AVG 8 suddenly reporting a large number of "warnings"

Hi!

I kicked out avg 7.5 free and installed avg 8.0 free. Don't know if the new version is being overly sensitive, but scanning the hard drive the updated avg it is finding a variety of threats connected to a number of registry values. Both vundo and virtumonde is called ("adware"), and there is also a number of number of "trojans"/"downloaders".

None of the threats reported are actual files/executables, only registry entries. After the scan, the conclusion is I have no infections, no spyware but 219 "warnings".

I am not experiencing very many symptoms of malware. I have noticed that some certain site never showes me the embedded pics, as well as having noticed that spybot never seems to be releasing any updates, which actually has been bugging me for some weeks. Maybe also some lagginess when browsing. Other than that, nothing.

Besides avg 8, my protection includes zone alarm and spyware blaster. I am regularly scanning with spybot (+immunization) and a2.

AVG 8 log is included. Please tell me if I should continue with the "Read and run me first".

Thanks.

 

Hi a_hansen,
Welcome to Major Geeks!

To check the validity of AVG's claims, you may want to go through the READ & RUN ME FIRST and attach the requested logs so we can see if there is any malware showing up that would confirm these findings.

There have been some issues with AVG's upgrade to 8.0. I recommend going back to 7.5 until they've worked out the problems.

abri

 

Hi abri,
thanks for your reply. I have also considered reverting to avg 7.5 due to the supposedly larger footprint of avg 8.0. What would be your first choice - going back to 7.5 and choose to forget about the lengthy list of trojan warnings or digging in to the read and run me?

It is past midnight here so I will check back in tomorrow morning.

Thanks.

 

chaslang,
thanks for your reply. What you are saying makes sense. I don't understand "the values of the compatibility flag", though.

Furthermore, all these 219 "warnings" have now been sent to the virus vault. Following your thinking, does that equal inhibiting the spyware blaster/spybot protection? If so, should I restore these items from the vault?

 

OK. So examining the keys in regedit would tell us if these are blocks created by spyware blaster. If that is the case, would keeping them in the virus vault inhibit protection? And would the right action be to restore them from the vault?

 

I see. Will check this out further tomorrow. It seems the new avg is not meant to be used side by side with additional malware protection. Thanks this far!

 

The thing is that all of the HKLM entries avg was shouting about are missing the Compatibility Flag all together. Every other key in the long list of HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\... has a Compatibility Flag subkey set to 1024/0x400, but not these. What does that tell us?

 

Will follow your advice tomorrow, it's bedtime over here!

 

Hi chaslang,
yes your assumption was correct. There is actually a direct correlation between the active x protection of spyware blaster and the warnings of avg 8. Removing the quarantined objects, disabling all the protection of spyware blaster, restarting the PC and rescanning with avg ended in a clean result. Reenabling spyware blaster made the avg warnings come back.

For now I would like to revert to AVG 7.5 (or maybe give NOD32 a try). Do you happen to be aware of a trustworthy link to AVG 7.5?

Many thanks

 

Right, I will find a link via the avg free forums. Grisoft will support AVG 7.5 with updates all through 2008 it seems.

I will take this opportunity to express my admiration of the malware forums at majorgeeks. I am actually visiting this place several times a week just to enjoy the way you guys work to find a solution to malware problems. You chaslang has always come through to me as a true artist in this field of work and following your skills is a pleasure.

Nowadays your procedures have become more standardized, which must be a blessing, but I still have a hard time understanding how you guys find the energy on a daily basis to be present here and still combine this effort with the rest of your daily chores. I mean, you could get paid to do this. Or at least provide the option to donate.

Enough from me and once more, thank you!

EDIT: Posted prior to seeing the addition to your post. Agreed, if avg does not fix this it will be very annoying to use.