AVG + Virus

  Furkin 13:38 04 Sep 2008
Locked

I have a spot of bother with my kit (see
MS WORD Formatting Probs on these pages)

Today I did a full AVG (Free) scan (3.5 hrs) and as well as picking up a few Tracking Cookies, came up with 2 Trojans – STARTPAGE.CZA, all of which I deleted.

My question is: Shouldn’t AVG have picked these up on the way in ?

To add insult to injury, it hasn’t fixed the problem !

  GANDALF <|:-)> 14:00 04 Sep 2008

AVs will not necessarily stop Trojans. They install by the owner allowing them to (such as Antivirus2009 etc.) although unknowingly. If you give permission inadvertently, no firewall, AV or spyware blocker will stop a Trojan installing. Phrase o'de day is 'common sense'. Use Superantispyware (free) to scan your computer. click here

G

  birdface 14:12 04 Sep 2008

Looks like it could be another false positive from AVG.click here

  birdface 14:17 04 Sep 2008

Ive learned not to delete anything from AVG until I find out if it is a false positive or not.it happens all to often.

  Bagsey 17:26 04 Sep 2008

Turn off SYSTEM RESTORE the rescan with AVG then restart SYSTEM RESTORE. The trojans will most likely lurking it your restore files.

  mfletch 17:31 04 Sep 2008

If it is being detected in your system restore it will have {system volume} in the location

  AvgUser 22:35 04 Sep 2008

I too had a false positive yesterday,

INSTALL_FP6_WU_R88.EXE

was reported as being infected with

Startpage.CZA

in

C:\Windows\SoftwareDistribution\Download\b83f27086a118d3876f214777d93c8a72c3cae8f

However the file has been on my system since 2006 and came with an update from MS, see...

click here
Install_fp6_wu_r88.exe 02-Aug-2006 07:55 478,360

This security update installs Flash6.ocx version 6.0.88.0and removes the version of Flash.ocx it is replacing.

There were no details of symptoms I could find to prove to myself I was not infected when I Googled
Startpage.CZA

But McAfee details Startpage.CZ at

click here

When executed, this trojan modifies the following Internet Browser settings:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "HOMEOldSP" = "about:blank"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main " Search Bar" =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Custom Search URL" = "01, 00, 00, 00"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use Search Asst"= "no"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search "SearchAssistant" =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Search Page" =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Start Page" = "about:blank"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search SearchAssistant" =

I used regedit and checked. Since none of these settings were present in my registry, I figure I have just deleted an old file I don't want anyway, since I never let Flash.ocx files be present on my system. (Flash being a security risk)

Also, I can confirm that if you turn off system restore, delete the "infection" then reboot, the false infection will be gone.

Turn system restore back on afterwards.

  Furkin 13:31 05 Sep 2008

Obviously not a AVG fault,,,,,,

Am still having trouble.

I did a full AVG scan, then disabled Restore & did it again. Came up with Startpage.CZA which I deleted.

I also ran HouseCall with Restore disabled. It came up with TROJ_DNSCHANG which I deleted.

I did a full SAS scan, then disabled Restore & did it again. Came up with a couple of minor cookies.

I have just checked temps:
M.B: 37 (99)
CPU: 47 (117)
GPU: 47 (117)
HDD: 30 (86)
Not too hot.

Am running out of your ideas,,,,,

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Hands-on: Samsung Galaxy Note 8 review

Be inspired by powerful National Theatre posters from the past 50 years

How to use the new Photos, Notes and Safari features in macOS High Sierra

Galaxy Note 8 : design, caractéristiques techniques, date de sortie