Win XP security center cannot see Avast :(

Hello, as described in the topic subject the Security center of my WinXP SP2 cannot see avast running and always says that my PC can be exposed to risks, i tried to uninstal and reinstal Avast but nothing happened, and i tried to detect viruses that can cause this problem , but nothing…

can you tell me how to solve this bug, or, more important can you tell me how to make me sure that this bug isn’t due to a virus/rootkit?

thanks in advance

See http://forum.avast.com/index.php?topic=23457.msg193534#msg193534
Other answers for XP Security Center not detecting antivirus or firewall program could be found here: http://support.microsoft.com/kb/883792.

Are you using Windows Defender? Is it available to update its own definitions? Is it working?

Any bug is likely to be as a result of the flaky WSC interface.

Follow Tech’s advice as this has effectively been the only thing that has worked with any degree of success.

Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?
This could possibly have an effect on WSC.

hello DavidR and Tech and many thanks for your quick reply

let’s start saying that i had NortonAV 2007 installed and i removed it using the windows installation service and then the Norton removal tool, i had also the AVG-AS 7.5.0.50 (removed using windows control panel inst/uninst) and spybot1.4 (uninstalled using win control panel inst/uninst).

i tried to follow your instructions Tech, but i cannot delete the whoole subfolder wbem/repository/FS (there are many file that my PC is using also if i disable the security center service… btw now i try to reboot my pc and see what happen…

edit < just to update my post i was able to delete all the repository folder and, after rebooting my PC 2 times it restored exactly as it was before… ut the problem persists… my security center still cannot see Avast … :frowning: >

Sometimes, only using Unlocker (http://ccollomb.free.fr/unlocker/), MoveOnBoot (http://www.gibinsoft.net/gipoutils/fileutil/index.htm) or Delete FXP (http://www.jrtwine.com/) you can delete these files.

Was it able to see the NAV2007 before you uninstalled it ?
NAV in the past has been a pig to remove everything (though if you also used the uninstall tool it should be good), that has led to avast not fully installing to avoid conflict. This could possibly be what is going on, is there a Red circle with a bar (like no entry) over the avast icon ?
What avast processes are running in Task Manager (they begin with ash and asw) ?

The data in the repository should be rebuilt again, but by all accounts it takes a couple of boots before it recognises the security applications. Lets wait until we confirm ashServ.exe and what other processes are running.

ok tech, i was able to remove all the subfolder, but the problem persists when i reboot my PC…

Was it able to see the NAV2007 before you uninstalled it ?
nope,i tried NAV only to see if it solves the security center problem, but nothing..
is there a Red circle with a bar (like no entry) over the avast icon ?
nope, avast is running, it's updated and it's working fine, but Win cannot see it... i fear this can be a virus/rootkit... what do you think?
What avast processes are running in Task Manager (they begin with ash and asw) ?
I have: ashwebsv, ashmaisv,aswupdsv,ashdisp,ashserv.

You have the full compliment of avast processes which should be running.

I can’t see the purpose of a rootkit messing with the WSC notification but still allowing you to see them, it is designed to hide and not be obvious.

Also see Hidden things http://invisiblethings.org

My system seems to be clean tbh… i tried many anti rootkits, and protection tools since i had this error, but my Pc seems to be clean… if you have any other ideas to solve my problem, i’ll try it too …

Btw this is the rootkitreveal logfile…

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 10/12/2006 15.46 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 10/12/2006 15.46 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 15/11/2006 19.03 0 bytes Access is denied.
C:\Documents and Settings\JS\Impostazioni locali\Temporary Internet Files\Content.IE5\8T6BSPAF\ct_frame[2].htm 10/12/2006 14.11 1.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\JS\Impostazioni locali\Temporary Internet Files\Content.IE5\WPU78TQJ\ct_frame[1].htm 10/12/2006 16.11 1.96 KB Hidden from Windows API.

I downloaded BLbeta and it found only 2 cookies (removed) but i think they’re armless warning…

Sorry The invisible things web site tools are other options but as is said those are as is Proofof Concept type tools.

You could try a google search for rootkit removal/detection tools and see what else that returns.

At this time I suggest:

  1. Uninstall avast from Control Panel first.
  2. Boot
  3. Use Avast Uninstall for complete uninstallation (read http://www.avast.com/eng/avast_uninstall_util.html)
  4. Boot
  5. Install again and boot.

hello and thanks again for your reply, i will try to follow your instructions, but i have a problem while opening these 2 links:

Use Avast Uninstall for complete uninstallation (read http://www.avast.com/eng/avast_uninstall_util.html)

IE tells me that the page doesn’t exist… where else can i find the avast remove tool?

btw in google i found this one: aswclear.exe in an italian site, is this the tool you were suggesting me?

many thanks

The link has changed slightly recently, http://www.avast.com/eng/avast-uninstall-utility.html, yes it is aswclear.exe you are looking for, but I wouldn’t suggest downloading it from anywhere other than the avast site.

:slight_smile: Hi Stonekey :

 Concerning your RootkitRevealer Scan Results : 5 Entries are quite a few. To have volunteer 
 Experts answer any questions about such "Results", best to ask on THEIR Support Forums at :
 http://forum.sysinternals.com/forum_topics.asp?FID=17  .

 To get the "best" Scan results, you should completely delete ALL your Temporary Internet Files
 just PRIOR to running a scan ; also, DO not DO ANYTHING on your computer while the scan is
"running". If you do these 2 and the scan results are the same as before, I recommend you post
 the "Log" on THEIR Support Forums for review .

ok thank you all for your reply…

i followed the steps suggested by Tech and i still have the problem, i tried also to re-delete the repository subfolder (and reboot) and it didn’t solve my issue… i cleaned my pc using CClean and atfcleaner and then i launched many anti-rootkits (blbeta, rootkitrevealer, combofix, gmer) and they founded nothing… i tried also to scan my pc using traditional anti-virus but AD aware SE, spybot and avast found my PC completely clean…

i dunno what to do now… do you still suggest me to open a post in “sysinternals”?

thanks again

:slight_smile: Hi Stone :

 Did you follow my advise ? If yes, did RootkitRevealer find the same 5 Items ? If yes to both
of these questions, post a log on their forums as I suggested .

P.S. By the way, what antiSPYWARE/antiTROJAN program(s) do you have on your machine ?

hello and ty again Spirit:

yes i followed your advise, i cleared all my temp files using cclean and atfcleaner (they are the 2 temp-cleaner i installed on my PC) when i cleaned it, i re-launched all these anti-rootkits/spyware/virus (while my PC was doing nothing at all) that found nothing (PC clean i think):

-BlackLightbeta
-rootkitrevealer
-combofix
-gmer
-Adaware SE
-spybot search&destroy 1.4
-avast
-Panda online antivirus (just now)

in my machine i have all these programs installed but the only real-time AV is avast.

I’m trying to investigate into My PC with the help of Security-Forums.com experts (I want to make me sure not to have a rootkit)

thanks again for your time…