Is this a false Positive from AVG?

  john bunyan 13:46 19 Oct 2009

I have XP, AVG8.5 free, MAB, SAS. Today my routine AVG 8.5 scan detected a mumber pf alleged trojan horses in C;\Docs and Settings\All Users\Application Data\Malawarebytes\Malawarebytes AntiMalware folder.
files ending in mbam setup.exe etc. AVG could not remove them. Then I opened my cloned (about a week ago) backup second drive and when I went tp this location in Win Explorer AVG automatically kicked in and reported a similar threat. Is this a false positive ? The threat says Trojan Horse PSW Banker5.ZOY
I am running MAB to see what happens. Any Ideas

  birdface 14:04 19 Oct 2009

have you any trojans quarantined in malwarebytes it may be picking those up.

  john bunyan 14:37 19 Oct 2009

No, just run updated MAB and found no trojans. Also AVG reports a "resident shield alert" with same thing in a restore point.The funny thing is, if I use AVG just to scan the Mab folder above, no threats are detected. Have tried to send warning for analysis to AVG but as it is free dont know if, or how long , they takr to reply. Am now going to run SAS.

  john bunyan 14:50 19 Oct 2009

The funny thing is that about once a week I do a ATI clone of ny HD to a slave disc, and an image on an external HD. Before that I scan with AVG8.5, SAS and MAB and defrag before the above. It is puzzling that AVG now. a week or so later, finds positives in the slave drive when it did not before cloning. I will update AVG 8.5 and scan again whenn SAS is finished.I hope ot is false!

  birdface 14:53 19 Oct 2009

There was a few problems with a particular site in speakers corner at the weekend as AVG were showing Trojans on some folk's computers and not others.
It led to a few small arguments.So still not sure if they were false positives or not.
it was not Exploit Rogue Scanner problems was it.

  birdface 14:55 19 Oct 2009

Maybe update to AVG9 and see if that clears it.

  john bunyan 15:00 19 Oct 2009

No, It was in the Malawarebytes folder in theory. When I scan this folder manually with AVG it says it is OK. Just running SAS now (MAB found nothing). Then I will try another AVG scan.I wonder if it is worth going back to an earlier restore point , but maybe that would not clear it if a real trojan?

  john bunyan 16:54 19 Oct 2009

Ran SAS, no prob. Running AVG again and apart from tracking cookies, no infection shown so far and the scan has passed where the trojan was said to be last time. A real mystery. I did see some chat about AVG 9 and various programmes - ZA (I don't have it) Do you think it would be OK woth (free) Comodo Firewall, MAB and SAS? Also does one need to uninstall 8.5 first. Thanks for you help!!

  birdface 17:07 19 Oct 2009

Maybe turn your firewall of before you download it.Then switch it back on.

  john bunyan 17:09 19 Oct 2009

Thanks again - just finished a second run with AVG 8.5 , this time no infection reported. I suspect this was, indeed, a false positive. I will look at version 9 but maybe wait a bit. I assume they prompt you in due time.

  john bunyan 18:55 19 Oct 2009

Because I have now rescanned my primary and slave drives again with AVG 8.5, and the primary with MAB and SAS with a clear report. Wierd.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone