Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

All Other Software All Other Software
Search Search
Search for:
Tech Support Guy > > >

Why Not To Use AVG Free Antivirus


(!)

RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 09:21 AM #1
Why Not To Use AVG Free Antivirus
I have had AVG Free antivirus supposedly protecting my computer for several months, it used its own auto update every day to check for updates and download them so it should be fully updated at all times.
On friday I opened a file which apparently contained a trojan dropper it tried to put several malicious files on my computer including downloader trojans.
Although AVG resident shield instantly detected this activity when I ran the infected executable, and it quarentined several files, it did not prevent one of them from downloading the win32virut virus. this virus went undetected and unchecked on my computer untill AVG Free updated itself later that day, I ran AVG Free antivirus complete scans several times each time it found more files infected with the virus and the same trojans it had supposedly deleted the previous time.
Obviously AVG Free was not detecting the main downloader trojan or going any way to stop its activity.
I then discovered a huge gaping hole in AVG Free. AVG free runs regular complete scans via its own scheduler, if you do not have automaticaly heal infected files checked in the settings, AVG will not only leave the malicious files it detects alone IT WILL NOT WARN YOU OR ALERT YOU IN ANY WAY THAT IT HAS DETECTED VIRUS ACTIVITY.
the scan will run untill complete then close.
Prior to this virus attack, I had not wanted my virus scanner to be automatically deleting files without me knowing about it so I did not have Automaticaly Heal Infected Files checked. I had stupidly assumed that if AVG Free found a virus it would alert me and give me the option to delete or quarentine the file.
This means the scheduled complete scans of my system were rendered totaly useless and the only way I would find out it had detected a virus is if I went to the activity log.
This is Outragously stupid of Grisoft as many users would not want AVG Free to automaticaly delete files without them knowing and would uncheck that option without realising by doing that one thing they have rendered their scheduled complete system scans almost useless.
Unless they happen to be sitting there watching the scan as it progressed and saw it detect a virus they would have no clue they got a problem.
I like most people leave the virus scan running while I am away from the computer not realising that when the scan window closes on completion it will do so without warning me if it detected virus activity
It was pure luck that I discovered this was going on. Not long after I had ran that file releasing trojans and causeing AVG resident shield to pop up alerts, AVG ran its usual daily update and started a complete system scan. I was interested to see if those trojans had been deleted by the AVG resident shield so I watched the scan progress and saw it detect several infected files.
I left it running expecting when I came back there would be warnings and alerts on my screen about them, asking me to delete them.
When I returned the scan had finished and closed leaving nothing on my screen, I was surprised at this so I ran the scan again this time I was watching when it ended and to my amazement, although there was over 80 malicious files listed in the scan window, it completed the scan and closed leaving nothing on my screen !
I was like damn !! All this time I thought it would tell me if it discoverd something bad on my system and all along its been doing nothing of the sort. After investigating the scanners settings I decided to check the automatically heal box and run the scan again it found the same files but this time automaticaly deleted most of them and quarentined some.
Well ok you might say thats fine just keep the auto heal checked. well get this, that virus doesnt destroy the files it infects it makes them 9 bytes bigger but they can be saved, but not if AVG has deleted them.
At the same time the trojan files it detects do need to be removed, so you got 2 choices with AVG Free either give the scan carte blanche to delete all files it detects as virus, including files you may need to keep, or have it not remove any at all. There is no middle ground and this is one of the things that makes AVG a piss poor excuse for virus protection.

Since then this virus has attacked system restore so I cant restore to an ealier date. it has attacked over 100 executabe files on my computer which have been deleted by AVG. Rendering a lot of programs unusable it has attacked AVG Free itself disabling resident shield, the updater and control center causing it to give this message:

Application cannot run due to an error while verifying its electronic certificate.

I downloaded and installed a fresh copy of AVG Free it still gives that same error message. The only component of AVG Free still working is the actual scanner. Manually initiated scans are still available but that is all.
I have still not been able to remove all instances of this virus attack with AVG Free I believe there is a trojan dropper active that AVG Free is not detecting. This trojan dropper is replacing the downloader trojans everytime AVG Free removes them.
I also believe one of those trojans is downloading new copies of the win32virut virus each time they are replaced.
Even though the AVG free was properly updated and did eventually detect the win32virut virus, it did not and still does not detect any malicious files in the original file that released the trojans. That file is a 3mb executable file and is clean to AVG free even now.
On top of all that, the AVG Free forum will not send out activation emails so I even though I tried registering several times to try and join, I never receive that account activation email from them.
When I try to log in it says my account is not active so I can't post on their forum. or get any advice from AVG forum members. And I have no way of submitting to them for analysis the original 3mb file containing the trojan droppers that STILL scans as clean on AVG free even now.

In summary I would say AVG Free is a piss poor effort at antivirus, it gives you a false sense of security, allows you to think your system is protected from known virus when in fact you may as well have mickey mouse protecting your PC. Grisoft offers no viable support for this product, it was easily taken down by the virus and theyre so called free support forum manned by non grisoft volunteers is innaccessable.
I would recommend anyone who is using AVG Free Antivirus , remove it now and seek an alternative.
If anyone reading this post is also a member on the grisoft forums and has access to them I would appreciate it if you would copy paste this post and cross post it to their forum for me as I cant get on there to do it myself.
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 09:35 AM #2
I’m not sure any AV or Firewall is perfect …
And there’s no Software to protect you from Bill Gates when he decides to get confused for no good reason.

You should’ve had your computer backed up with Arconis True Image.
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 09:55 AM #3
Yea I know I should have made backups it just seems such a hassle to burn all those cd's everytime I make changes to my computer. I wish there was a way to protect the system volume information from virus attacks, but yea I didnt make backups so for me its gonna be back to the time tested antivirus routine. Format C: and reinstall windows. sigh.
Squashman's Avatar
Trusted Advisor with 19,643 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
03-Sep-2007, 09:58 AM #4
Anything I scan from the Internet gets scanned before I execute it. If I am really worried about a particular file, I will upload it to one of the online scanning sites before I execute it.
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 09:59 AM #5
CD/DVDs are obsolete ...
Using my External HD .. I can rewrite my OS partition in about 10 minutes.
All my Data is in another partition ... so I usually don't have to mess with it.

If I'm going to mess with a possible dangerous file .. I use a Sandbox anyway.
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 10:09 AM #6
This file was scanned by AVG Free it scanned as clean before I ran it. The only way I know this file was the source of the infection was by the way resident shield instantly popped up alerts about trojans on my system when I ran that file. Unfortunalty even though it detectd some it obviously did not detect or stop all of them.
The original file still scans as clean and I even uploaded it to virus total.com where they scanned it with all the well known virus scanners about 30 different ones and not one of them detected a virus in it.
This is what i dont understand is how come, when the file is run and it releases the trojans, those trojans are instantly detected by antivirus resident shield, but they are not detected while hidden in the original file.
ferrija1's Avatar
Computer Specs
Member with 7,983 posts.
 
Join Date: Apr 2006
Location: Pittsburgh, PA
Experience: Mac Addict
03-Sep-2007, 10:10 AM #7
Whenever it scans it always pops up with a message saying something like there were o viruses found. Anyways, after you have a virus, it has probably already comprised your AV and you should format and reinstall.
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 10:17 AM #8
I see you’re sorta new to TSG … So Welcome to the TSG forum.

The first thing a good virus will try to do is disable your AV.

I’m more worried about having a good Firewall.
I’ve heard that the average computer is interrogated 17 times a day by a hacker to see if they can get in the backdoor.
I once came under attack about every 20 seconds… My firewall alarm sounded like a machine gun.

Anyway …
Maybe you should join most of the gang here at TSG and get an External HD ... and …

The free trial DL is FULLY functional for 14 days …
http://www.acronis.com/homecomputing...cts/trueimage/

Get from here …
http://www.newegg.com/Product/Produc...e+10&x=17&y=33
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 10:31 AM #9
Your right it hass compromised my AV in a big way. Even installing a new copy didnt fix it becuase it has done something to the way the AV uses windows to check itself against a electronic certificate. This is actually a very dangerous and clever combination of trojans and virus. This is what i think it has done
I believe the trojan dropper was packed into the executable using a packer that made it invisible to virus scanners the trojan dropper installed it self and released downloader trojans and attacked and disabled the antivirus shield and firewall.
Once that was done there was nothing to stop the downloader trojans from downloading the win32virut virus and nothing to stop the virus itself untill I ran manual scans which take a long time to run through all the files on the computer.
I believe the trojan dropper was not detected by those scans and when the scanner detected the downloader trojans and deleted them, the trojan dropper simply replaced them.
I ran the scanner again it detected the same trojans but with new filenames, and more files infected with win32virut, it deleted them.
I ran the scan again it detected those same trojans but again with different file names and more files now infected with win32virut.
The win32virut seemed to be infecting random executable files on my computer and every time i ran the scanner and it deleted the infected executables more and more functionality in windows was destroyed along with my apps.
Internet explorer was one of the first to become unusable.
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 10:35 AM #10
The best time to backup your computer's OS with Acronis TI ... Is after you do your needed fresh install.
It also helps to partition your HD so that all your Data is in a second Partition ...
... If you have many gigs of Data stored.

A second, Bootable, HD is also very handy ...
Prevention is nice, but nothing beats a quick cure
Attached Thumbnails
Why Not To Use AVG Free Antivirus-clipboard01.gif  
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 10:43 AM #11
Yes I am quite new to this forum thanks for the welcome
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 10:51 AM #12
You might get ... http://www.majorgeeks.com/download3155.html ...
run a hijckthis log .. then go to the Malware forum here at TSG ..
http://forums.techguy.org/54-malware...jackthis-logs/
and see if one of our malware experts can fix you.

Personally, I prefer a fresh install approach.
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 11:00 AM #13
Yes i think I prefer a fresh install aproach too. Im gonna do that this afternoon, for now Ive got my old laptop I can use.
Noyb's Avatar
Noyb   (Jay) Noyb is offline Noyb is a Trusted Advisor with special permissions.
Computer Specs
Trusted Advisor with 19,332 posts.
 
Join Date: May 2005
Location: Kokomo, IN
03-Sep-2007, 11:14 AM #14
My prefered method is to use an External HD enclosure.
I pull the corrupted HD .. install a new HD ... and install Windows .. etc ...

Then, I can read the old HD in the external enclosure, and recover the data from it.

When I'm satisfied with the new HD ... I clone it back to the old one externally, and have a working spare ... or external storage ... or Both.

I use AVG free, Zone alarm free and Winpatrol .. and the money I save, is spent for backup purposes.
RockLobster's Avatar
RockLobster RockLobster is offline
Junior Member with 18 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
03-Sep-2007, 11:17 AM #15
heres a little bit of irony for you, this happend because I wanted a copy of tds 3 which you cant get anymore but I found a download of it on limewire and yes it contained the trojans that screwed my computer ..kind of ironic the app containing the trojan that took down my computer was itself an anti trojan suite lol
I still find it hard to believe that the developers of TDS3 which in my opinion was the best set of diagnostic, anti trojan and internet tools, ever made for windows, decided to stop supporting it.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑