Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Felicia]

OK, I have a question about AVG. 

I've been using it happily for a couple of years now.  However, I recently upgraded to version 9.0x, and am starting to see some "weird" things happening on my personal machine.  The most disturbing is the sudden spike of infections that this new version of AVG is finding.  I had always kept the virus definitions up to date on the previous version of AVG that I had, which I think was 8.5.  A fair number of these are listed as Trojan horses (ick) with SHeur. in the designation.  I checked out AVG's virus dictionary and came up with no results.

Has anyone heard of specific examples of "real life" Trojans with SHeur. in their names?  If so, how bad are they?  How hard is it to remove them?  Is quarantine by AVG in their virus vault sufficient?

I am aware that some users are reporting false positives by AVG on non-malicious code.  I am also aware that AVG is apparently not compatible with Zone Alarm.  Could this be what I'm seeing?

Any help or explanations would be most appreciated. 

Felicia

[Oni no Ted]

'Sheur' sounds like AVG's version of a heuristic scan.

AVG thinks it's a viral file, but isn't quite sure what it is.

what files are coming up in the scan?

what is the full designation of the virus(es)?

[Felicia]

'Sheur' sounds like AVG's version of a heuristic scan.

AVG thinks it's a viral file, but isn't quite sure what it is.

what files are coming up in the scan?

what is the full designation of the virus(es)?

The following items currently reside in the virus vault of the version of AVG that I have installed:

Trojan horse SHeur3.DAE
Trojan horse Generic17.BIV  (this one showed up twice)
Trojan horse Generic17.BHY
Trojan horse Generic2_c.TIN
Trojan horse Generic17.ELP

Most of these were discovered in Local Settings/Temp files, according to AVG.  One was found in C:WINDOWS/system32.bjzg1.dll.

Trying to go through the AVG Forums to discover an answer to this was painful.

Felicia

[Oni no Ted]

The following items currently reside in the virus vault of the version of AVG that I have installed:

Trojan horse SHeur3.DAE
Trojan horse Generic17.BIV  (this one showed up twice)
Trojan horse Generic17.BHY
Trojan horse Generic2_c.TIN
Trojan horse Generic17.ELP

Most of these were discovered in Local Settings/Temp files, according to AVG.  One was found in C:WINDOWS/system32.bjzg1.dll.

The windows file might be a symptom of a larger problem

I would delete the files in the VV and do a full system scan using the most thorough settings AVG has.

[Felicia]

The windows file might be a symptom of a larger problem

I would delete the files in the VV and do a full system scan using the most thorough settings AVG has.

The scan that ran earlier today did not have any positive results.  Also installed Spybot last night... it cleared out a bunch of crap.  I will go ahead and clear out the VV.  I'll let you know what happens with the next AVG scan.

Felicia

[klz_fc]

Just in case, I'd suggest using Malwarebytes Anti-Malware program and/or Superantispyware and run them through your machine. They identify things that AVG and Spybot don't pick up. We use them at work, and often use them to submit the malicious files to the antivirus companies so they can update their definitions.

[Felicia]

I kicked off an AVG scan last night at midnight and didn't find anything.  Since running Spybot, I've noticed that the AVG scans are taking about half the time that they used to. 

I will *strongly* consider adding one of the other recommended anti-malware/virus/etc programs mentioned.  If anything else pops up, I will let you all know.

Thanks for the info!

[Felicia]

Just in case, I'd suggest using Malwarebytes Anti-Malware program and/or Superantispyware and run them through your machine. They identify things that AVG and Spybot don't pick up. We use them at work, and often use them to submit the malicious files to the antivirus companies so they can update their definitions.

Another update.  I added Malwarebytes' Anti-Malware program to the arsenal this afternoon, and ran a thorough scan.  This found 3 infected registry keys and 1 infected registry value.  The new program did quarantine and remove the items.

Felicia

[klz_fc]

Another update.  I added Malwarebytes' Anti-Malware program to the arsenal this afternoon, and ran a thorough scan.  This found 3 infected registry keys and 1 infected registry value.  The new program did quarantine and remove the items.

Felicia

If it helps, this basically says that Spybot removed the infections, but left some pieces in the system. The Registry keys and values are basically pointers to those infected files, so on their own are not strictly bad, but would help if your system got reinfected.

[Felicia]

If it helps, this basically says that Spybot removed the infections, but left some pieces in the system. The Registry keys and values are basically pointers to those infected files, so on their own are not strictly bad, but would help if your system got reinfected.

The explanation is greatly appreciated....  Having switched my web browser recently to Firefox should also help.

Again, thanks everyone!!

Felicia