Forums

OT: Refuse to copy file - AVAST is rootkit

Started by Robert Baer January 13, 2014
Robert Baer wrote:
 > ** SNIPped previous stuff **
 >> Since i am having a VERY repeatable problem with that FA930-C program
 >> set,what i could try is: (a) UNPLUG the EtherNet cable - making external
 >> attacks and intrusion impossible, (b) prevent Avast from loading, (c)
 >> fiddle around to see if i can fix the FA930-C problem and then see if i
 >> can Pete again (re-Pete) the locking garbage.
 > I got VERY aggressive: Disable AVAST in Computer Management; in AVAST
 > disabled cloud services and self-defense mode; used RegCleaner to remove
 > AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip,
 > annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES
 > disabled AVAST. UNPLUGGED EtherNet cable.
 > Reboot - it is amazing what little runs.
 > Was ABLE to install FA-930C with no sass and program seems to run OK.
 >
 > When AVAST was running, install always either quit instantly, or
 > complained about some missing file.
 >
 > Up to a number of months ago, i never had this problem.
 > So they added something in their zeal to "give more protection" that
 > makes it more like a rootkit.
 >
   Boot computer from power off; absolutely and totally impossible to 
COPY a particular file to any other folder or to floppy; totally and 100 
percent repeatable.
   At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result 
in error message "Error Verify - whatever.DST" and a DIR will show 
whatever.DST as size ZERO.

   So, go thru all of the necessary to kill AVAST on reboot.
   *NOW* one can copy that particular file anywhere, and faithfully.

   Peachy!

   So it is AVAST that (semi-randomly) prevents files from being copied 
during an install - resulting an indeterminate failure mode (depends on 
program).
On Mon, 13 Jan 2014 18:41:16 -0800, Robert Baer
<robertbaer@localnet.com> wrote:

> At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result >in error message "Error Verify - whatever.DST" and a DIR will show >whatever.DST as size ZERO.
Download, install, read the instructions, learn about file handles, and run Windoze Process Explorer: <http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx> <http://www.techsupportalert.com/content/how-find-out-which-windows-process-using-file.htm> Process Explorer will tell you which program has the file whatever.DST open and is causing problems with your copy. -- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
On 2014-01-14, Robert Baer <robertbaer@localnet.com> wrote:
> Robert Baer wrote: > > ** SNIPped previous stuff ** > >> Since i am having a VERY repeatable problem with that FA930-C program > >> set,what i could try is: (a) UNPLUG the EtherNet cable - making external > >> attacks and intrusion impossible, (b) prevent Avast from loading, (c) > >> fiddle around to see if i can fix the FA930-C problem and then see if i > >> can Pete again (re-Pete) the locking garbage. > > I got VERY aggressive: Disable AVAST in Computer Management; in AVAST > > disabled cloud services and self-defense mode; used RegCleaner to remove > > AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip, > > annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES > > disabled AVAST. UNPLUGGED EtherNet cable. > > Reboot - it is amazing what little runs. > > Was ABLE to install FA-930C with no sass and program seems to run OK. > > > > When AVAST was running, install always either quit instantly, or > > complained about some missing file. > > > > Up to a number of months ago, i never had this problem. > > So they added something in their zeal to "give more protection" that > > makes it more like a rootkit. > > > Boot computer from power off; absolutely and totally impossible to > COPY a particular file to any other folder or to floppy; totally and 100 > percent repeatable. > At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result > in error message "Error Verify - whatever.DST" and a DIR will show > whatever.DST as size ZERO. > > So, go thru all of the necessary to kill AVAST on reboot. > *NOW* one can copy that particular file anywhere, and faithfully. > > Peachy! > > So it is AVAST that (semi-randomly) prevents files from being copied > during an install - resulting an indeterminate failure mode (depends on > program).
probably there's something in the file that avast objects to and doesn't want to let you write to disk. -- For a good time: install ntp --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
Jeff Liebermann wrote:
> On Mon, 13 Jan 2014 18:41:16 -0800, Robert Baer > <robertbaer@localnet.com> wrote: > >> At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result >> in error message "Error Verify - whatever.DST" and a DIR will show >> whatever.DST as size ZERO. > > Download, install, read the instructions, learn about file handles, > and run Windoze Process Explorer: > <http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx> > <http://www.techsupportalert.com/content/how-find-out-which-windows-process-using-file.htm> > Process Explorer will tell you which program has the file whatever.DST > open and is causing problems with your copy. >
SOMETIMES ProcessExplorer shows handles for a given filetype, and many times shows nothing. And when it does show something, the information (so far) does not lead to the culprit. In this particular case, i believe that it will never show that AVAST has that file tied up in knots. Paul, of alt.computer led me in that direction and i have proven the case: AVAST not running = = perfect copy always and anywhere; AVAST running = = absolutely impossible to copy the file, in fact a program may be able to open the file but appears unable to read it even tho it seems that the file size can be determined (my guess on that part).
Jasen Betts wrote:
> On 2014-01-14, Robert Baer<robertbaer@localnet.com> wrote: >> Robert Baer wrote: >>> ** SNIPped previous stuff ** >>>> Since i am having a VERY repeatable problem with that FA930-C program >>>> set,what i could try is: (a) UNPLUG the EtherNet cable - making external >>>> attacks and intrusion impossible, (b) prevent Avast from loading, (c) >>>> fiddle around to see if i can fix the FA930-C problem and then see if i >>>> can Pete again (re-Pete) the locking garbage. >>> I got VERY aggressive: Disable AVAST in Computer Management; in AVAST >>> disabled cloud services and self-defense mode; used RegCleaner to remove >>> AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip, >>> annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES >>> disabled AVAST. UNPLUGGED EtherNet cable. >>> Reboot - it is amazing what little runs. >>> Was ABLE to install FA-930C with no sass and program seems to run OK. >>> >>> When AVAST was running, install always either quit instantly, or >>> complained about some missing file. >>> >>> Up to a number of months ago, i never had this problem. >>> So they added something in their zeal to "give more protection" that >>> makes it more like a rootkit. >>> >> Boot computer from power off; absolutely and totally impossible to >> COPY a particular file to any other folder or to floppy; totally and 100 >> percent repeatable. >> At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result >> in error message "Error Verify - whatever.DST" and a DIR will show >> whatever.DST as size ZERO. >> >> So, go thru all of the necessary to kill AVAST on reboot. >> *NOW* one can copy that particular file anywhere, and faithfully. >> >> Peachy! >> >> So it is AVAST that (semi-randomly) prevents files from being copied >> during an install - resulting an indeterminate failure mode (depends on >> program). > > > probably there's something in the file that avast objects to > and doesn't want to let you write to disk. > > >
My guess also, but i do not see how one can figure that out. More important, it is very much a PITA to have to totally disable loading of AVAST _just_ to copy stuff. Say i have a folder with a lot of stuff and want to do a copy to a CD (in this case i was trying to make an "install" CD for a program set). No clues are given that some files are not copied to the CD and nominally one would think all is OK....until that CD is used for an install and it fails because not all of the required files are read because of AVAST masking...worse that an install is buggered due to missing files. Who would think of this crap when (in the past) there NEVER was problems?
On Tue, 14 Jan 2014 17:47:55 -0800, Robert Baer
<robertbaer@localnet.com> wrote:

> In this particular case, i believe that it will never show that AVAST >has that file tied up in knots.
In that case, I suspect that nothing will help, and that only an operating system replacement will provide any relief. I recommend: <http://www.freakingnews.com/Windows-Abacus-Pics-4326.asp> which offers no viruses, worms, malware, or further updates. It has a 2000 year history of reliable operation. It can be scaled from wrist size, to monstrous. It will not crash, unless you try to disassemble the machine. There will be a learning curve, but if skool children in China can do it, so can you. Good luck. -- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558