at morning my computer just freezed. I was able to check the Task Manager and saw the process SF.bin.
I restarted, and as soon I tried to use Firefox, the Internet was not responding, I opened the Task Manager to supervise suspicious behavior, and tried to open Avast.
As soon Avast opened, SF.bin appeared and the system was stuck; So, I restarted and tried to uninstall Avast. I did it, the system hanged again but Avast and my problems were gone after restart.
So, what happened? I always update twice a day and had the latest version. Did the latest udpate corrupted the program? Bad luck?
Are you getting any error messages when this happens ?
The SF.bin is the code emulation part of the avast and is downloaded or updated on virus definitions updates.
What other security software (anti-spyware, etc.) do you have installed ?
What is your firewall ?
Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
Nope, nothing, the system just freezes without warning.
I’m using Zone Alarm Free, but I’ve been using it along with Avast for years without problems. I haven’t installed any new program.
This just happened today, never happened before. I unistalled Avast but I’m considering to give it a second chance.
Download avast again and save it where you can find it later (if you didn’t save your last download).
Download the avast! Uninstall Utility, aswClear5.exe find it here and save it to your HDD (it has uninstall tools for both 4.8 and 5.0).
If you installed another AV in the meantime, uninstall that first.
run the avast! Uninstall Utility from safe mode, first for 4.8 if previously installed and then for 5.0, once complete reboot into normal mode.- 2. install the latest version, reboot.
Then I would say it is some sort of conflict, though what that is is beyond me.
There doesn’t seem to be any adverse CPU % unless you captured the image after disabling code emulation.
Why are you running MemOptomizer ?
I have never found it an essential application and you don’t appear to be using much memory anyway - if you have a reasonable amount of RAM I would suggest leaving XP to manage memory.
Since SF.bin may well be using memory for code emulation I don’t know if also having a memory optimizer would help with stability. So I would suggest disabling MemOptomizer and enable code emulation again and see what happens.
Whilst it shouldn’t make any differences, I would advise that you don’t always use the Administrator account for normal computer use. I would use an account with admin privileges if you can;'t live with a limited user account. Any malware that happened to get past your defences would have unlimited free reign in your system.
What are you doing when this hangs ?
The reason I ask is that I don’t see SF.bin in my task manager setting under normal use, even during on-demand scans.
I just use MemOptimizer to clear my clipboard and check memory consumption. I use it everyday and never had any conflict with Avast before.
When it hangs, I’m usually surfing the web, checking Wikipedia or some text-based sites (no problems with Youtube, etc. so far).
Anyway, as I said before, I disabled code emulation and nothing freezes now. Maybe is a small bug with the latest update?
If it were a small bug I would expect to see it make more of an appearance in the forums.
The reason I suggested disabling memoptomizer is to check it that is an area of conflict. So if there is conflict removing one element of the conflict doesn’t confirm where the problem is.
In disabling it and running the code emulation again if it hangs again then it is not related to memoptomizer. This is a process of elimination and not something that is easy to pin down exactly what the conflict might be.
Hopefully Igor will get back to this topic and see if he has any tricks up his sleeves to gain more useful information, like creating a dump file when it hangs.
Oh well, guess what, I scanned my system with Malwarebytes and found a pesky trojan. I got rid of it and everything works like a charm, even with code emulation activated and MemOptimizer. No issues.
It seems that the Trojan was messing up with the sys memory and freezing the PC. Anyway, everything is working again and Malwarebytes earned a place in my personal security suite.
I had a similar experience, only not just with the puter freezing, but also being excluded from executing any programs on my desktop with the message i had no admin rights to execute any of the programs. Using a system restore point cured this scary issue.
lebob’s advice from the Comodo Firewall Forum on this topic works like a champ.
I use a wonderful free app called Process Explorer to monitor my puter’s activities, and found, like lebob, that there was a single program triggering sf.bin in Avast, a safe program I have been using for years without a problem, that just recently began triggering sf.bin in Avast, with subsequent alerts from Comodo that Avast was attempting to run sf.bin.
My offending app was ThumbsPlus4:
“I seem to have stopped the sf.bin alerts by excluding the program triggering the alert (newsleecher in my case) from Avasts file system shield.
I went to expert settings then Exclusions and added newsleecher and set it to only exclude on Execute.
hope this helps.”
1 There is an absolutely wonderful freebee named Process Explorer which puts Windows Task Manager to shame for the comprehensive information it provides. Download Version 14.01 of the app from: http://technet.microsoft.com/en-us/sysinternals/bb896653
2 99% of the time sf.bin is triggered by a specific .exe app being executed. Avast sees the app as a threat and issues an sf.bin, which Comodo and other firewalls respond to with their own warnings. Most of the time this sequence is triggered by a completely benign and trusted .exe being executed which most likely is designed as a Packed Image. Malware, including viruses, spyware, and adware is often stored in a Packed Image encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus, hence the reason for the Avast sf.bin alert, EVEN THOUGH the .exe may be COMPLETELY BENIGN.
3 Process Explorer will show you the moment Avast issues the sf.bin process, it’s source app trigger, and when the source app is running, whether or not it is in Packed Image format.
4 The simple trick here is to PREVENT the sf.bin from being triggered in the first place using lebob’s elegant, simple solution – After identifying the app triggering the sf.bin in Avast –
5 Open Avast’s Real Time Shields > FILE SYSTEM SHIELD TAB, and click on the EXPERT SETTINGS button; select the EXCLUSIONS option; click the ADD button; browse to the target app .exe pathname; CHECK the X field to EXCLUDE SCAN ON EXECUTION; click OK and you’re done. No more sf.bin appearances.
