Unusual phenomena during update

Last night when a signature database update was performed (120213-2), I happened to spot an x icon over the Avast tray icon, but it dissappeared quickly and nothing else happened. I noticed today while looking into the Prefetch folder that DRWTSN32.exe ran at the same time, even though I don’t remember any error messages popping up. I looked at the event viewer and found an error log with the following description:

“The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.”

Roughly three hours before that moment, I experienced a BSOD, but it was missing the paragraph that would indicate the cause of the crash (the second this year).

ANy ideas?

Are you using the beta (version 7) or the current stable release (version 6)?

We may send a minidump for that but for the meantime, let’s sort out some things. What were you doing when the BSOD appeared? Does the BSOD have any avast-related message?

I’m using version 6 The first time the BSOD appeared was on the 25th January. I started up Photoshop roughly 15 minutes after a reboot. Chrome was also running but I didn’t really do anything else. The second occured yesterday, when the computer was more or less idle. I had a video loaded in from a streaming site (loading was already finished minutes ago) and I just left for a minute or two to grab check on something. When I came back, the first thing I saw was the familiar blue screen with the white text. No avast related message, or any type of message that would point to the cause of this was displayed.

If this is how it was supposed to look like
http://en.wikipedia.org/wiki/File:Windows_XP_Blue_Screen_of_Death_(PAGE_FAULT_IN_NONPAGED_AREA).svg
the second and third paragraphs were missing entirely. It went straight from “Windows has been shut down to prevent damage to your computer” to “if this is the first time you’ve seen this…”

Event viewer didn’t seem to specify any errors either, other than a “system error” with a time tag AFTER the reboot and error logging. I ran a CHKDSK with the R parameter just to be on the safe side then did another reboot and ran a quick scan with avast just to be safe, and everything was working fine until a little more than 2 hours later when that strange thing happened during the update.

Someone told me malware could give false Blue Screens or cause actual ones. I didn’t think that would be the case specifically because Avast never found anything. But after this, I’m really afraid of the possibility that it may have been compromised.

On a related note, which is the latest version of the virus signature database? I received no update notification when I turned on my comuter. I withheld posting this reply until I see Avast attempt another update (which it did a few minutes ago) but it claims to be up to date, with version 120213-2.

http://www.avast.com/virus-update-history

I saw that but when I made the post the virus update history wasn’t updated on the site. Experience shows it could take any amount of time from half an hour to an entire afternoon. That said, Avast just updated 5 minutes ago without any suspicious oddities. I’ll keep my eyes peeled for further undesireable occurences.

Okay…
So I didn’t see any suspicious activity since the last post. Everything seems to be working normal.

Is there any reason I should suspect that Avast has been compromised or was the original incident just a one time bug?

Probably just a glitch somewhere, just keep an eye on it and if needed there is the repair feature or the next step would be a clean install.

I wouldn’t mind knowing if there’s a way to tell if Avast was compromised by a virus, or is that usually more obvious?