AntiVirus Software problems

[Ronniebootwest]

Hello Brian,

It is encouraging to see that you are still active with helping others with computer security. I well remember your valued assistance a couple of years ago, when you taught me how to protect my computer. I have changed computers twice since, but always make a point of installing the protection programs you advised me to use. Touch wood! I have not had any problems yet with viruses, trojans etc. I think a lot may be down to my following your good advice.

Ronnie West

[Conflow]

Ron,

I appreciate that compliment ~ "Touch Wood" its great to hear everything is O.K for you ~ I have not

forgotten that 'other item' I promised you, I am getting there slowly. I now appreciate the toil that you

guys put into writing those Tutorials, damn its hard work !

Be back to you soon...

Brian.

[Bas]

Pauline,

Forgive me, but I am completely confused when you say,quoted:-

...."A friend using Pics to Exe 5 and AVG was yesterday told that he had Trojan Horse in his slideshows which couldn't be healed hence he could not access his slideshows. He downloaded CA Antivirus but then his slideshows were taking an age to open, or not opening at all"....

** Your friend was told that he had a Trojan etc; Who told him ? and why can't they be healed ?

** Trojan in all Slideshows ?~ Are these Shows on his Hard Drive or coming off a CD-Rom ?

** CA Antivirus prevents Slideshows from opening...thats a possibility, but lets test that !

** You may not be aware that certain versions of Programs are not Vista compatible...another issue.

You want a definitive answer to these problems ? do as follows:-

Click on the 'Link' below and download "XoftSpy SE" from Pareto Logic and run their Program as a Diagnostic Tool to scan your PC and selectively scan any "suspect" CD-Discs.

After downloading the Program disconnect your Internet (unplug it) and disable ANY Anti-Virus running on the PC ~ then test the PC.

This Program is probably one of the best Scanners out there, it does cost money, but the "Free Scan" will turn up anything effecting your PC ~ you will have a definitive answer, I assure you of that.

Let me know the results ?

Brian.Conflow

P.s When you hit the large Download Button its the 6th Selection down on the Left side.

Link:-

http://www.paretologic.com/

Brian,

As I am experiencing AVG identified virus problems with pte files following a recent update, I followed your links as above. Unfortunately there does not appear to be a Vista version of the suggested program - and I feel I have enough problems without creating new ones by experimenting!

Barry

[MikeL117]

Brian is right but we must keep in mind that there are thousands if not hundreds of thousands of worns, trojans, viruses, etc., and no matter how good your firewall or software protection, it's always possible for some to slip through.

Right now I have one which none of these programs can detect or remove. It's a browser hijack and disable infection. I have ParetoLogic, Adaware, NOD32, Spyware Doctor, Uniblue Spy Eraser, Uniblue Registry Booster, Bug Doctor and Registry Mechanic. Of these only Registry Mechanic can find the "result" of the infection and "fix" it, but the infection immediately returns after clicking on Internet Explorer...

Hi Lin

I'm sure that Brian's solutions will clear your infection but for others who may have caught one of these particular nasties, I found Prevx available from www.prevx.com to shift at least one of these. It is free to install

I recently caught one (my own fault, I was relying on the anti-nasty software and was complacent) that used two system dlls I had identified the problem files but could not remove them manually, no anti virus or antimalware software could even see it except Prevx which painlessly removed it.

Mike

[Conflow]

Hi Mike,

Yes you are quite correct, many of the 'CoolWeb' Hijacker/Trojan "Pests" use 2 x System dll's,one is genuine and the other is a 'mimic' of the real thing ~ big problem being, which is which ??

But the 'mimic dll' is only part of the problem, it depends which Trojan Hook is activating it, and how ?

Some recent versions of CoolWeb are using 'cloaking techniques' to hide the mimic ~ in your case you were extremely lucky that the Prevx Program caught the right one ~ others have no been so fortunate because most 'so-called' CoolWeb killers simply kill the Trojan but leave the active mimic behind.

Personally I prefer to immobilise the migration of the mimic dll, find out what it is, then deactivate it

and go after the Trojan, kill that,repair IE and do a total System Scan including DiscPartitions and External Drives, finally I quarantine that 'mimic' so my AntiV will always have a reference copy.

Best regards,

Brian.Conflow.

[Woodhall]

Hi Pauline,

I have had several problems with CA Internet Security Suite affecting my slide shows. I also had a problem when Igor sent me my Registration Key. The CA software changed the zip file extension to EFW and it took me some time to find out that this was a CA security measure! Not very helpful.

I have changed to using Zone Alarm which looks very similar to CA's product. (I understand that the CA firewall came from Zone Alarm originally.) I have had no problems with Zone Alarm.

Kind Regards

Peter

[Woodhall]

Thank you for your reply regardiing CA Antivirus. I am not concerned about AVG as I do not have this on my PC now. My query has generated lots of info about AVG but nothing really helpful about CA. Zone Alarm is a firewall so I do not think this would help with my problem. I am currently waiting for a reply from CA to an e mail I sent them stating the sequence of events. If I do not get a satisfactory solution I will not renew my subscription but continue my search for an Anti Virus that does not see Pics to Exe files as a threat.

Pauline

[Ken Cox]

Pauline while waiting for CA to reply

please try this

try putting CA in snooze mode

and

time opening a p2e exe

make it active

then time it's opening again

when i open a powerpoint file my avg scans it before it will allow it to open and the larger the file the longer it takes

ken

[Woodhall]

Pauline while waiting for CA to reply

please try this

try putting CA in snooze mode

and

time opening a p2e exe

make it active

then time it's opening again

when i open a powerpoint file my avg scans it before it will allow it to open and the larger the file the longer it takes

ken

[Woodhall]

Hi Ken,

I have already done as you suggested and the difference is amazing - this is what led me to believe that CA was causing the problem. When I try to access a slideshow from a CD with CA active, windows reports that the CD is not responding and the screen goes grey - after quite a while the Pics to Exe icon appears and eventually the slideshow begins. The slideshows on my hard drive were contained in a folder in My Documents - it even took a long time to open My Docs. This is very frustrating as I purchased my new PC because of this - thinking my old one was not working properly - and then to find exactly the same thing happening with the new faster model.

Pauline

[ipple2meet]

I have just discovered that problems with my slideshows opening slowly, or not at all, is caused by my CA Antivirus software. This has been verified by a friend who has experienced the same problem after using CA. Can anyone recommend an AntiVirus that will not cause problems with the exe. files. I started out with AVG but this was finding viruses in my slideshows.

Hi Pauline - I use CA on a number of different PCs, and the effects you describe are present, but can be cured. I create a folder called PLAY, which can then be made an exclusion within the CA programme. From the CA Scan Settings menu click Modify on the Real-time Scanner row, and Add the "PLAY" folder through the browse facility. When you accept new AVs they should still be loaded into a normal folder, subject to scanning, but can then be copied into the PLAY folder. Anything in that folder will not be scanned when launched, and the problem effects will dissappear. You will also notice that icon appearance is instant, rather than delayed as occurs in a scanned folder. Once running, the transitions are likely to be smoother, and any sound breaks should be cured. Hope this works for you. Alan

[Ken Cox]

well Pauline guess you got a spare computer now -- use it for backups or testing new stuff

i have my old one for those purposes

ken

[Woodhall]

Hi Pauline - I use CA on a number of different PCs, and the effects you describe are present, but can be cured. I create a folder called PLAY, which can then be made an exclusion within the CA programme. From the CA Scan Settings menu click Modify on the Real-time Scanner row, and Add the "PLAY" folder through the browse facility. When you accept new AVs they should still be loaded into a normal folder, subject to scanning, but can then be copied into the PLAY folder. Anything in that folder will not be scanned when launched, and the problem effects will dissappear. You will also notice that icon appearance is instant, rather than delayed as occurs in a scanned folder. Once running, the transitions are likely to be smoother, and any sound breaks should be cured. Hope this works for you. Alan

[Woodhall]

Hi Alan,

I will do as you suggest - thanks a lot - I feel that at last I am getting somewhere (hopefully). Reading through your instructions I can't see how this would apply to CDs - should I disable CA while they open and then put them into the folder?

Sorry if I appear thick (I am!) but can only plead a bad cold and old age as an excuse.

I will let you know how I go on.

Thanks

Pauline

[Woodhall]

Hi Pauline - I use CA on a number of different PCs, and the effects you describe are present, but can be cured. I create a folder called PLAY, which can then be made an exclusion within the CA programme. From the CA Scan Settings menu click Modify on the Real-time Scanner row, and Add the "PLAY" folder through the browse facility. When you accept new AVs they should still be loaded into a normal folder, subject to scanning, but can then be copied into the PLAY folder. Anything in that folder will not be scanned when launched, and the problem effects will dissappear. You will also notice that icon appearance is instant, rather than delayed as occurs in a scanned folder. Once running, the transitions are likely to be smoother, and any sound breaks should be cured. Hope this works for you. Alan

[Woodhall]

Hi Alan,

Have received a reply from CA Tech. help referring me to a site which refers to Heuristic Scanning - this is used to find unknown viruses and threats that have not yet been catalogued, Their advice is to turn this off in the advanced settings. Hopefully this will sort things out for me and perhaps other CA users.

Perhaps I can now have a rest from the Forum - it is quite fascinating reading all the replies - and time consuming!

Thanks for your help.

Pauline

[alrobin]

I received a note from AVG that they are looking into this possible false positive indication.

Meanwhile, it seems to be only shows created with a certain older vintage of PTE (similar to the previous outbreak of false positives concerning PTE shows). As indicated in the images below, the Explorer icons for these shows are all of the same design (and vintage of PTE).

FYI, I have also included the warning messages from AVG to indicate the type of virus AVG is claiming these files possess.

[Conflow]

Al,

How right you are ~ I have seen that 'defect' before, I think it was in Pte 4.38 and Pte 4.41 or some version

around that era. I my case it came from downloaded CD-Discs and from 2 CD's I made myself.

I chased after the 'defect' and in my case with my 2 CD's I had not set-up 'Nero Burning' to ISO 9600 and

as a result the proper Pte.Icon was reproduced as the default 'Blue-Box Windows Icon' = Unknown Exe.

It might be that Grisoft AVG interpret's the 'Blue-Box Icon' as a possible 'rogue Exe' and responds to it.

Just a thought....

Brian.Conflow.

[alrobin]

Just received this note from AVG Technical Support:

"This false positive detection will be removed within the next Virus Base update of AVG. Afterwards, the file should be no longer detected as a virus."

[Ken Cox]

Tuesday, August 21, 2007

AVG updated and Barry’s Lakeside ok

Grisoft AVG Ver.: 7.5.484/Virus Database: 269. 12.1 963 UPDATED Aug 20 07

ken

[Hemjr]

Al,

Thanks for staying on top of this with The AVG technical group I really rely on AVG and have not run it since this problem occurred. It is good to knnow that they are receptive to correcting this type problem. Will update and run.

Howard