My AVG antivirus gets disabled, hosts file and others modified

Hello and thanks in advance for any help. A few days ago I was on the internet and my avg antivirus went dark (instead of active, colored). I ran the avg scan and it found no infections however in the Test Results log, under the 'Virus Results' tab, it says the Hosts file status has Changed. Also the Ntoskrnl.exe status has changed.

I followed the cleaning steps here, and have logs. The Spybot and AVG anti-spyware were clean. I'm concerned because this is the second time this has happened this week. I've come to a dead end and I haven't found online virus scans that work with Vista rolleyes.

Today I uploaded those two files (hosts and ntoskrnl.exe) to Jotti, and ArcaVir found Heur.W32 from the ntoskrnl.exe file. I copied the results if it's needed. I haven't been able to find any info on Heur.w32.

Oops, I forgot that this actually first happened when I opened an email from a friend, not an attachment, but an email.

 

Your logs are clean, everything looks good.

When you say your AVG AntiVirus system tray icon went dark, this means it has not been updated and needs to be updated as in it's definitions. If you right click on the icon and select "Check for updates" and allow it to update this should be resolved.

Also, when AVG reports something as "Changed", this is also normal as this occurs when updates are installed via Windows Updates or some other type of update. When patches are applied or updates installed the files are in fact "changed" as they are being updated so this is normal for AVG to report.

Again, your logs are clean, they show nothing malicious.

 

Thank you bggarrick
Well the AVG is updated every other day. The only thing that I ran was Ccleaner, would this make the avg go dark?

Also, why would it go dark when I opened the email I received?? Is this just coincidence?

My hosts file is 'read only' so is it possible for it to be changed?

Last question...should I not be concerned about the Heur.W32 malware that was found with the Jotti scan?

Thank you !!!

 

I wouldn't think so.

Sounds like it, I've seen it go dark just sitting there a day without updates.

If it's Read Only then it shouldn't be modified however anything is possible with antispy and antivirus programs.

No, because it's the only detection meaning it's more than likely a false positive.

 

Thanks so much bjgarrick :wave

 

Your Welcome!:major