AntiVirus Software problems

[Woodhall]

I have just discovered that problems with my slideshows opening slowly, or not at all, is caused by my CA Antivirus software. This has been verified by a friend who has experienced the same problem after using CA. Can anyone recommend an AntiVirus that will not cause problems with the exe. files. I started out with AVG but this was finding viruses in my slideshows.

[Ken Cox]

I started out with AVG but this was finding viruses in my slideshows.

WHO MADE THE SLIDESHOWS

WHAT VER OF PTE WERE MADE TO MAKE THE SLIDESHOWS

WHY DID YOU NOT ADVISE SOONER THAT AVG WAS CAUSING A PROBLEM

there was a problem with false virus detection with shows made with 4.3 i believe but same has been rectified

ken

[Woodhall]

I started out with AVG but this was finding viruses in my slideshows.

WHO MADE THE SLIDESHOWS

WHAT VER OF PTE WERE MADE TO MAKE THE SLIDESHOWS

WHY DID YOU NOT ADVISE SOONER THAT AVG WAS CAUSING A PROBLEM

there was a problem with false virus detection with shows made with 4.3 i believe but same has been rectified

ken

[Ken Cox]

see

http://www.picturestoexe.com/forums/index....ost&p=35474

ken

[Woodhall]

Hello Ken,

My problems with AVG started ages ago which is when I changed to CA Antivirus but a friend using Pics to Exe 5 and AVG was yesterday told that he had Trojan Horse in his slideshows which couldn''t be healed - hence he could not access his slideshows. He downloaded CA Antivirus but then his slideshows were taking an age to open, or not opening at all. I had been experiencing the same trouble with my last PC and thought I had transferred a bug across when I got my new PC and things were no better. Whilst comparing our troubles he decided to put CA in sleep mode - then his slideshows opened normally. This is why I am asking for advice on Antivirus - we both have Vista and use version 5.

Pauline

[Ken Cox]

i just rechecked the 2 files that in the past indicated a false virus with avg and they tested ok

my avg 9.53 UPDATED Aug 14 07

although it is not recommended. i run avg with bu from ca and whenever the virus alarm comes up i check with both -avg runs in the background. whenever i try to open a powerpoint show the file is scanned before it opens which knd of slows things down

possibly you should search out a free on line scanner and run it against the pte exe thatis causing a problem

also make copies of all your pte exe's and re check all your pte exe's with avg

ken

[bmccammon]

Ken Cox replied: "... although it is not recommended. i run avg with bu from ca and whenever ..."

I'm able to decipher much of you coding Ken but "bu from ca" has me totally stumped. Would you mind clarifying? Thanks.

[lathompson]

i just rechecked the 2 files that in the past indicated a false virus with avg and they tested ok

my avg 9.53 UPDATED Aug 14 07

although it is not recommended. i run avg with bu from ca and whenever the virus alarm comes up i check with both -avg runs in the background. whenever i try to open a powerpoint show the file is scanned before it opens which knd of slows things down

possibly you should search out a free on line scanner and run it against the pte exe thatis causing a problem

also make copies of all your pte exe's and re check all your pte exe's with avg

ken

Ken, it's funny that this post is made this morning and you have mentioned AVG... I just had a virus detected by AVG (updated daily) and it was an older download (LAKESIDE.EXE) that I got from the shows on beachbrook. I've watched it several times and it's never been picked up by AVG before. And on another computer, I have the downloads there too and this morning, AVG picked up a different older show and ignored lakeside.exe. That's very strange as back when everyone was having the false virus attacks, I didn't have any at all. Now, here it is. In spite of this, I will still use AVG and recommend it to everyone. Just thought this might be interesting to pass along.

[Barry Beckham]

I wonder if that Lakeside slide show was one of mine.

I have noticed tonight when I opened an old file of slide shows that some are being picked up by AVG with a trojan horse virus. They can't have of course because they were made a few years ago. One of those is Lakeside.

It appears that the problem we experienced with AVG some while ago has re-appeared. I seem to recall that last time Igor had to get onto AVG to fix the problem.

BB

www.beckhamdigital.co.uk

[Ken Cox]

Bruce

GRISOFT AVG is my running anti virus

with

ca bu = CA Anti-Virus as my installed back up

so when i download something i can double check it with a r mouse command to have AVG and or CA check it

ken

[Ken Cox]

from igor

Jan 15 2007, 08:19 AM

http://www.picturestoexe.com/forums/index....ost&p=36212

Please help us to solve this problem.

We've sent a request to AVG developers 18 days ago and still not response and Kula slide show created in PicturesToExe v3.60 mistakenly detected as a virus, yet.

"Kula". an example of slide show created in v3.60:

http://www.kulamaui.com/slideshow/kula.exe (20 MB)

GriSoft, authors of AVG antivirus:

http://grisoft.com

ken

[Ken Cox]

using my

avg 9.53 UPDATED Aug 14 07

I just checked Barry's Lakeside in my Sept 05 file cd and it is indicating a threat with AVG

but tested clean with CA

Barry's Ireland,Cumbria and Winter in the same folder all tested clean with avg

Barry any idea what version they were made with?

be very careful doing a system scan at this time - last time this false virus occured AVG trashed +- 3 gb of exe's on me

ken

[baldsparky]

Hi

I run Avg anti virus and on scanning an external hard drive tonight, it found that 2no exe's 'Lakeside and Orchids' were inffected with a 'Trojan'.

Ken you say you had 3gb of exe's trashed, does that mean to say when an exe is picked out to be infected by Avg that the exe is gone for good and that it cannot be recovered?

Many thanks

Kind regards

Paul

[Ken Cox]

yes if you do a general scan with the settings to put the virus in the vault the exe is junk but it does not bother the pte

if exe's are on a cd or dvd i think they are safe from being trashed

am in the process of selective scanning the dvd with Barry's and others files and will get back asap when scan is complete - the dvd has 4.3 gb on it and it has picked up other exe's

as well i just did updates on the avg

Grisoft AVG Ver.: 7.5.484/Virus Database: 269. 12.0 957 UPDATED Aug 16 07

and

ca engines = Computer Associates

and avg is still detecting Barry's as well as these

- <rec time="2007/08/16 16:43:07" user="pbyk" source="General">

<value>@HL_TestStarted</value>

<attr name="testname">@TestName_12</attr>

</rec>

+ <rec time="2007/08/16 16:43:39" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\1 NOV 2005 P2E DLD'S\GUZMAN\In remembrance.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 16:45:46" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\1 sept p2e dl'ds\PATRICK BANTZ\Blue_planet.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 16:46:50" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\1 sept p2e dl'ds\barry beckham\lakeside.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:03:14" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\barry\lakeside.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:03:22" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\jean pierre\Vezelay_2.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:03:55" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\jp.dollangere\Corse.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:03:57" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\jp.dollangere\Vezelay_2.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:04:00" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\jp.dollangere\the ferret Etampes.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:04:04" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\4_2005_AUGUST_P2E\robbie Hong Kong a four day experiance\hong kong.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:04:55" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\BURNED TO DVD ond 04 jfma 05\1ST 4 MOS 2005\1_2005 mar p2e\DEDORC\Test\Wildflowers.exe</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:06:14" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\BURNED TO DVD ond 04 jfma 05\1ST 4 MOS 2005\1_2005_april\London_Panorama.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:16:39" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\Patrick Bantzhaff\PATRICK BANTZ\Blue_planet.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:19:47" user="pbyk" source="Virus">

<value>@HL_ReportFind</value>

<attr name="where">Z:\french birds\Reflets.zip</attr>

<attr name="type">@EID_Id_trj</attr>

<attr name="what">BackDoor.Hupigon2.KG</attr>

</rec>

- <rec time="2007/08/16 17:20:26" user="pbyk" source="General">

<value>@HL_TestEnded</value>

<attr name="testname">@TestName_12</attr>

<attr name="infectedfiles">26</attr>

sorry for the extra text but wanted to get it posted asap

ken

[Barry Beckham]

I cannot recall what version those slide show were made with, but they are very old.

In fact, you know how time flies when your having fun. They are some of the earliest stuff I ever did so we could be talking 5 years old, or more They were made long before we moved to Ely and we have been here 3.5 years.

I will have them backed up somewhere, so the issue for me is not much of a concern. All the other early shows seem fine.

Barry

[Conflow]

Pauline,

Forgive me, but I am completely confused when you say,quoted:-

...."A friend using Pics to Exe 5 and AVG was yesterday told that he had Trojan Horse in his slideshows which couldn't be healed hence he could not access his slideshows. He downloaded CA Antivirus but then his slideshows were taking an age to open, or not opening at all"....

** Your friend was told that he had a Trojan etc; Who told him ? and why can't they be healed ?

** Trojan in all Slideshows ?~ Are these Shows on his Hard Drive or coming off a CD-Rom ?

** CA Antivirus prevents Slideshows from opening...thats a possibility, but lets test that !

** You may not be aware that certain versions of Programs are not Vista compatible...another issue.

You want a definitive answer to these problems ? do as follows:-

Click on the 'Link' below and download "XoftSpy SE" from Pareto Logic and run their Program as a Diagnostic Tool to scan your PC and selectively scan any "suspect" CD-Discs.

After downloading the Program disconnect your Internet (unplug it) and disable ANY Anti-Virus running on the PC ~ then test the PC.

This Program is probably one of the best Scanners out there, it does cost money, but the "Free Scan" will turn up anything effecting your PC ~ you will have a definitive answer, I assure you of that.

Let me know the results ?

Brian.Conflow

P.s When you hit the large Download Button its the 6th Selection down on the Left side.

Link:-

http://www.paretologic.com/

[alrobin]

FYI, today during an anti-virus scan (with AVG), the program, while going through my directories containing various saved shows which I had downloaded over the past year or so, started tagging them as containing the "BackDoor Hupigon2.KG" Trojan horse virus, and deleting them.

Fortunately I happened to notice what was going on and stopped the program before too much damage was done (I also had most of them backed up as well).

I have written to AVG to verify whether this is a repeat of the problem we had with them some time ago, or whether the threat is real. In the meantime, be careful what you scan with either AVG or Kaspersky, as I had a similar problem with the latter a-v program when I ran their on-line trial scan yesterday.

[Peter S]

Hi Pauline,

I have had several problems with CA Internet Security Suite affecting my slide shows. I also had a problem when Igor sent me my Registration Key. The CA software changed the zip file extension to EFW and it took me some time to find out that this was a CA security measure! Not very helpful.

I have changed to using Zone Alarm which looks very similar to CA's product. (I understand that the CA firewall came from Zone Alarm originally.) I have had no problems with Zone Alarm.

Kind Regards

Peter

[Conflow]

XoftSpy-SE Anti-Virus/Hijacker Program Trial

Following from my Post No:675 of yesterday and Al Robinsons comment about his 'Kaspersky Trial Scan'

and the problem he encountered ~ I want to assure all readers that no such problems exist with XoftSpy SE.

We have used this Program and its different upgraded versions since 1998.

Note

XoftSpy Trial will simply scan your PC and give a Report on what it finds ~ it neither interferes with, nor

will it removes anything from your PC. That decision is left up to you if you wish to purchase the Program.

Hallmarks of a good Anti-Virus Program

1) Good AntiV Programs always come with a simple efficient Clean Uninstaller

2) They will attempt to 'Repair the Rogue-File' and if unsuccessful they will 'Quarantine' it.

3) They never auto-delete a Rogue File ~ that decision is left entirely to you with Warning.

4) They will attempt to auto-update your AntiV Definition Files every 2/3 days if you allow them.

5) After a few updates they will allow you to re-scan the Quarantined Folder to effect a repair.

6) Good AntiV Programs always offer a utility to scan CD-Discs, Memory Pens and Floppy Discs.

Your Security

* If the 'infection' came from a Internet Download ~ Your AntiV Program is useless or out of Date.

* If it came from a CD-Disc or Memory Pen or Floppy Disc ~ then its your fault for not scanning it first.

* Make sure you install an 'Innoculation Program' like Spybot or WinCare2, its vital you do so.

* Have you installed the latest 'Microsoft Patches' ~ if not ~ you gave the Hacker a personal Visitation Card.

* If you run XP or Vista and you 'switch-off' the System Firewall, need I say what I think.....

Simple thruths ~ some hurt, but at the end of the day, its down to one's own personal vigilance !

Brian.Conflow.

[Woodhall]

Pauline,

Forgive me, but I am completely confused when you say,quoted:-

...."A friend using Pics to Exe 5 and AVG was yesterday told that he had Trojan Horse in his slideshows which couldn't be healed hence he could not access his slideshows. He downloaded CA Antivirus but then his slideshows were taking an age to open, or not opening at all"....

** Your friend was told that he had a Trojan etc; Who told him ? and why can't they be healed ?

** Trojan in all Slideshows ?~ Are these Shows on his Hard Drive or coming off a CD-Rom ?

** CA Antivirus prevents Slideshows from opening...thats a possibility, but lets test that !

** You may not be aware that certain versions of Programs are not Vista compatible...another issue.

You want a definitive answer to these problems ? do as follows:-

Click on the 'Link' below and download "XoftSpy SE" from Pareto Logic and run their Program as a Diagnostic Tool to scan your PC and selectively scan any "suspect" CD-Discs.

After downloading the Program disconnect your Internet (unplug it) and disable ANY Anti-Virus running on the PC ~ then test the PC.

This Program is probably one of the best Scanners out there, it does cost money, but the "Free Scan" will turn up anything effecting your PC ~ you will have a definitive answer, I assure you of that.

Let me know the results ?

Brian.Conflow

P.s When you hit the large Download Button its the 6th Selection down on the Left side.

Link:-

http://www.paretologic.com/

[Conflow]

XoftSpy-SE Anti-Virus/Hijacker Program Trial

Following from my Post No:675 of yesterday and Al Robinsons comment about his 'Kaspersky Trial Scan'

and the problem he encountered ~ I want to assure all readers that no such problems exist with XoftSpy SE. We have used this Program and its different upgraded versions since 1998.

Note

XoftSpy Trial will simply scan your PC and give a Report on what it finds ~ it neither interferes with, nor

will it removes anything from your PC. That decision is left up to you if you wish to purchase the Program.

Hallmarks of a good Anti-Virus Program

1) Good AntiV Programs always come with a simple efficient Clean Uninstaller

2) They will attempt to 'Repair the Rogue-File' and if unsuccessful they will 'Quarantine' it.

3) They never auto-delete a Rogue File ~ that decision is left entirely to you with Warning.

4) They will attempt to auto-update your AntiV Definition Files every 2/3 days if you allow them.

5) After a few updates they will allow you to re-scan the Quarantined Folder to effect a repair.

6) Good AntiV Programs always offer a utility to scan CD-Discs, Memory Pens and Floppy Discs.

Your Security

* If the 'infection' came from a Internet Download ~ Your AntiV Program is useless or out of Date.

* If it came from a CD-Disc or Memory Pen or Floppy Disc ~ then its your fault for not scanning it first.

* Install an 'Innoculation Program' like Spybot or WinCare2, its vital that you do so.

* Have you installed the latest 'Microsoft Patches' -if not- you gave the Hacker a personal Visitation Card.

* If you run XP or Vista and you 'switch-off' the System Firewall, need I say what I think.....

Simple thruths ~ some hurt, but at the end of the day, its down to one's own personal vigilance !

Brian.Conflow.

[Woodhall]

Brian,

I apologise for the misuse of the English Language in using the colloquial expression "told" when I should more accurately have intimated that it was an on screen warning that a virus had been detected during an AVG scan.

Again the source of the information that the virus could not be healed came from the AVG Virus Vault, object details which simply reads - Healable - No.

Don't ask me why, I don't know, but possibly reading some of the more helpful responses it could be because there is nothing there to heal!!

You also seem to be mixing the AVG virus problem with the CA slow running problem and viewing them as one rather than recognize that the cause of the CA problem was only discovered because of seeking a solution to the AVG problem.

I stopped using AVG about 18 months ago because it was reporting problems with CDs created on other peoples computers and bought CA Antivirus.

Pauline

[Conflow]

Hi Pauline,

Thanks for your reply ~ Ahhh now I see where you are coming from ~ don't mind the mix-up.

Concerning AVG and CA AntiV, no I was not confusing them. I gave due consideration

to both, individually and seperately, because I'm in that business...not of my own wishes !

Both AVG and CA (and others) have certain know issues which effect users from time to

time in that they create "Catch 22" situations which are extremely difficult to diagnose.

Such as:-

False Positives - change of File of Types - changing File Extensions - ignoring embedded Scripts.

So rather that "messing around" with them, its always better to seek an alternative diagnosis, its

why I suggested you run an 'XoftSpy-Scan' to establish an independent Report for comparisons.

Had it not turned up in the 'XoftSpy Report' then its likely you have an AntiV Program problem.

If XoftSpy Reported it - then I can assure you it's a genuine Virus/Trojan or malicious Script.

Should you have cracked the problem - thats good News - if not, remember there are other ways.

Regards,

Brian.Conflow.

[Lin Evans]

Brian is right but we must keep in mind that there are thousands if not hundreds of thousands of worns, trojans, viruses, etc., and no matter how good your firewall or software protection, it's always possible for some to slip through.

Right now I have one which none of these programs can detect or remove. It's a browser hijack and disable infection. I have ParetoLogic, Adaware, NOD32, Spyware Doctor, Uniblue Spy Eraser, Uniblue Registry Booster, Bug Doctor and Registry Mechanic. Of these only Registry Mechanic can find the "result" of the infection and "fix" it, but the infection immediately returns after clicking on Internet Explorer.

What it does is hijack the browser and instead of going where you wish, redirects to what appears to be a number of different commercial sites such as on-line gambling. If the user then decides to add that unwanted URL to IE's security risk section, the virus then acts like an angry child and disables IE. IE will be running in the Task manager, but it's impossible to know without looking because after clicking on the IE icon, nothing appears to happen. Typically one will click several times and in doing so actually be opening several instances of IE but be totally unaware.

None of the above programs finds any problems except Registry Mechanic which always reports this:

As seen above, the problem appears to be in the IE caches. When Registry Mechanic removes it, then the next time one clicks on the IE icon it opens normally, but as soon as it's closed or someone opens an email and clicks on an internet link, the pesky virus again infects the cache and disables IE.

I would love to find the zit-faced adolescent who programmed this and drop a cup-full of fire ants down his pants and watch him squirm for a couple hours! I had to install Firefox to use the internet again and I have over 40 hours chasing this problem which is still not resolved.

The bottom line is that most computers are not free of infections no matter how good the removal or protection tools. It's like treating a human with the cold virus. It's more a matter of staying ahead of the germs and virus than removing them completely and killing the ones which are the most dangerous - LOL

Best regards,

Lin

[Conflow]

Hi Lin,

I'm fairly sure that I know what this "Pest" is. In my experience its a rogue BHO or 'Browser Helper Object' which usually resides under the main 'IE Windows ToolBar' on the top of the IE Search/Home Page.

Most BHO's are an 'aid' to faster browsing amongst other things, but there are others....

Then you have the "rogue" BHO whose sole purpose is to "Hi-Jack" your Home/Search Page and create a Mimic Copy of your Home/Search Page which it installs to the IE5 Cache. If you attempt to remove it they are designed to migrate and multiply with the assistance of a 'Mimic System dll' ~ yes they copy a System dll. This dll is modified to generate a replica's of the 'Mimic Search/Home Page' which it installs to the IE5 Cache,viz:- Cache1 ~ Cache2 ~ Cache 3 ~ Cache4 and I have seen it go as far as 85.

Have a closer look at your "Attachment" your Cache Image, clearly shows 1,2,3,4 replications.

No its not a...."zit-faced adolescent", its a Corporate Hit-Organisation who get $0.50cent to $0.75cents each time they transfer you to one of their Host Clients...it's big Business and these Programs cost real money. Bye the way Firefox is not immune to these activities either.

Why can't all these AntiV Programs get this thing ?...thats very simple, these Programs are designed to ignore genuine Windows System Dll's. The "rogue dll" is a carbon copy of the genuine article so its passed over and not detected. Now if you clean out the cache, the dll "hook" to the cache will recognise your action and promptly replicates the Mimic IE Window again. So you have a classsic "Catch 22" situation. Also that 'Mimic Dll' moves around the System to avoid entrapment.

You have:- a 'CoolWebSearch Hi-Jacker Trojan Replicator'...there are a few, and they are very clever.

I have Tools to trap this and get rid of it ~ I won't publish these here for obvious reasons on a Public Forum,but if you contact me off List via EMail (NO LINKS PLEASE) and plain Text only, I will send you what you need.

Brian.Conflow.