Marion Waine Posted October 9, 2005 Report Posted October 9, 2005 Hoping for some improvement after the latest update from AVG today at 1959 hrs I was sadly disappointed. As a test I downloaded from Creating Slideshows forum, 'Cold' and 'A New Day'. Without unzipping, a manual scan on each file told me 'Cold' is clean, A New Day', virus found. Both have been left unzipped for the time being.I wish to reinstall Friday's deleted files from a back up on CD, hoping AVG will have sorted this tomorrow. Not holding my breath though!Hi I too am running AVG on my main computer. Friday it detected 38 of my exe files as having the PSW.Banker trojan and 'healed' quite a few of them, including 'The Barn' and 'A New Day' before I could stop it! Both were made some time ago but I'm not sure on what version of PTE. I was going to retrieve them from the Virus Vault but it seems from previous correspondence in the Forum they might be useless. Fortunately I also have them on the laptop (running Norton).Have been away for the weekend and was hoping that AVG would have fixed the problem by now. It's great to have this Forum to look at, I'd be really panicking if it wasn't for it!! ThanksMarion Quote
artemis Posted October 9, 2005 Report Posted October 9, 2005 Hi I too am running AVG on my main computer. Friday it detected 38 of my exe files as having the PSW.Banker trojan and 'healed' quite a few of them, including 'The Barn' and 'A New Day' before I could stop it! Both were made some time ago but I'm not sure on what version of PTE. I was going to retrieve them from the Virus Vault but it seems from previous correspondence in the Forum they might be useless. Fortunately I also have them on the laptop (running Norton).Have been away for the weekend and was hoping that AVG would have fixed the problem by now. It's great to have this Forum to look at, I'd be really panicking if it wasn't for it!! ThanksMarionI'd been concerned about this all day Marion, thinking I might have passed it to you with my AV!Chris Quote
Nathan Posted October 9, 2005 Report Posted October 9, 2005 I've been using A2 squared for some time, basically as an anti spyware program along with three others. With it's almost daily updates A2 is becoming more and more reliable in detecting malware, particularily Trojans, 50,000 it claims to safeguard against. After AVG reported "A New Day" to be infected, A2 came into play and it's scan reported "no malware detected". That was good enough for me, no real need for concern. Should AVG not rectify this situation within a few days then I'll be looking for another AV. Link for A2 should anyone be interested: http://www.emsisoft.com/en/software/free/ Quote
fromatoz Posted October 10, 2005 Report Posted October 10, 2005 Or try AntiVir. It's always among the best.http://www.free-av.com(There is also a free version.) Quote
Barry Beckham Posted October 10, 2005 Report Posted October 10, 2005 I had a call from a customer of my tutorial CD's who bought them some time ago and suddendly his system is picking up a virus when it didn't before.I explained the problem and referred him to this forum.Thanks for all the info, my reply to him sounded well informed and up to date thanks to you guys and Igor.These things happenBarry Quote
Ken Cox Posted October 10, 2005 Report Posted October 10, 2005 Some of this is repetitive but is from my daily log and i want to communicate ASAP before any more things happen – it has been a long weekendAVG FALSE DETECTIONThe AVG update only affected shows made with Ver. 4.30I think we need to know what each members anti virus program does when it detects a virus – false or real. The Grisoft AVG users have pretty well documented what it does, but we do not know what the other programs do for our own education – we now know that AVG puts it in the vault, but if it heals it and returns it to the folder it came from it renders the EXE useless In my case the AVG GUI is not in the startup group but AVG itself is and scans incoming mail. In this state it will not allow me to even send an eicar.com test file. For testing purposes i have eicar files placed on my drives to make sure the anti virus program is detecting Seehttp://www.rexswain.com/eicar.htmlwhen i run the free McAfee Stinger programhttp://vil.nai.com/vil/stinger/and it comes to the eicar test files it triggers the AVG program and a virus detected screen comes up and stays up for X# of seconds – it is set to continue scanning after the screen times out .I do not let AVG run scheduled scans, i run forced scans of specific files/folders, the other day when this problem came up i did a forced scan of the folder that holds most of my folders of p2e shows – at present it is 7.89 GB, contains 18,497 files in 634 folders. Too bad i did not take the test results of the stinger program which did not detect any Trojans.When i run a shell extension test of a specific folder i get a screen that gives many options if it detects somethingHeal, delete, etc. as well as close I will insert a picture showing this screenSunday, October 09, 2005 FROM AVG 6:24 AMAdded detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of trojans PSW.Legendmir, PSW.Banker, Pakes, Clicker.But AVG still detects the test file provided by Igor as having the PSW.Banker HMQ trojan So if anybody else can add information re how your anti virus conducts itself please add it to this threadKenMonday, October 10, 2005this morning's AVG update seems to have repaired the problem - the test file from Igor tests clean and can be removed from the zip and functions. I am in the process of documenting the files that were in the vault-- I have tested 3 of mine + Igor's test file and they are finethe forum seems to be down at present 06:25 so cannot enter this info to forumSo what did we learn from this - we had the same thing happen with Norton and Kaspersky 3 yrs ago with a false virus. Our membership has grown and we don’t hear from a lot of old members -- maybe they are ones that Norton nailed - so we still don’t know how it handled the situation as far as healing files - Igor was able to get them to solve within 2 days -- took AVG +- 4 days to get it right and from all reports they were not too cooperative.In my case i should have done nothing as i had just run the latest McAfee stingerhttp://vil.nai.com/vil/stinger/and come up clean.I am just glad i am not set up to run scheduled scans and i do not rely on auto update because i want to know when something updates my systembut what will we do next time:)and then the new Invision board was unstable during all this and still is so communicating to the forum as to the status of the problem was very difficult to do Grisoft AVG Ver.: 7.0.344/Virus Database:267. 11.14/127 Release Oct 10 /2005http://www.grisoft.com/html/us_updt.phpMonday, October 10, 2005AVI: 267.11.14min. AVI: 267.0.0 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of Trojan’s PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 490.4 kB AVI: 267.11.14min. AVI: 267.11.0 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of Trojan’s PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 71.4 kB AVI: 267.11.14 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of Trojan’s PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 5.2 MB IAVI: /127 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of Trojan’s PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 716.7 kB We need feedback from other users how their anti virus handles things .i use the free version of AVG and am used to its functions but i learned a heck of a lot more these past few days -- i hear of horror stories of Norton and McAfee on my XP newsgroups and never really heard AVG get slammed - rather lots of recommends for it. i have been a paid user of Computer Associates International, http://www.my-etrust.com/WhyCA.aspx?lang=en-us for many years but they only came up a vault this past year and their customer service i don't care for [will say no more] so it is updated daily but is not running scans - it can do a forced scan -- and did not test the files with it lot of Monday morning quarterbacking going on - but at least i am admitting my own mistakes:)) so i am in a quandary at present I would suggest that Igor make available small test file’s similar to the one he has made available with each version of p2e and when we update our anti virus dat files run it on the test file and possibly we will not go thru this exercise againNow Grisoft’ AVG may not be a big name in Antivirus but Norton and Kaspersky are and it did the same as AVG has just done.This is going take a lot of work for all but i think it is a “must do”.kenhttp://www.my-etrust.com/WhyCA.aspx?lang=en-ushttp://www.grisoft.com/html/us_updt.phphttp://vil.nai.com/vil/stinger/http://www.rexswain.com/eicar.html Quote
Marion Waine Posted October 10, 2005 Report Posted October 10, 2005 Hi KenJust read your last posting and was glad to learn that AVG had sorted it. On my computer AVG normally updates itself but it obviously hadn't gotten round to it today as I again checked my CD with 'The Barn' on it and it still showed the virus. After manually updating AVG I have a big smile on my face - all clear! Thanks again to allMarion Quote
Nathan Posted October 10, 2005 Report Posted October 10, 2005 Thanks Ken, seeing your post AVG had rectified matters I updated earlier rather than wait for scheduled time. Downloaded 'A New Day' once again as the test, AVG gives it the all clear. All that's needed now is create a new Restore point as AVG had moved files from there into the vault on it's scheduled scan. Scheduled scan times now removed, another lesson learned, best do some things manually.Thanks again, Nathan. Quote
artemis Posted October 10, 2005 Report Posted October 10, 2005 I was very very happy to read that AVG have sorted out the problem today, so I updated my free AVG just an hour ago, re-booted my computer and scanned one of my "suspect" exe files. AVG free immediately came up with a Trojan alert just as it had done over the weekend.So, I downloaded the version of the AV that we have on Beechbrook (DPAGB on page 4 of the Beechbrook downloads). As soon as I started the AV up, AVG sprang into action and gave me the alert that it had found psw.banker.hmq again.I am sorry I cannot tell you which version of P2E this was made from, though this version of the AV was dated Sept 2004.I would be interested for someone else to download DPAGB from Beechbrook and check it against their AVG installation in case there's something I am missing!!ThanksChris Quote
Ken Cox Posted October 10, 2005 Report Posted October 10, 2005 Mikeaccording to my files i originally downloade you file sept 14 2004, i would suspect from the time frame you made it from ver 4.3 -it was on page 1 sept 28 04 sept 2004 was the appprox date of my files that were put in the vault.-- they were restored this morning after avg issued an update -- and have jst completed testing all the exe's and removed same from the vaultthe original file has since been removed from hd to dvd storage.so i just downloaded it and scanned it with avg and the test came out clean -- no virusi am running Grisoft AVG Ver.: 7.0.344/Virus Database:267. 11.14/128 Release Oct 10 /2005just updated 2nd time today at +- 17:00 hrskenfyikavg have just issued another update today at 17:10 edsttested same on 4.3 test file oksorry have not tested same on any other versions:))AVI: 267.11.14min. AVI: 267.0.0 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 490.4 kB AVI: 267.11.14min. AVI: 267.11.0 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 71.4 kB AVI: 267.11.14 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 5.2 MB IAVI: /128 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 719.4 kB Quote
Ken Cox Posted October 11, 2005 Report Posted October 11, 2005 THIS MORNING'S MAIL BROUGHT THISKENDear Sir/Madam,Thank you for your email.With the latest virus base update, the files are not being detected as infected anymore, so please update your virus base and the problem should be solved. Best regards, Tomas Slama AVG Technical Supportwebsite: http://www.grisoft.commailto: technicalsupport@grisoft.com Quote
Ken Cox Posted October 11, 2005 Report Posted October 11, 2005 THIS MORNING'S MAIL BROUGHT THISKENDear Sir/Madam,Thank you for your email.With the latest virus base update, the files are not being detected as infected anymore, so please update your virus base and the problem should be solved. Best regards, Tomas Slama AVG Technical Supportwebsite: http://www.grisoft.commailto: technicalsupport@grisoft.com Quote
Marion Waine Posted October 11, 2005 Report Posted October 11, 2005 I decided to have a go at restoring some of my files by right clicking on them in the Virus Vault and clicking Restore File(s), as I wanted to see if mine had been corrupted. I tried three and watched them carefully for any problems and they all worked fine. Marion Quote
Hemjr Posted October 11, 2005 Report Posted October 11, 2005 Just a note to the forum that I too had this problem and it identified 32 files with the psw. Banker problem. The oldest file was a PTE show I generated in May of 1993. Not sure what version it was. I have updated AVG and restored the files. They all seem to be working now.Thanks for all the input in this forum. It has been a great help.Howard Quote
Igor Posted October 11, 2005 Report Posted October 11, 2005 The problem with false detection of slide-shows created in PicturesToExe v4.30 was solved yesterday. Please update your AVG antivirus. Here is response from AVG developers:-----------------------------------------------------------------------------Thank you for your email.This False-positive is probably corrected in the latest AVG Update.Please download all available AVG updates and try to check if theproblem persists.----------------------------------------------------------------------------- Quote
artemis Posted October 11, 2005 Report Posted October 11, 2005 Mikeaccording to my files i originally downloade you file sept 14 2004, i would suspect from the time frame you made it from ver 4.3 -it was on page 1 sept 28 04 sept 2004 was the appprox date of my files that were put in the vault.-- they were restored this morning after avg issued an update -- and have jst completed testing all the exe's and removed same from the vaultthe original file has since been removed from hd to dvd storage.so i just downloaded it and scanned it with avg and the test came out clean -- no virusi am running Grisoft AVG Ver.: 7.0.344/Virus Database:267. 11.14/128 Release Oct 10 /2005just updated 2nd time today at +- 17:00 hrskenfyikMany thanks for your touble Ken, though I'm Christine, not Mike - we are co-authors!! Nice to meet you.My copy is also now scanning clean, so end of story, but what a lot of wasted hours this weekend!! Quote
Ken Cox Posted October 12, 2005 Report Posted October 12, 2005 Just a note to the forum that I too had this problem and it identified 32 files with the psw. Banker problem. The oldest file was a PTE show I generated in May of 1993. Not sure what version it was. I have updated AVG and restored the files. They all seem to be working now.Thanks for all the input in this forum. It has been a great help.HowardHoward please look at your date againfrom the history file pf p2ePicturesToExe v1.00 (July 2nd, 1999) ------------------------------------ * Released PicturesToExe v1.00ken Quote
Hemjr Posted October 13, 2005 Report Posted October 13, 2005 Howard please look at your date againfrom the history file pf p2ePicturesToExe v1.00 (July 2nd, 1999) ------------------------------------ * Released PicturesToExe v1.00kenKen, You are right, I had the wrong date. The original PTE show was done in May of 1993, but I went back in at a later date and added music. Since the file was quarenteened and then restored later, the restore date was the date showing on the file properties. So, I can not be real sure what the true original date was.Thanks for your response. Glad the problem has been corrected.Howard Quote
Ken Cox Posted November 4, 2005 Report Posted November 4, 2005 grisoft avg has issued new dat files Added detection of new variant of I-Worm/Bagle, new variant of trojan PSW.Bankersee http://www.grisoft.com/html/us_updt.phpi checked Igors test file ver 4.3 and it tested cleanand 4.42 also tested cleanso keep your heads up because the last time there was very little info re psw.bankerken Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.