User's FAQ

Windows Explorer Context Menu

Be careful: This requires Windows Registry Edition. Backup your Registry first! Do on your own risk!

If, for any reason, you cannot see the line Scan… for viruses in the Windows Explorer Context Menu for an specific extension, go to the Windows Registry key:
HKCR*\shellex\ContextMenuHandlers
Copy the avast! subkey and put the same (subkey) to the missing file extension, for instance, the .pif file:
HKCR\piffile\shellex\ContextMenuHandlers

You can remove the avast! context menu extension by removing the avast! entry from that keys:
HKEY_CLASSES_ROOT*\shellex\ContextMenuHandlers
and
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers

Greyed out areas on the avast! Menu (both Home and Professional version)

When you run (finish) a scanning test, these options should be available (but only until you close avast!).
However:
Last Scan Results will be available only if there were any results, i.e. if any virus has been found.
View Scan Reports will be available only when the creation of the report file is turned on (Settings / Report file).
Status Information just refreshes the initial screen of the Simple User Interface (VPS Info, etc).

Karma

What was the Karma?

Karma was a kind of popularity thing. It was purely for fun, and it offers no kind of functionality/limitations. The idea behind karma is that people can smite or applaud a user, affecting their karma by +1 or -1. This results in users having a kind of score, which reflects what people on the board think of them. There were several ways to manipulate the karma in the forum. The number of karmas shows the difference between the ‘applauds’ and the ‘smites’ you got. There were two buttons for these actions. If you like somebody you can applaud him/her if you don’t like you were able to smite him.

  1. The Administrator could set it up so only a certain member group can use it. This is useful for points systems. You can restrict the use to the Administrator member group and use Karma to dole out points to users.

  2. The Administrator can set a wait time. The wait time effects how often people can repeat an option. Setting it larger means you can’t affect someone’s score as much as you could if the time was less. While you aren’t allowed to repeat an action (smite vs. applaud) within the wait time - you can change your mind at any time.

  3. The Administrator can restrict it so that only people with a certain number of posts can smite or applaud - this will prevent people from registering just to smite or applaud.

  4. And the Administrator can show either the net karma or the +/- numbers. This is interesting, as a user with only 50 posts, but +70/-72 is obviously much more controversial than someone who’s posted hundreds of times, but has only a +/- of +5/-7

Right now it is a disabled function with a lot of controversy… At the end of 2003, a discussion in the forums get terrible bad and a lot of others were involved. The avast! team had to wait some time to react but the forum atmosphere were ‘explosive’. The webmaster close all threads about the karmas and remove the buttons of applaud and smite. Maybe someday we will have the ‘karmas’ again… But I think it will take some time for it.

Differences between the Home and the Professional version

About the differences between Home (free) and Professional versions see:

Remarkable points:

  • Scheduling
  • Push updates
  • Enhanced User Interface and the possibility to do and configure a lot of things inaccessible by the Simple UI (such as setting of automatic actions for the on-access scanners (mail shields etc.), customization of archive scanning (both on-access and on-demand), and fine-tuning all scanning parameters.
  • Also, please keep in mind that the Home version is for home, non-commercial use only - meaning that in all other cases, avast! Professional version is the only alternative.

avast! keeps asking for reboot after an virus database update (iAVS update)

In normal conditions, there are three files that avast! modifies when updating.
In the past, Windows 98 seems to mark these files as read only which prevents avast! from changing them.
Therefore it continues in its attempt to update them.
The files are all listed in the avast! log setup file (not the Log Viewer).
These files seem to definitively be the source of the problem: msvc170, msvcp70 and msvcr70.
Once you locate the file names, go into the file properties for each and uncheck the Read Only attribute.
Reboot.
Avast! should update correctly on the next attempt.

Winzip and avast!

To add avast! into the programs settings of Winzip you must add the %d parameter.

Special character sequences for the parameters field are:

. - Indicates where WinZip should substitute the drive, folder, and the . characters for the files that are to be scanned. For example, “c:\temp\dir*.*”.

%d - Indicates where WinZip should substitute the drive and folder of the files that are to be scanned. Note that the wild card characters . are not included when you use %d.

%f - Indicates where WinZip should substitute the name of a temporary report file. Report files should [b]only[b] be used when running DOS virus scanners.

Providers sensibility

For most modules there is no big difference between Normal and High, but there is a big one for Standard Shield.
On Normal level it scans only opened files (the one you click on), on High it scans files that are scanned when created/modified and when they are opened. I recommend High setting for optimal protection.

For On-Access scans (manual):
Quick Scan: scans only infectable files, virus targeting is probably on: exe, pif, com, scr and so on.
Standard: scans all files, virus targeting is probably off.
Thorough all files: scans entire file not just header, virus targeting off.

In a Standard scan what you call virus targeting is broadened so that all files are at least briefly checked to determine what file type they really are, regardless of extension. And if they’re actually executable/infectable despite (probably false) file extensions, then they get the full scanning treatment.

Windows 9x memory management

To make your system faster, it’s suggested the following changes:
Go to the Windows directory, find the system.ini file and open it in Notepad.

  1. Find the section [386Enh] and write the following line there:
    ConservativeSwapFileUsage=1
  2. Find the section [vcache] - if it isn’t present, create it.
    Write the following two lines there:
    MinFileCache=2048
    MaxFileCache=8192

Scheduling a scanning with avast! shell extension program: ashQuick.exe at Windows XP

Start Windows Task Scheduler (Start Menu > All Programs > Accessories > System Tools > Scheduled Tasks)
Click (or double-click) on Add Scheduled Task
In the wizard that appears click Next (a list of programs will appear)
Click Browse and navigate to C:\Program Files\Alwil Software\Avast!4 (or whatever folder in which you installed avast!)
Click (or double-click) on the file ashQuick.exe
On the next screen give the task a name of your choice and choose how often you want it to run and click on Next
On the next screen choose the appropriate scheduling options and click on Next
On the next screen enter the user name and password for the Windows user you want the task to run as, then click on Next
On the next screen check the box for the option Open advanced properties for this task when I click Finish, and then click Finish

On the next screen, in the Run field you will see the path for the ashQuick.exe program. After the closing quote enter a space and type in the path(s) that you want scanned. Multiple paths must be separated by a space and any paths that include a space in the path name must be in quotes. Here are a couple of examples:
“C:\Program Files\Alwil Software\Avast!4\ashQuick.exe” C: D: - this will scan the entire contents of the C: and D: drives
“C:\Program Files\Alwil Software\Avast!4\ashQuick.exe” “C:Program Files” D:Downloads - this will scan the contents of the Program Files folder on the C: drive and the Downloads folder on the D: drive, including all subfolders (Note: the first path is in quotes due to the space in the folder name “Program Files”)
Click OK
In the Scheduled Tasks window, from the menu, click on Advanced and choose Start Using Task Scheduler
To test your newly created task, from the Scheduled Tasks window, right-click on the task’s icon and choose Run from the popup menu. If the scan doesn’t begin correctly you’ll get an error message. The problem is most likely in the scan path (missing quotes or something like that.)
Close the Scheduled Tasks window

This is just a quick scan: scans only infectable files, virus targeting is probably on: exe, pif, com, scr and so on. The virus targeting is broadened so that all files are at least briefly checked to determine what file type they really are, regardless of extension. And if they’re actually excecutable/infectable despite (probably false) file extensions, then they get the full scanning treatment.

Lastly, I wouldn’t suggest using the screen saver scanner in conjunction with this scheduled scan, as they may end up running at the same time and cause conflicts of access.

Note: the user must have a password on his/here account before one can use the Task Scheduler. It does not work in system without a password.

avast! and Pop Mail / Yahoo / Hotmail

When you would like to scan your Internet based e-mail like Yahoo, MSN or Hotmail, you have to make sure your e-mail application gets them through a pop-proxy, like HotPopper of FoxPop (part of FoxMail 5). For use with this application you have to make your configuration something like this.

Example with FoxMail 5:
smtp server: localhost
pop3 server: localhost
Account login: name@yahoo.com#localhost:8110 (8110 is port of FoxPop)

FoxPop config:
Pop3 port: 8110

Now avast! sees your Internet based mail as PopMail and the Internet Mail Scan function of avast! should work (test with “add note to message”)
localhost normaly referes to 127.0.0.1
In Windows XP it’s defined in \windows\system32\drivers\etc\hosts file.

You also have to check for the next lines in avast!.ini:

[MailScanner]
Trust=127.0.0.1
DefaultSmtpServer=127.0.0.1:25
DefaultPopServer=127.0.0.1:110

avast!, dial-up / DSL connection and Internet Explorer

  1. Right-Click the ‘a’ blue icon in the system tray.
  2. Run avast! antivirus.
  3. Right-Click the skin and choose Settings.
  4. Go to Update (Advanced) tab.
  5. Select the way you connect the Internet (dial-up or DSL).
  6. Go to your browser and configure ‘Never dial a conection’ or ‘Use the default connection’ or anything you want.
  7. Boot.

avast! and Task Manager

The ‘Page faults’ into the Windows Task Manager (a column that could be shown there) are caused by almost anything a program does. A ‘page fault’ is a process in which a piece of memory is being recalled from the paging file. Since ashServ.exe is polling the system (checking the status) in pretty short intervals (couple of seconds), if you have long uptimes, you’ll see a huge number of page faults. They accumulate and the number could get a ‘million’ of page faults. It’s not ideal but it’s really not a problem either. The programmers try to push this value to minimum…

For memory usage there are two values. Actually, their names are very misleading. In fact they correspond to the ‘Private Bytes’ (the VM Size) and ‘Working Set’ (the Mem Usage) NT performance counters. This is what MS says about these values:

Private Bytes (Task Manager’s “VM Size”): Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes. In other words, this is the memory the program has allocated (therefore, this is quite reasonable value to compare, and it normally does not fluctuate much).

Working set (Task Manager’s “Mem Usage”): Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.. This value really has a meaning only to the developers. It has nothing to do with real memory consumption, just ‘address space consumption’). There are programmatic ways how to artificially lower the Working Set value, and there are programs that use these techniques, but it’s stupid to use them just to make users think that our application is taking less memory than it’s actually taking, not to mention the fact that tampering with the working set can have severe performance consequences…

Suggested packers extension list on the providers

Scan files on open:
BAT,CHM,CMD,COM,CPL,CRT,DLL,EXE,HTA,HTM*,INF,INS,ISP,JS,JSE,LNK,MSC,MSG,MSI,OCX,PIF,PIF,REG,SCR,SCT,SHB,SHS,SYS,VBE,VBS,WS?,WSC,WSF,WSH

Scan created/modified files:

Archive means compressed files such as ACE,ARC,ARJ,BZIP2,CAB,COM,ECE,EXE,GZ,GZIP,LHarc,MIME,PST,RAR,TAR,WinExec,ZIP,ZOO, etc.
If Scan archive files is set, avast! scans even the content of these files. But that means that it has to unpack these file (temporarily, of course). This unpacking process may take quite a lot of time.

Do not to put archive files into these boxes - it may have very bad impact on the system performance - not speaking of the fact that the archived files don’t be detected anyway unless you enable the corresponding packers in the resident protection task (Enhanced User Interface only). The archive scanning will treat them as normal binary files and will NOT scan actual content.

Note Normal/High Sensitivity was indeed changed in avast 4.5: Normal is now as High before (only selected extensions on open and copy/modify).
High now checks all files regardless of extension (on open and copy/modify).

Using Group Policy Editor To Block E-mail Attachments

One of the most common ways in which viruses are spread is through e-mail attachments. Users can unknowingly open an attachment that appears to be safe but, before you know it, your computer and possibly your network are infected with some type of virus. You can configure Outlook Express to block attachments that may contain viruses using the Group Policy editor. To do so, open the run command and type gpedit.msc. This opens the Group Policy editor. Navigate to the following folder: User Configuration/Administrative Templates/Windows Components/Internet Explorer. With the Internet Explorer folder selected, you should see an option in the right pane called Configure Outlook Express. Double click this option, select the Enabled option, and place a check beside Block attachments that could contain a virus. Now your users will be unable to open any attachments that could contain a virus. (credits to Diana Huggins)

Crashes and MDAC drivers

Specially on Win98SE, ashsimpl.exe (Simple User Interface) could cause an invalid page fault in module at 0000:1b10f3dd if the user does not have the updated Microsoft Jet Drivers.
You may try to download and install the latest MDAC (http://www.microsoft.com/downloads)

Restart your system in safe mode

Use the F8 method only if Windows XP is the only operating system installed on your computer.

  1. Start Windows, or if it is running, shut Windows down, and then turn off the computer.

  2. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.

  3. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a “keyboard error” message. To resolve this, restart the computer and try again.

  4. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Once in safe mode, you screen shouldn’t be frozen.

Mail Scanner

To use and configure more than one application to use the ports 25, 110 and 143 of your computer (for instance, a spam killer). If you have installed another program that uses these ports as well, it is necessary to change the port values for one of them. In the case of Mail scanner, you can do this by setting the items SmtpListen, PopListen and ImapListen. For example: SmtpListen=127.0.0.1:26, PopListen=127.0.0.1:111, ImapListen=127.0.0.1:144. Consequently, it is necessary to set the same port values in your mail program. If you wish the Mail scanner to cooperate with this another SMTP/POP3/IMAP - proxy/server-type program that is installed on your computer, it is necessary to properly set the items DefaultSmtpServer, DefaultPopServer and DefaultImapServer. For example, if you want to configure your system so that the Mail scanner “sits between” your mail program and a spam killer running on the same computer, configure items Listen as above and add: DefaultSmtpServer=127.0.0.1:25, DefaultPopServer=127.0.0.1:110.

Known problems: If your e-mail program does not support authentication (logging in) on SMTP server, or it cannot set a different login name for SMTP than for POP (e.g. Eudora), the Mail scanner will not be able to send your e-mails through multiple SMTP servers. In that case, use the UseDe-faultSmtp=1 setting; your e-mails will be sent through a single SMTP server only, just as in avast! version 4.0.235 and earlier. If the internet connection is too slow or the message being sent is too long, it is possible that the period your mail programs waits for the response, expires. A mail program that automatically disconnects after the times elapsed is not able to send such a message. This error will not be corrected, due to the characteristics of the SMTP protocol. It is necessary to set the interval to the highest possible value. When downloading a long message from a POP3 server, messages about timeout expiration should be eliminated. But it is still recommended to set this interval to the highest possible value, too. If your mail program downloads the message text and attachments separately from IMAP server (e.g. Eudora), no additional information will be put into the header or the text of the message. The checkbox “Insert note into clean message” on the “IMAP” page of the Internet Mail configuration will not work in that case. The Mail scanner does not support SSL (TLS) connections.

Protocols (Thanks to Eddy) :wink:

IMAP (Internet Message Access Protocol) is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP Version 4) is a client/server protocol in which e-mail is received and held for you by your Internet server. You (or your e-mail client) can view just the heading and the sender of the letter and then decide whether to download the mail. You can also create and manipulate multiple folders or mailboxes on the server, delete messages, or search for certain parts or an entire note. IMAP requires continual access to the server during the time that you are working with your mail.

A less sophisticated protocol is Post Office Protocol 3 (POP3). With POP3, your mail is saved for you in a single mailbox on the server. When you read your mail, all of it is immediately downloaded to your computer and, except when previously arranged, no longer maintained on the server.

IMAP can be thought of as a remote file server. POP3 can be thought of as a “store-and-forward” service.

POP3 and IMAP deal with the receiving of e-mail from your local server and are not to be confused with Simple Mail Transfer Protocol (SMTP), a protocol used for exchanging e-mail between points on the Internet. Typically, SMTP is used for sending only and POP3 or IMAP are used to read e-mail.

DDOS Thanks to Eddy ;D

On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS “master.” It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple – sometimes thousands of – compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack – the final target and as well the systems controlled by the intruder.

MALWARE Thanks to Eddy ;D

Malware (short for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.