What is AvastSvc.exe and why does it hog my system?

At least once a day, my system slows down to a crawl for an hour or more. Task Manager shows that the process using nearly all the CPU time is AvastSvc.exe. There is no other indication that Avast is doing anything. Does anyone know what Avast is doing during this time, and how I can tell it to stop?

My operating system is Windows XP. My version of Avast is 5.0.545.

So there is no activity on any of the Real-Time Shields section of the avastUI ?
Is the avast tray icon rotating at the time ?

What is your CPU and RAM quantity ?

When this activity is going on you say nearly all the CPU is used by avastSvc.exe what other processes are using CPU ?

Does this activity happen at the same time ?

CPU is Athlon 2650e, 1.65GHz, 1.75GB RAM. I’ll post again with the answers to the other questions next time I catch the slowdown happening. Shouldn’t take too long.

OK, it’s happening now. The tray icon isn’t rotating. I opened up the Avast UI and went to the Real Time Shields section. All the tabs there say “Protection Status: Running”, and the File System Shield tab shows a couple of little yellow bars moving right to left along a red line at the bottom of a box labeled Shield Traffic.

The percentage of CPU time used by AvastSvc.exe (according to Task Manager) is in the low 90’s, with AvastUI.exe using around 6-7%. After I closed Avast UI, the percentage for AvastSvc sat mostly at 99%, sometimes dipping as low as 95. All the other processes showed zero, with iexplore.exe and jqs.exe occasionally flashing a 2% for a second, then back to zero. The only applications I have running are Task Manager and a couple of Internet Explorer windows with no visible traffic on them (just static displays).

Yes that covers the file system shield but the other shields likely to have activity shouldn’t be discounted, especially the web shield and mail shields (and P2P shield if you run p2p application downloads). The problem is that the avastSvc.exe is the main avast service and handles the activity of the other shields so any one shield if downloading something in the background would increase CPU% for avastSvc.exe.

Have (or did) you another Anti-Virus installed in this system, if so what was it and how did you get rid of it ?

It may be best to try a clean reinstall:

  • Download the latest version of avast, 5.0.545 http://www.avast.com/free-antivirus-download and save it to your HDD, somewhere you can find it again (if you didn’t save your last download). Use that when you reinstall.

  • Download the avast! Uninstall Utility, aswClear5.exe find it here and save it to your HDD (it has uninstall tools for both 4.8 and 5.0).

    1. Now uninstall (using add remove programs, if you can’t do that start from the next step), reboot.- 2. run the avast! Uninstall Utility from safe mode, first for 4.8 if previously installed and then for 5.0, once complete reboot into normal mode.- 3. install the latest version, reboot.

I did the reinstall, and so far it seems to be working; no major slowdowns since I reinstalled. I’d love to know what Avast thought it was doing in the background for all that time, but I guess it doesn’t matter now.

What about the question about other AVs having been on this system that I asked as this can have an impact and one which could come back.

I have A-Squared installed, but it doesn’t run in the background like Avast does; it only does scans when ordered. I don’t have any other antivirus programs unless there’s something contained in Windows XP itself.

After I removed Avast and before I reinstalled it, I had A-squared do a scan of all files, and it found and dealt with around 40 infected ones. So maybe one of those was causing the problem.

Well a-squared has some form for false positives, so I wouldn’t take these results as gospel. a-squared is an Anti-Malware application ‘so shouldn’t conflict’ with avast. However, if you have a-squared set to check your system at any time then that would cause avast to lock the file and first scan the content of what a-squared wants to open and scan.

If you have a log of what was found, malware name, file name and location then perhaps we might be able to comment on the detections.

I hadn’t realized this, but a-squared did keep a log of what it found. It doesn’t seem to have a way to output that log in text form, and I don’t have time to type out every filename it mentioned. The list of infection names is pretty short, though:
Trojan-Banker.Win32.Bank (4 instances)
Trojan.ATRAPS!IK (5 instances)
Trojan-Clicker.HTML.IFrame (9 instances)

A-Squared was not set to check anything automatically; I’ve never used it but this once.

Unfortunately this doesn’t help very much at all, as malware names without associated file names and locations can’t really be checked in any useful way.