Reported Adware issues

Assistance with AVG Anti-Malware, legacy ewido and AVG Anti-Spyware applications

Moderator: Moderators

Reported Adware issues

Postby donkeybrain » Tue May 06, 2008 11:29 am

Hi,
Recently installed AVG8 and have been some what concerned.
Until the installation of V8 I have been running Spy Sweeper on start-up and Spy-Bot & AdAware weekly and getting no adverse reports of anything other than cookies.

Since running AVG8 I now appear to have 246 Adware enters in the registries, 242 are "HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX

Is this a false positive?

Regards
Steve
donkeybrain
AVG Wannabee
 
Posts: 1
Joined: Tue May 06, 2008 11:15 am

Advertisement

Postby sc123 » Tue May 06, 2008 1:12 pm

AVG is very aggressive in what it identifies. If AVG is just marking these as warnings it is usually safe to ignore them. If it says anything else you should take action.

If you're not experiencing any issues and AVG doesn't consider anything a threat then I wouldn't worry too much. You could Google anything that is of concern.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

AVG, bad!

Postby robin » Tue May 20, 2008 1:31 am

Hummm, maybe you SHOULD be concerned! tonite AVG found 650 "Warnings Count".. so, after using the previous Versions of AVG for years.. I went ahead and CLICKED: "Remove all unhealed infections"... after a few moments I get a :"Forced removal can cause system unstability or even crash".... so I clicked NO.. then I get the "blue Screen!!!" and Kernel_Stack_Inpage_Error.. appears, after rebooting:

NOW! I have no printer, no screen-image, no saving WORD docs, I think it is all but F____ ed! and being a Dell, I have NO WinXP install CD's... not good.

Careful out there,, anyone with "suggestions" ?
robin
AVG Wannabee
 
Posts: 2
Joined: Tue May 20, 2008 1:10 am

re: "warnings"

Postby robin » Tue May 20, 2008 1:36 am

Oh, BTW, these "warnings" were scary looking things like: Adware:CramTool, hijacker.MorwillSearch, Logger.Goldun.an &.aa & .v, etc, PerfectKeyLogger....Trojan.Bomka, KillProc, Wayphoser.. Downloader.ConHook, etc, etc....

Not my idea of "friendly"..

Cheers.
robin
AVG Wannabee
 
Posts: 2
Joined: Tue May 20, 2008 1:10 am

Postby sc123 » Tue May 20, 2008 8:05 am

I've never seen an AVG notification that said "Forced removal can cause system unstability or even crash". Are you sure it wasn't from something else?

Typically things in the AVG "Warning" tab are just cookies and things of that nature, which is why I said I wouldn't worry. The things you're mentioning wouldn't be listed as warnings.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Re: AVG, bad!

Postby Just_Me » Mon Jun 02, 2008 6:38 pm

I'm getting this exact same warning. All was fine while using AVG 7.5. Then I renewed my license and it upgraded me instead. Now I'm getting this warning and AVG SAYS that it's "healing" or "removing" but 35 seconds late I get a warning again. What's wrong with AVG 8???????

robin wrote:Hummm, maybe you SHOULD be concerned! tonite AVG found 650 "Warnings Count".. so, after using the previous Versions of AVG for years.. I went ahead and CLICKED: "Remove all unhealed infections"... after a few moments I get a :"Forced removal can cause system unstability or even crash".... so I clicked NO.. then I get the "blue Screen!!!" and Kernel_Stack_Inpage_Error.. appears, after rebooting:

NOW! I have no printer, no screen-image, no saving WORD docs, I think it is all but F____ ed! and being a Dell, I have NO WinXP install CD's... not good.

Careful out there,, anyone with "suggestions" ?
Just_Me
AVG Wannabee
 
Posts: 4
Joined: Mon Jun 02, 2008 6:23 pm

Postby sc123 » Mon Jun 02, 2008 7:12 pm

Just_Me:
You'll need to give some specific error codes/virus names.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

AVG Bad

Postby Just_Me » Tue Jun 03, 2008 7:14 am

The "Resident Shield Alert" comes up saying "multiple threat detection. It starts with a list of two. Both display:
Filename: C:\Program Files\Helper\Helper10.dll.
Threat Name: Trojan Horse Downloader.Generic7.OSL
Detected on open.
When I click on the down arrow to show details it shows:
1
Process Name: C:\WINDOWS\System32\regsvr32.exe
Process ID: 756
2
Process Name: C:\lsass.exe
Process ID: 720

As time progresses it continues to add 'threats' to the list (It's up to 34 now in about 25 minutes of time). ALL have the same file name and threat name (helper10.dll and Trogan Horse Downloader.Generic7.OSL). ALL reference the same Process Names (regsvr32.exe and lsass.exe). The file lsass.exe always has process ID of 720 but regsvr32.exe is always given a new process ID: 1536, 3600, 3756, 964, 2444, 196, 3324, 2800, 3200, 1148, 1728, 2860, 4088, 2220, 2072, 2316, 4068, etc.

Forgive me if these files are routine processes as part of the startup BUT...I'm not an IT expert and don't expect I should HAVE to be in order to use a quality antivirus and firewall package. Part of what I LOVED about AVG before this upgrade is that it seemed really easy to use. IF these files are all harmless, normal processes how am I supposed to know that - especially if AVG brings up words like "Threat" and "Trojan Horse." And I don't have time to google every filename that it says is a threat.

Please share your wisdom. Thanks!!
Just_Me
AVG Wannabee
 
Posts: 4
Joined: Mon Jun 02, 2008 6:23 pm

Postby sc123 » Tue Jun 03, 2008 7:56 am

Just_Me:
From what you said in your last post, it looks like AVG is doing its job. It is scanning and reporting what it finds as it scans. It may find the same trojan once, twice or two hundred times depending on how infected your system is.

You just need to let a complete scan run, and allow AVG to do its job. Once all of the threats have been identified AVG will prompt you if it needs you to interact - i.e. if it needs you to take further action.

You must realize that this is the way these programs have always worked. Perhaps you didn't have these infections when you have 7.5, or maybe 7.5 didn't detect them for some reason. 8.0 is not flawed because it finds threats.

I know it can be frustrating when an AV program finds threats and doesn't remove them. Every program I've ever used handles these situations poorly. You will always have to spend time doing manual removal at some point, if your system is heavily infested.

Run a full system scan while nothing else is going on with your computer. Let it finish. Then go to Computer Scanner>Scan History. Choose the last completed scan and in the "Results Overview" click "Export overview to file". Post the file here for us to look at.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

Postby Just_Me » Wed Jun 04, 2008 11:33 pm

You last wrote to me:
"un a full system scan while nothing else is going on with your computer. Let it finish. Then go to Computer Scanner>Scan History. Choose the last completed scan and in the "Results Overview" click "Export overview to file". Post the file here for us to look at"

I used to think I was fairly computer savy! Now I'm feeling pretty 'green.' I followed your instructions and have a file to post. However, I don't see a way to attach this file to my reply. Or do I have to open the Excel spreadsheet and copy and paste?
Just_Me
AVG Wannabee
 
Posts: 4
Joined: Mon Jun 02, 2008 6:23 pm

Postby sc123 » Thu Jun 05, 2008 6:08 am

Just_Me wrote:You last wrote to me:
"un a full system scan while nothing else is going on with your computer. Let it finish. Then go to Computer Scanner>Scan History. Choose the last completed scan and in the "Results Overview" click "Export overview to file". Post the file here for us to look at"

I used to think I was fairly computer savy! Now I'm feeling pretty 'green.' I followed your instructions and have a file to post. However, I don't see a way to attach this file to my reply. Or do I have to open the Excel spreadsheet and copy and paste?


Nah, just use http://rapidshare.com/ and then post the link.
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA

AVG 8 problems

Postby Just_Me » Thu Jun 05, 2008 10:30 pm

Okay.... Here 'tis:
http://rapidshare.com/files/120417216/4 ... e.csv.html
I've run several scans and still have the exact same thing happen - the Resident Shield alert keeps popping up no matter what I do.
Thanks for looking this over. I appreciate any advice.
Just_Me
AVG Wannabee
 
Posts: 4
Joined: Mon Jun 02, 2008 6:23 pm

Postby sc123 » Fri Jun 06, 2008 6:40 am

Ok, based on that file the only real concern is "C:\Program Files\Helper\Helper10.dll;"Trojan horse Downloader.Generic7.OSL";"Infected""

I can't find any information on that specific variant online. Try going to the Scan History in Computer Scanner. Open a scan that has this infection, and then click the Infections tab. Choose the infection and click "Remove selected infections". If that doesn't work, then you'll need to contact support for specific instructions here:

http://www.grisoft.com/ww.support-technical
Regards,
SC123 - Founder, http://www.AVGForums.com
-------------------------------------------------------
Complete uninstall/reinstall method | Other tools to try | Search the forums!
User avatar
sc123
Forum Administrator
 
Posts: 2095
Joined: Tue Jul 24, 2007 3:50 pm
Location: Virginia, USA


Return to AVG Anti-Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron