Avast antivirus conflicting with Online Armor Firewall

[Missing]

The problem started today.

Avast labels files that belong to Online Armor Firewall as malware and half the time wont let me login to my computer. It will just cause it to freeze on login.

Any idea what I can do about this? Anyone?

[Missing]

I can't edit my posts so here's my hi jack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:57:00 PM, on 12/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [EPSON WorkForce 600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S7E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Epson all-in-one Registration.lnk = E:\Common\EpsonReg\Epkick.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--

End of file - 6423 bytes

[mountaintree16]

If you don't think that this is a true malware issue, you should post your issue in one or both of their forums (Avast and Online Armor). If you don't have the links, I'll see if I can't find them for you

If you do think this is a malware issue, please post your description of what is happening and your log here, as malware removal is not worked on in the general forums.

Thank you

There are forum members here though that use Avast and/or Online Armor, so perhaps one of them might be able to help, I'll message a couple people for you

[Missing]

Haha, apparently Avasts latest update is conflicting with Online armor.

Thanks for your help

[mountaintree16]

You're quite welcome, Missing

Ah ha, that tends to happen from time to time (an update in an AV conflicting with another program or the other way around).

Hopefully they'll fix this soon

[prairie dog]

I've read in some other forums that Avast is having some false positive issues right now. I'm sure they will get it fixed soon. They are an excellent AV

[Missing]

It seems like it's flagging way more than just OA as a virus. I've uninstalled it 'till further notice. Is there any anti virus programs you or anyone here would recommend?

Major bug by the Avast team

Thanks

[mountaintree16]

Missing,

Avira is quite good Although you will need a clean-up tool for Avast! prior to installing Avira.

Avira download

Note: this will go directly to the .exe download for Avira

Avast! Clean up tool

Note: this will also go directly to the .exe download for the Avast! clean up tool.

Info for the Avast! tool:

http://www.avast.com/eng/avast-uninstall-utility.html

Avast! links gotten from one of our experts blogs here:

http://uninstallers.blogspot.com/

Instructions: Download Avira but do not yet install it. You said you already did, but if you did not, uninstall Avast! first. Run clean up tool for Avast!. Restart system. Install Avira, using the default settings.

One of our members here that I PMed about this told me that Avast! are quick to fix FP's, so you could have just temporarily disabled Avast! if this was a huge problem for you. He is also having some issues with Avast! flagging something that he uses too.

Also, of course, if you wish to re-install Avast after this is fixed, you will need the Avira clean-up tool before installing Avast again.

Instructions: Uninstall Avira. Restart your computer. Run Avira clean-up tool. Restart your computer again. Install Avast!

Avira clean up tool

Info: http://www.avira.com/en/pages/pages.php?id_pag=220

[Missing]

I've already run the clean up tool

Well the Avast forums seem to be down as of right now, but since your friend says they're quick to fix these things I'll tough it out without an av 'till tomorrow and run a fresh install of avast when it's fixed since other than todays incident I'm more than satisfied with Avast

I'll stick to OA for any suspicious activity for the time being

Thanks for the help

[mountaintree16]

That's good, Missing

I would strongly caution against having your computer online and especially using the web while you have no anti-virus.

If you do keep your machine connected to the internet while you have no AV, please only visit this forum and the Avast! forums and the site you may need to download a fresh install of Avast! from, if you don't already have it saved to your computer.

Being online with no AV is very risky.

Otherwise, sounds like a good plan

[Missing]

I'll go with the safe solution and install avira for the time being then

Thank you

[mountaintree16]

You are very welcome! I'm glad that I was able to help you out

Also, I had an edit in my post here: http://www.malwarebytes.org/forums/index.p...st&p=165438

not sure if you saw the edit or not

[Missing]

I saw the edit

Avira is installed now

[mountaintree16]

That's good.

Awesome

[mountaintree16]

@ Missing

Please see TeMerc's post here and see if this is what was supposedly being detected:

http://www.malwarebytes.org/forums/index.p...st&p=165532

[Missing]

Yep, that's exactly what was being detected

[YoKenny1]

@missing

It is fixed now with the latest definition update 091203-1

Avira has its share of false positives.

[Missing]

Yep, thanks for the notice!

Although I think I might stick it out with Avira for a bit, just to try it out and if I don't like it I can always go back to Avast

Good idea, yes? no?

[YoKenny1]

Win32:Delf-MZG false positive issue statement

http://forum.avast.com/index.php?topic=51647

I went to avast! when AVG went to V8 and became bloated and I tried Avira but it did not like what I had on my system and it kept popping up a Full Page Advertisment whenever an update was applied.

The main thing is to keep the anti virus application up to date as well as the operating system and any other tools you choose.

Make sure you remove each anti virus application with its remover and a reboot as they leave remnants that can interfere with each other.

[mountaintree16]

@ Missing.

Good good! Well not good about the FP but good that you aren't REALLY infected

What OS are you using by the way?

[Missing]

XP SP3

Why?

[YoKenny1]

XP SP3

Why?

That's why I put my system specifications in my forum signature so that there is no need to repeat it.

Have a look exile360's signature

Welcome to the Honorary Members club

[Marcus]

Just noticed you're over the 50 posts mark, Missing.

A warm welcome to the best forum here: The Honorary Members.

[Missing]

Haha, thank you, both of you

@Kenny, I don't really mind answering any questions so it's no big deal

[mountaintree16]

@ Missing

I was just curious, regarding a potential false positive issue that one of our experts here told me about, regarding FP's in the i386 folder. He told me that this has generally happened in older systems with Avira and shouldn't generally be a problem with newer systems. I haven't found it on the Vista that I've installed Avira on. I am not sure about XP, but I imagine it probably wouldn't be an issue on XP either.

& yes, welcome to honorary membership