Full scanned computer a few days ago (Avast and Malwarebytes) found no problems.
Always run browser in Sandboxie.
Today at 5/17/2013 12:24:56 PM The virus definitions have been automatically updated to version 130517-0.
A short while later I started my browser in sandboxie and Avast flagged sandboxie’s start.exe as having one-half-3666. Then other things got flagged… malwarebytes, note++, etc. These are all programs/dlls that were in my right-click context menu. They were in the virus chest… scanned them and no virus found.
Rebooted. Avast would not start up. Log shows:
5/17/2013 1:39:42 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 1:39:42 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 1:39:42 PM aswServ::AavmStart ERROR…
5/17/2013 2:00:00 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 2:00:01 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 2:00:01 PM aswServ::AavmStart ERROR…
5/17/2013 2:16:44 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 2:16:45 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 2:16:45 PM aswServ::AavmStart ERROR…
5/17/2013 2:21:42 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 2:21:42 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 2:21:42 PM aswServ::AavmStart ERROR…
5/17/2013 3:00:56 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 3:00:57 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 3:00:57 PM aswServ::AavmStart ERROR…
5/17/2013 3:07:55 PM Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/17/2013 3:07:55 PM AAVM - initialization error: AavmStart: CreateScanEngineHandle failed, 00000008.
5/17/2013 3:07:55 PM aswServ::AavmStart ERROR…
5/17/2013 3:51:52 PM HttpDaemon accept: A blocking operation was interrupted by a call to WSACancelBlockingCall.
Tried to do a system restore to a previous time. It failed because it could not recover D:.…Avast…\Virus(Defs). NOTE that I don’t have a drive-D. Everything is on C:
I don’t believe I have a virus so I ran malwarebytes full scan and nothing found. Then tried to repair avast. It failed. Ran installed again and it is now up and running fine.
I think there is something wrong with the update. Please check it out. I don’t believe I have any virus… but I’d like to know for sure.
I am going to do a restore point and let Avast update again but I am hesitant at this point.
Before you restore to a prior known good, untick avast! self-defense module to allow it to allow it to run in the new environment it will find itself in on restore.
Open avast gui (program window) and select Settings>Troubleshooting. Untick self-defense box. Close window and program. After successful restore, re-enable (tick box for self-defense) self-defense module for continued protection.
I’d give your system a day or so to see if any warning boxes pop-up. Test urls are here to see if you actually have active protection or not. As these are for testing purposes only, they will not harm your system:
Attach the four logs for the first four programs listed in your next reply. Once this is done, I can notify a certified malware removal expert to assist you in cleansing your system.
I ran the system restore using a Windows boot recovery disk so the OS was not running and neither was Avast. So the system restore failure was not related to Avast preventing it. The recovery files were corrupted possibly.
The system is up and running fine with no problems by my reinstalling Avast and restoring all the false positive files from the chest.
The virus Avast flagged them as appears to be a DOS virus. Doesn’t make sense.
I will rescan my system with multiple tools and check for rootkits using a rootkit tool.
I’ll try to update the defs first.
Curious if anyone else encounters problem after the update.
I was unaware you used a recovery disk that runs in the place of Windows; Windows will not run if you use another operating system to recover. A good example of that is the Windows Pre-installation Environment bootable CD. Here, the cd will claim the drive letter c, and windows will have drive d assigned to it. Hence, avast! is now on drive d as long as the Windows PE disk is running.
If you should ever use the normal Windows System Restore, then the tips above will apply regarding disabling/enabling the self-defense module.
Any particular reason to not have gone up to avast! 8.0.1489 version yet?
Tip: Set Sandboxie to automatically delete the sandbox when you close your browser or any other program you run under the auspices of Sandboxie. If set properly, it will notify you of any files left in the sandbox you may wish to recover before it finally closes. That way, if bad stuff happens (and it does, had a Trojan attack that both avast! blocked and sandboxie contained, 576 blocks by avast! alone in twenty seconds!) all the bad stuff will be automatically deleted when closed.