Avira concern: Real-Time Guard disables itself at random!

I have two XP computers in my house, a desktop and a laptop. They both use Avira AntiVir 9.0.0.407. I update it daily. Lately, on both computers, the little white umbrella has taken to close itself without me telling it to. That umbrella symbolizes the active real-time protection of AntiVir, Guard. When the umbrella is open Guard is running. When the umbrella is closed the real-time protection is disabled.

For reasons I hope are obvious, it worries me that my antivirus is disabling its own real-time protection without checking with me first. However, the fact it's happening on two different computers makes me wonder if it's a glitch in Avira rather than malware? :confused

Have any other Avira users seen the same thing happen in the past two or three days?

Since I saw three weird and unexplainable pop-up windows flash past very quickly on the laptop earlier tonight I'm running the Read & Run for XP on it while I wait for reassurance.

 

This seems like more of a software problem rather than your computer..
Is there any other programs running that could effect the antivirus?
I do however think its awful suspicious that your anti virus turns its self off.
Is your windows firewall still on?(if you keep it on)
If not i would think it could be a malware problem.
Malware has been known to set in the background and just disable anti viruses and fire walls.
Tell me what other programs you may have running that could effect it..

 

Stupid me never checked Task Manager, but will be sure to do that if/when it happens again. When I opened Avira though, the second time it happened, the first page said "AntiVir Guard - Deactivated" I clicked the link to activate it, of course. That option in the Security Preferences is checked, and hasn't been changed.

I'll definitely check Task Manager next time... in the mean time the Read & Run procedure on the laptop found two cases of Trojan.Agent, which various Google hits say is a "fake threat" used by fake anti-malware program to trick you into installing them. Interestingly, the Avira knowledge base says it's not a fake threat at all... I'm more inclined to trust them than random Google hits. Regardless of what it is, I had Malware-Bytes nuke them per the R&R instructions, and I'll finish up the rest of the procedure this evening. The Trojans will die. :guns

 

I know what I'm doing this weekend then... Read & Run on the desktop as well. :major

Thanks for all help, you and everyone else who replied.

 

Update:

I ran the entire procedure on the laptop, and I will watch it closely in the immediate future, to see if the issues come back or not. MBAM found the Trojan.Agent thing that it nuked, and Combofix told me that a couple of things in my temp files were weird. Beyond that, nothing.

So now I'm asking for more advice: Should I bother posting my logs? I looked at the MBAM log and it says the trojan was successfully killed and the corpse burned (translation: reg entry and file were both quarantined and deleted). I really don't want to give the malware fighters more work if there's no risk to my laptop, I'm sure they are more or less buried already... so what do you think, oh ye sages who know more about malware than I do? :dancer

 

My masterful skills of observation reveal that my dual-boot with Ubuntu, created through Wubi (due to lack of optical drives on this laptop) was killed by the cleaning procedure. The option is there at boot-up, the OS itself no longer is. I blame Combofix.

The logs should be in the Malware forum in another 15 minutes or so...

 

I got that impression LOL I'll wait until I'm rid of it before putting Ubuntu back on.

 

Thanks

I got update when I rebooted the laptop earlier. The Read & Run said not to install any stuff until someone had looked at my logs, but I assumed that doesn't apply to AV updates. I'm obsessive about updating these things anyway, so if it does, I'm going to pretend I don't know that.

 

Eeeeeewwwwww.....! The laptop is only a back-up, but still. I do not want that. Yuck! :tas

 

It happened again! :***

I was on the laptop, playing Dungeon Runners for an hour or so, and then turned off the game to go check my forums. The umbrella was closed again, so I right-clicked to enable the protection, and the option was grayed out! In the program itself, it said "Antivir Guard: Service Stopped" and the magic box that is supposed to prevent that is still checked.

Of course I forgot to check Task Manager. :-o

Updated Avira, and scanning now. Will scan with the free version of Malware Bytes Anti-Malware next.

I am not having this problem on the desktop with Avira at all, and I play the same game on there constantly. I am not happy. Not happy! :tas

 

I'm back just to post a brief update, in case this happens to anyone else.

After my last post in this thread, where it happened again, I completely uninstalled and reinstalled Avira, and I haven't had any problems since. I remain cautiously optimistic.

 

I apologize for bumping my old thread, but it has happened again.

When I started my laptop just a few minute ago AV Guard was disabled and the option to enable it was grayed out in the right-click menu. This time I remembered to look in Task Manager, and the process AVGNT was there, but AVGUARD was not. I have installed ZoneAlarm since last time, could that have caused this to happen?

I opened Avira and started the service again and it's running now, but this is starting to bother me. The Avira install on the desktop computer is not having any problems at all, but on this laptop it's being really weird. I'm starting to feel uneasy about this...