Computer Tips -Tech Info

Tag: AVG

  • Trojan horse proxy.ahiy and AVG

    A lot of people seem to be reporting today that AVG is finding files to be infected with trojan horse proxy.ahiy or trojan horse proxy ahiy. From what I’ve seen, although that may be a valid virus designation from AVG, they are also reporting many legitimate files as this trojan proxy ahiy. AVG is acknowledging that they are getting false positives from the current virus database and are saying that the next update of their virus database the issue should be resolved.

    Further they offer the following advise if legitimate files have been quarantined due to this:

    (more…)

  • Grisoft AVG Antivirus 7.5 on Windows XP False Positive that HURTS

    This looks like a REALLY bad false positive. It appears that AVG 7.5 for a short period of time detected user32.dll as a trojan horse. (trojan horse psw banker4). It looks as though update to the virus database VDB 270.9.0/1778 fixes the problem.

    Unfortunately if you have been bitten by this, you’ll need to boot into a Rescue or Repair Console and do the following (from the Link above)…

    (more…)

  • Hiding malware may evade antivirus

    Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.

    (more…)

  • AVG antivirus false positive

    Incidents.org has some reports of false positives reported by Grisoft’s AVG antivirus running on Windows XP (SP1)…. The false positive was with a file named C:\i386\REG.EXE which is a legit file from the Windows XP SP1 install. No other news or details on this as of yet.

  • Big trouble – you don’t have any viruses….

    You know, I’ve seen soooo many antivirus vendors that are somewhat ethically challanged claim that cookie files are a big threat, or in worse cases files that the “free” antivirus test downloaded are dangerous “you should be glad we got here in time – where’s our $30 to fix things…” kind of message, but from a mainline, well known antivirus vendor you expect better…. Over at Spyware Confidential, after an online scan at a leading AV vendor, they’ve received a couple of emails explaining the great danger their computer is in after the scan turned up 0 viruses and 0 infected files.

    (more…)

  • AVG – Cannot Launch AVG Internet Update

    Last week sometime I was doing maintenance on an OLD Windows 95 machine (yes there are some still out there….) and noticed the Antivirus had not updated in a good while. They were using Grisoft’s AVG and so I tried to force an update. I was greeted with an error message… “Cannot Launch AV internet update” Which was puzzling since we were online with no connectivity problems. On looking, this is known to be an issue with Grisoft AVG on Windows 95…..

    (more…)

  • Antivirus update response times

    We know that for Windows systems especially antivirus is a must. Up to date antivirus is the MOST important though. So how do the different vendors do in responsiveness and quick antivirus definition updates…? The SecurityFix has an article on just that today. The comparison is courtesy of av-test.org.

    (more…)

  • Disinfecting a PC… part 8

    All right, now it’s time to give ad-aware a spin. I like being able to use several spyware scanners to get full coverage and cleaning. Ad-aware and spybot s&d are usually my first two choices. Realize that I’ve already taken a pass at this machine with AVG, BHODemon (for the browser helper objects) and Spybot S&D. Ad-aware finds a total of 700+ items.

    (more…)

  • Disinfecting a PC… part 4

    So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…

    (more…)

  • Disinfecting a PC… part 3

    Picking up from last time… AVG was failing to install with a peculiar registry error. (Which I didn’t see much reference to online.) OK, so here is another fruit of the online search (so many bugs to identify…)

    jawa32.exe is listed as spyware.seekseek in sarc’s database.

    OK – let’s see if we can kill of some of these suspects… it’s time for a couple cycles of ctrl-alt-del to remove running processes that look suspect, followed by msconfig – disabling of processes running at boot, reboot, repeat.

    (more…)