BleepingComputer.com: Combofix and AVG

I was trying to remove a virus from a computer. I ran Malwarebytes and removed a trojan. The computer still would not open Microsoft Office software. I disabled AVG and tried to run Combofix. I couldn't do it. A message popped up saying I had to remove AVG to allow Combofix to run. So, I tried to remove AVG but couldn't. I did not have access to a registry key, So, I opened the registry editor and found that key. I had to edit the permissions for the HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Windows key. I found there were two entries for everyone that were set to deny. Once I removed the deny and said allow everyone, I could remove AVG and run Combofix. After Combofix ran, the computer appeared normal again. I then installed the Microsoft Security Essentials AV program. Has anyone had this conflict with AVG and Combofix? Is it related to the virus or a conflict. For the record, the version of AVG was 8.5.

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them. If some of ComboFix's files are removed by AVG, it will not perform its routines properly and the developer has determined this can cause damaging or "unpredictable results". This is an issue with AVG and since it cannot be effectively disabled before running ComboFix, the developer has chosen not to allow his tool to run until AVG is uninstalled first in order to avoid any possilbe issues.

Further, no one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

This post has been edited by quietman7: 21 November 2010 - 07:59 AM

I have used Combofix in the past by disabling AVG and removing viruses. This time I had to remove AVG. The computer is now working fine. The bigger question here is why could I not remove AVG? I had tried to remove AVG to install a differnet AV program but was not successful. Since the computer was unable to function properly, I removed AVG, ran Combofix. If this had not worked, or had damaged the OS, I did not care. At that point I was getting ready to wipe the computer clean and reload the OS. I am curious as to why AVG would not uninstall?

If is not uncommon for some anti-virus programs to not completely uninstall itself using the usual method of Add/Remove Programs or Programs and Features in Vista/Windows 7. In many cases anti-virus vendors provide clean-up utilities on their web sites to remove remnants left behind after unintalling or for a failed uninstall. In the case of AVG, you can use the uninstall/cleanup utility (AVG Remover) provided in AVG 2011+9.0+8.x Uninstall/Re-Install Instructions.

Other vendors do the same.

• Eset's List of Uninstallers (removal tools) for common antivirus software
  
• Ultimate List of Uninstallers for Anti-Virus and Anti-Spyware Programs
  
• Comprehensive List of Uninstallers or Removal Tools for Antivirus Software