Hello, as described in the topic subject the Security center of my WinXP SP2 cannot see avast running and always says that my PC can be exposed to risks, i tried to uninstal and reinstal Avast but nothing happened, and i tried to detect viruses that can cause this problem , but nothing…
can you tell me how to solve this bug, or, more important can you tell me how to make me sure that this bug isn’t due to a virus/rootkit?
Any bug is likely to be as a result of the flaky WSC interface.
Follow Tech’s advice as this has effectively been the only thing that has worked with any degree of success.
Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?
This could possibly have an effect on WSC.
hello DavidR and Tech and many thanks for your quick reply
let’s start saying that i had NortonAV 2007 installed and i removed it using the windows installation service and then the Norton removal tool, i had also the AVG-AS 7.5.0.50 (removed using windows control panel inst/uninst) and spybot1.4 (uninstalled using win control panel inst/uninst).
i tried to follow your instructions Tech, but i cannot delete the whoole subfolder wbem/repository/FS (there are many file that my PC is using also if i disable the security center service… btw now i try to reboot my pc and see what happen…
edit < just to update my post i was able to delete all the repository folder and, after rebooting my PC 2 times it restored exactly as it was before… ut the problem persists… my security center still cannot see Avast … >
Sometimes, only using Unlocker (http://ccollomb.free.fr/unlocker/), MoveOnBoot (http://www.gibinsoft.net/gipoutils/fileutil/index.htm) or Delete FXP (http://www.jrtwine.com/) you can delete these files.
Was it able to see the NAV2007 before you uninstalled it ?
NAV in the past has been a pig to remove everything (though if you also used the uninstall tool it should be good), that has led to avast not fully installing to avoid conflict. This could possibly be what is going on, is there a Red circle with a bar (like no entry) over the avast icon ?
What avast processes are running in Task Manager (they begin with ash and asw) ?
The data in the repository should be rebuilt again, but by all accounts it takes a couple of boots before it recognises the security applications. Lets wait until we confirm ashServ.exe and what other processes are running.
My system seems to be clean tbh… i tried many anti rootkits, and protection tools since i had this error, but my Pc seems to be clean… if you have any other ideas to solve my problem, i’ll try it too …
Btw this is the rootkitreveal logfile…
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 10/12/2006 15.46 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 10/12/2006 15.46 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 15/11/2006 19.03 0 bytes Access is denied.
C:\Documents and Settings\JS\Impostazioni locali\Temporary Internet Files\Content.IE5\8T6BSPAF\ct_frame[2].htm 10/12/2006 14.11 1.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\JS\Impostazioni locali\Temporary Internet Files\Content.IE5\WPU78TQJ\ct_frame[1].htm 10/12/2006 16.11 1.96 KB Hidden from Windows API.
I downloaded BLbeta and it found only 2 cookies (removed) but i think they’re armless warning…
The link has changed slightly recently, http://www.avast.com/eng/avast-uninstall-utility.html, yes it is aswclear.exe you are looking for, but I wouldn’t suggest downloading it from anywhere other than the avast site.
Concerning your RootkitRevealer Scan Results : 5 Entries are quite a few. To have volunteer
Experts answer any questions about such "Results", best to ask on THEIR Support Forums at :
http://forum.sysinternals.com/forum_topics.asp?FID=17 .
To get the "best" Scan results, you should completely delete ALL your Temporary Internet Files
just PRIOR to running a scan ; also, DO not DO ANYTHING on your computer while the scan is
"running". If you do these 2 and the scan results are the same as before, I recommend you post
the "Log" on THEIR Support Forums for review .
i followed the steps suggested by Tech and i still have the problem, i tried also to re-delete the repository subfolder (and reboot) and it didn’t solve my issue… i cleaned my pc using CClean and atfcleaner and then i launched many anti-rootkits (blbeta, rootkitrevealer, combofix, gmer) and they founded nothing… i tried also to scan my pc using traditional anti-virus but AD aware SE, spybot and avast found my PC completely clean…
i dunno what to do now… do you still suggest me to open a post in “sysinternals”?
Did you follow my advise ? If yes, did RootkitRevealer find the same 5 Items ? If yes to both
of these questions, post a log on their forums as I suggested .
P.S. By the way, what antiSPYWARE/antiTROJAN program(s) do you have on your machine ?
yes i followed your advise, i cleared all my temp files using cclean and atfcleaner (they are the 2 temp-cleaner i installed on my PC) when i cleaned it, i re-launched all these anti-rootkits/spyware/virus (while my PC was doing nothing at all) that found nothing (PC clean i think):