AVG 2012

[Ken Cox]

Ken,

Thanks, but I can't reproduce this issue on my computer. I installed latest AVG Anti-Virus Free Edition 2012 with latest updates and it shows nothing for this file (FLIGHT OVER OAHU). This show created in PicturesToExe 7.0.2

I also uploaded sample shows created in PicturesToExe 7.0.0, 7.0.1, 7.0.2, 7.0.3 to VirusTotal.com service and AVG has no detections.

IGOR

the screen shots in this thread do not lie

avg is nailing 3.65 stuff - even my reg key

the tutorials that were written be your staff -- written with ver 5 era are being picked up

the show that i reported at 02:00 am was picked up ,after another dat update a few hrs later it was ok - -we are are publishing the data for you as soon as possible --but if you dont read the thread for a few hrs the problem could be gone

ken

[Ken Cox]

AVG 2012.0.1890

DAT 2109/4692

13 TROJANS

SAME AS EARLIER SCANS

KEN

[Conflow]

PROBLEMS WITH AVG

Hi Guys,

I have just read the current thread about AVG-Problems and then decided to do some investigations, results as follows:-

1)

An exhaustive search for "TrojanHorse BackDoor.Generic14.CDXE" yielded no results what so ever excepting the word "Generic"

which raised distant memories of a descriptive nature which always implied that a problem was "Generic to an Op-System".

2)

I then investigated the File-Naming structures used by many Forum-Members and not to put too fine a point on it many of the

'attachments' showed File-Names containing "Invalid and/or/ Reserved Characters" which should never be used in File-Titles.

The repetitious the use of symbol: \ (Backslash) and repititious File-Name will cause problems with any Anti-Virus as that

mimics a typical Trojan characteristic of multiplicity such as when a Trojan multiplies itself again and again....

See Microsoft-Article No: 177506 (Invalid-Characters) below.

See Microsoft-Article No: 826763 (Access: Reserved-Characters) below

I fear that the current spate of AVG False-Positives may be nothing more that AVG's sensitivity to File-Naming protocols.

Brian (Conflow)

[David Porter]

PROBLEMS WITH AVG

An exhaustive search for "TrojanHorse BackDoor.Generic14.CDXE" yielded no results what so ever excepting the word "Generic"

which raised distant memories of a descriptive nature which always implied that a problem was "Generic to an Op-System".

Brian (Conflow)

When I had AVG and it picked up Trojans, I always searched for them and never found any on any database including AVG's. How can they find a Trojan that does not even appear in their own database?

[David Porter]

Just a thought - has anyone had a problem with AVG throwing out .exe files for no good reason from any other source other than PTE?

[Conflow]

When I had AVG and it picked up Trojans, I always searched for them and never found any on any database including AVG's. How can they find a Trojan that does not even appear in their own database?

Mickp,

Mick you have put your finger on the button....for thats exactly what is happening with AVG and everything I have investigated

so far points to some anomaly in the way it handles File-Naming protocols. This comes as no surprise to me as I had seen the

same pattern in (older) Anti-Virus Programs some years ago.

Your aware most AntiV-Programs use 'Heuristic-Technology' a posh word for 'pattern-technology' where as the AVG-Program is

monitoring for "Repetitive File activity" (similar to Trojan-activity) and if it cant resolve an unknown issue it 'Auto-Flags' that as

suppositious and then auto-generates a File-name whose title is nearest to that which it knows best. The word 'Generic' is the

crucial clue in that suspected Trojan...in this context "generic" means that its a System misunderstanding and in all probability

does not exist.

AVG is trying to tell you that it has found something it does not understand and it has brought that to your attention....but in the

meanwhile it has stopped execution of that File for safety reasons.

Brian (Conflow)

[fh1805]

Just a thought - has anyone had a problem with AVG throwing out .exe files for no good reason from any other source other than PTE?

Mick,

I don't recall seeing anything other than PTE created exe files being reported here on the forum. This point hadn't passed my notice. It is, therefore, somewhat inevitable that part of me wonders whether it might be evidence of something sinister towards PTE: some kind of attempt at commercial sabotage, perhaps?; not necessarily by AVG themselves but possibly using them as an unwitting agent.

regards,

Peter

[fh1805]

...I then investigated the File-Naming structures used by many Forum-Members and not to put too fine a point on it many of the

'attachments' showed File-Names containing "Invalid and/or/ Reserved Characters" which should never be used in File-Titles.

Brian,

My experience is that Windows (Vista and 7) will not allow me to save a file if its name contains any of the "Invalid and/or Reserved Characters". So this seems to me to be a "red herring".

regards,

Peter

[Antbrewer]

My two pennyworth.

I don't pretend to understand much of what has written about over the last few posts about 'invalid characters' etc but why is AVG picking up old exe files that haven't changed name and treating these as trojans etc?.They played perfectly well previously and for me it is only since V2012 that this has started.

Sorry if this question is obvious to the learned bunch.

Anthony

[Lin Evans]

Hi Peter,

It only takes a trip to the AVG forum to see that this is certainly not limited to PTE - AVG is finding false positives on installs like Chrome, Quicktim, Malwarebytes, etc. This is a widespread issue and people are getting fed up with it. Read some of the posts here:

Here's a sample:

------------------------------------------------------------

This is the owner of YouTube Downloader.

What is the escalation process for getting this false positive removed? While the AVG antivirus engine is no longer flagging our files, AVG Identity Protection is still flagging our installer as "Dropper.Generic2.CKPF". If you choose to put it in the vault, AVG then completely removes the entire YouTube Downloader application, not just the flagged installer file.

It's been almost 2 weeks since AVG first started flagging us. I have filed a support request (AVG#0001396015) one week ago, and had two iterations with the support staff so far with no joy - they are unable to reproduce the problem despite my repeated instructions. I am tired of receiving emails from the AVG support staff which are void of any technical expertise, trying to solve AVG's mistake.

What are my options to get this resolved short of releasing a new YouTube Downloader application asking my several hundred thousand users to file false positive reports with AVG until this is fixed? This is costing me time, users, and reputation, and my patience with AVG is growing thin.

Thanks,

Biennesoft

----------------------------------------------------

Here's a link to the thread:

http://forums.avg.co...=show&id=139985

Best regards,

Lin

Mick,

I don't recall seeing anything other than PTE created exe files being reported here on the forum. This point hadn't passed my notice. It is, therefore, somewhat inevitable that part of me wonders whether it might be evidence of something sinister towards PTE: some kind of attempt at commercial sabotage, perhaps?; not necessarily by AVG themselves but possibly using them as an unwitting agent.

regards,

Peter

[Conflow]

Peter and Lin,

Firstly I dont believe its something 'sinister' about AVG being a carrier ~ its my opinion that its to do with the latest 'Heuristic-Engine'

being used by AVG and its not confined to AVG because Avast is displaying the same characteristics and thats the reason we

ditched it after 3 years of service and we now use Microsoft Security-Essentials ~ no problems at all.

Having said that, MS-Essentials operates in a totally diffferent way to all other Anti-Virus Programs, its certainly more intelligent.

Peter, yes you are correct about Invalid-Characters and Windows-7 ~ but Win.7 is no exception because the Rules have been there

since the inception Microsoft-Windows and I was writing in the context of "Full-Filename Pathways" as seen on the HD and seen

by the AVG-Program ~ not those simple File-Names given to Files by their owner. I was referring to the 'Full-Filename' Pathway of

the PTE.Exe's which can become ambigious unknown to its owner and if there is any simularity-repetition with other Files then

AVG and Avast will mistakenly quarantine them as (repetitive) Trojans because they cant resolve the ambiguities which I have found

out from bitter experience.

To make a long story short both AVG and Avast's (latest) Heuristic-Engines seem to think that 'near-duplicate' HD-Filenames and

File-Sizes and Dates are suspected Trojans...Examples shown below.

Brian (Conflow)

[Barry Beckham]

I think AVG should be congratulated.

They have given you all so much enthusiasm to write reams on this topic

Note to self. I wonder who will tell me this is a serious matter doing damage to AVG and PTE? :lol: :lol:

[Igor]

I apologize for this problem! I'm trying resolve these false positives with AVG antivirus.

P.S. Personally I prefer free Microsoft Security Essentials which works *very well*. Fast, no annoying popup windows, and it doesn't slow down work of a PC.

[miet]

I apologize for this problem! I'm trying resolve these false positives with AVG antivirus.

P.S. Personally I prefer free Microsoft Security Essentials which works *very well*. Fast, no annoying popup windows, and it doesn't slow down work of a PC.

Hi,

I have uninstalled AVG and installed Microsoft Security Essentials, and ... problem resolved (I hope).

Thanks,

Miet

[Ken Cox]

I apologize for this problem! I'm trying resolve these false positives with AVG antivirus.

P.S. Personally I prefer free Microsoft Security Essentials which works *very well*. Fast, no annoying popup windows, and it doesn't slow down work of a PC.

Igor

you are going to rely on forum members who have not abandoned AVG to continue checking it's operation every time you issue an update

and

the people that are running out of date versions of PTE and AVG

well lets hope they sort things out asap

ken

[fh1805]

One final post from me. I've jumped ship, bitten the bullet, taken the plunge, etc., uninstalled AVG and installed MSE. It took just under 15 minutes from start to finish. I shall watch this topic with detached interest from here on.

regards,

Peter

[Antbrewer]

I might follow you Peter over the next couple of days.

Anthony

[fh1805]

Anthony,

If you do, ensure that you have downloaded the correct version of MSE for your operating system (32-bit or 64-bit) before you remove AVG. Make sure you close down all Internet access while you effect the changeover - to minimise the possibility of a rogue getting in while you have no defences. I downloaded and ran the AVG Uninstaller provided by the AVG website, rather than do a Windows uninstall. I put both the AVG uninstaller and the MSE installer on the Windows desktop rather than in any folder. The AVG uninstall seemed to pause at one point and I wondered whether it had hung; but I remained patient and it ran through to conclusion in about 5 minutes elapsed. It wanted a re-boot to tidy up the last loose ends. This re-boot required me to OK the resumption of the AVG uninstaller - so don't walk away when the re-boot happens!

I then took all the MSE Install default options during its install. It automatically "phoned home" to download the latest versions of everything it needed and then I let it scan the C: drive (c96K items in just under 10 minutes).

All totally painless - and no infections found in the system files. I intend to run a custom scan on my two "backup" drives this evening after adding todays's backups to them. At the weekend I'll do the same to the weekly backup drive after adding this week's increments. At that point I'll have the best reassurance I'm going to have that the disks are all free of infection (I'm not expecting any surprises but you never know).

regards,

Peter

[fh1805]

Brian (Conflow),

I have moved your tip about MS-Esentials into the topic for that software (see here under Off-topic forum)

regards,

Peter

[Igor]

I checked up all my collection of slideshows with AVG free (updated today).

About 700 files created in different versions of PicturesToExe since v1.0.

AVG found false positives in 3 slideshows created in v4.40 Beta 8. I sent sample files to AVG company.

Please upload sample files for me, if you have problems with false positive with your slideshows in AVG.

[Ken Cox]

IGOR

AS PER YOUR REQUEST

CHECK YOUR EMAIL

to the best of my ability I have put the old stuff that is showing infected up to mediafire

http://www.mediafire.com/?6ly0mkvt1ii6iti

there are still the old shows that I put up this summer that MS essentials class as infected PROVEN OUT BY DaveG, Frets3,Gerard etc, so as far as I am concerned this MS "JOHNNY COME LATELY" IS NOT TO BE TRUSTED EITHER

From: KEN COX [mailto:pbyk@sympatico.ca]

Sent: Monday, August 22, 2011 8:42 AM

To: IGOR KOKAREV; KEN COX

Subject: test shows to media fire

IGOR

EARLY V4 there were a couple shows that caused us grief - false positives -the other day i sent them to a friend to view - they were classics

well apparently the MS anti virus program

Microsoft "Security Essentials" called them Trojans,

http://www.mediafire.com/?7l01fdxqw9f401p

i put them up to mediafire - in one zip

kula and peru 2005 - 2006 era

i use them to test whenever a false occurs

if you need them use the link above

ken

[Ken Cox]

FOR THE DIEHARD AVG USERS

forgot to mention avg did a program AND a dat update last night

i am now

AVG 2012.0.1901

DAT 2109/4697

AND THE SCREEN SHOTS of the scan that i published this morn was done in 13 sec's -- i cant say wht my previous scans were but they were minutes not seconds

ken

[colin hill]

Hi Ken,

I am now: AVG 2012.0.1901

DAT 2109/4698

Colin

[Igor]

Answer from AVG to my previous inquiry:

Dear Sir / Madam,

Thank you for your email.

Unfortunately, the previous virus database might have detected the mentioned virus in some legitimate applications. We can confirm that this was a false alarm. We will release a new virus update removing the false positive detection of the mentioned file.

When the update is completed, AVG will automatically restore the falsely detected file from the AVG Virus Vault to its original location.

We apologize for any inconvenience.

Best regards,

Mark Joseph Capicio

AVG Customer Services

http://www.avg.com

[Ken Cox]

i have just completed scanning all my p2e shows and p2e programs on the xp and win 7 system from ver 4 p2e era to present using

avg 2012.0.1913

dat 2112/4800

and had no false positives so maybe we got it finally

good work Igor

members should remember that if their avg is not current their results could be differnt than mine

ken