Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security alert regarding AVG


  • Please log in to reply
6 replies to this topic

#1 wish2learn

wish2learn

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 06 October 2009 - 02:29 AM

Hi Everyone,

I have Windows XP and I use AVG free.
But today I got a security alert from Zone Alarm to say that 'This program has changed since the last time it ran!'

Since I continually update AVG on a daily basis and have not seen this alert before, its confusing - should I be concerned?
Does it perhaps imply that the usual AVG updates have been somehow highjacked by something else?

Before I tick 'allow' - I would like to hear your opinions please.

Thanks kindly.

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 06 October 2009 - 11:38 PM

Does it perhaps imply that the usual AVG updates have been somehow highjacked by something else?

I don't think it has anything to do with your definitions updates. That message usually means that the program itself has changed, not that updates have been added. Could be one of two things that I know of:
1. The AVG program may update it's program/engine when you have it set for automatic updates. I don't use AVG so I don't know if they do this or not. The antivirus I use, AntiVir, does--and yes it is a bit confusing--or takes getting used to.
2. Malware has attacked AVG and thus changed the program somehow. Are you running any other security scanners like MBAM and SuperAntiSpyware? You might want to uninstall/Reinstall AVG. If you have malware I would for sure. And even if you don't, one way to find out if the program is autoupdating itself is to reinstall, then update on demand. If you get the message again then it is probably something going on with the update process itself and not malware.

You can always ask at the AVG forums:
http://forums.avg.com/us-en/avg-free-forum

I do hate to send people over there tho--I just dislike the help given if you can get any at all. Plus some people can't even get into the forum.

Let us know how it goes.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 October 2009 - 03:32 AM

Papakid, thank you very much for your response which is most helpful!
I decided to do as you suggested and reinstall AVG from scratch, just seemed safer that way.

Thanks once again :D

#4 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 October 2009 - 02:26 AM

Just for the record; should anyone stumble across this thread with a similar problem. Before you consider discarding this type of security alert as only something to do with a new AVG update... then I will tell you that once I deleted the existing AVG (which was regularly updated) and I installed the new AVG - on the very first scan it found 4 instances of a Trojan horse generic in 4 different places on my PC, that had never been picked up by any other security program I presently have or by the previous AVG.

This would seem to suggest that AVG itself is infect-able!... which is a bit of a shocker, and seems to suggest that the updates themselves might be prone to being hijacked??

Edited by wish2learn, 11 October 2009 - 02:28 AM.


#5 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 October 2009 - 03:56 AM

..ER, and now that I have been updating AVG daily as described I'm back to square one with the same inicial warning...
What to do now?

Should I move to Avira?

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 11 October 2009 - 08:55 AM

Hi again wish2learn. I'm sorry to hear you're still having troubles. I still have to say that I have never heard of updates being hijacked--if malware is going to try to cripple your protection it is usually more direct than that--but anything is possible.

Generic trojans can often be a false positive. It is unclear to me, but you seem to indicate that you went from an older version of AVG to a newer one. Is that correct? If so, please post both version numbers. This might give us a clue if it was a false positive--when it comes to dealing with computer problems, and especially malware removal, many small details may be way more important than they might seem to you. So please answer the following questions so I can get a better idea of what's going on.

1. What name did AVG give the trojan or trojans. I need the exact name, letter by letter--spelling is important.
2. What was the file name and locations (which folder) they were in if that is available to you? Again being exact is important, copy and paste if you can.
3. What is the exact message you get from Zone Alarm?
4. What are the other security program you are running? Please confirm that you did full system scans with them and they didn't find what AVG's new install found.
5. How did you go about uninstalling AVG? Did you just use Add/Remove Programs in Control Panel, or AVG's uninstall tool, etc.? Describe the process you went thru.
6. Which version of Zone Alarm are you using?

With luck you got some false positives or near positives and you are otherwise misinterpreting what ZA is telling you. It could still be AVG or ZA misbehaving. If not, then you could still be infected and I will need to take a closer look at your system to find out and offer advise on what to do. I would hold off on switching to AntiVir, altho I personally like it much better than AVG.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 12 October 2009 - 08:25 AM

Papakid, once again thank you.

Unfortunately, after the second round of security warnings I panicked, and then tossed AVG out and installed AVAST instead because it was rated most highly on CNET.
I used Add and Remove Programs to uninstall AVG. But in hindsight I think you are most likely right..about the warnings having been a false positive.
AVG served me very well for many years, but this sudden spate of security warnings unnerved me and I began to think something had become corrupted.
Had I not acted in such haste, I would have been able to give you all the particulars you asked for, but now they are gone. I always do full system scans and so the previous AVG and the latest AVG were doing the same scans.
Subsequently when AVAST did a full scan it found my PC to be clean.

I do remember that the generic Trojans listed were identical in name but found in 4 different places on my PC - they were all linked to the 'system restore'.
What alarmed me was that AVG clearly identified them as infections.
I moved them to the vault and googled the name of the Trojan but couldn't come up with anything helpful.
While searching around on the Web for more information, I got a second security warning from ZoneAlarm to say that AVG had again been changed since I last used it (I had installed the latest AVG only the day before and hadn't got this warning even after updates) so it seemed unusual.
ZoneAlarm kept pressing me to make a decision to allow or deny , so I went to see what the Web rated as the best antivirus (it used to AVG when I last checked) and found AVAST was rated best.

I was very happy with AVG - actually preferred it in many ways... but think it most odd that AVG would identify a false positive as an infection

I was under the impression that Zone Alarm updated itself regularly and I notice that the skin has recently changed of its own accord, but I cant find any identifying number to tell you which ZoneAlarm edition it is. I went to their site to manually install the latest update just to make sure.

The exact message I got from Zone Alarm regarding AVG was: 'This program has changed since the last time it ran!'

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users