More on AVG 2012

[raymond]

My wife got an Inspiron Mini (with Win7 Starter) over a year ago and AVG got installed at that time. Automatic updates have been made since then (now AVG 2012), the last one this morning at 8:47. Until now, no problem.

Today, all of a sudden, it has been posting numerous messages about detecting the presence of trojans. Could it be
- they all got downloaded during the night?
- or it could not detect them before the last update?

Here's the list of all the DLLs it identified as Trojan Horse Crypt.AQLW in the Windows/System32 folder (none of them being present on my computer still running with XP SP3):
HBTNKEY.DLL
NTUNESERVICE.DLL
NTSYSLOG.DLL
NTSVCMGR.DLL
PDLNSLEA.DLL
Z800MGMT.DLL
CHANGER.DLL
PDAGENT.DLL
SPRTSVC_SMARTAGENT.DLL
THEMES.DLL

Has anybody ever heard of those?

BTW, it also qualified the afd.sys file in the System32/driver folder as a Trojan Horse Hider.QFP but also added that it was "white-listed" and should not be removed as it was a critical system file!!! :dazzled:

[jj2007]

Raymond,

You are in good company. Try a Google search for trojan crypt.aqlw
Who knows why most of the posts are connected to AVG ::)

[dedndave]

some of those look like windows files
i would run MalwareBytes on there, then have your OS disk handy when you reboot
if they are not present on the hard drive (I386 folder or cache), and they get deleted, the OS may ask for a disk
after you reboot, run MalwareBytes again to verify they did not creep back in there

another great little program
Kaspersky TDSSKiller

[raymond]

Thanks Dave,

At this time, that Kaspersky TDSSKiller seems to have solved the problem.

[dedndave]

 :U
that program has a settings button
before i scan, i usually select "detect tdss stuff"
the "detect unsigned drivers" one returns some valid drivers
if you are not familiar with the drivers on your machine, you may disable some things you do not want to   :P

[vanjast]

BTW, it also qualified the afd.sys file in the System32/driver folder as a Trojan Horse Hider.QFP but also added that it was "white-listed" and should not be removed as it was a critical system file!!! :dazzled:

Talk about walking around with your one shoe nailed to the floor   :bg

A question... What's the possibilty of someone 'phishing' AVG (or other sites) and pushing their 'AVG updates' onto your PC.
I would think that it is possible for them to override the net routing tables momentarily, catching a few everytime.

AutoUpdates = my pet peeve = always disabled !!
:8)

[mineiro]

Hello Sr raymond
I do not have win7 starter, so I cannot give you some data to you compare.
I was thinking, if you put some hash and version of these files here, others users with same version can compare, and with this information, you can see if this is a false positive.

[dedndave]

or - you could upload it to one of those sites that runs several AV programs on it   :P

A question... What's the possibilty of someone 'phishing' AVG (or other sites) and pushing their 'AVG updates' onto your PC.
I would think that it is possible for them to override the net routing tables momentarily, catching a few everytime.

i don't use AVG, but i wonder about the same thing with MalwareByte's   :P
a "real hacker" could get in there, i would think

AutoUpdates = my pet peeve = always disabled !!
:8)

you got that right !!!!!   :U

i remember about a year and a half ago, MS, adobe, mozilla, and some other one all came out with huge updates at the same time - lol
people who use automatic updates were slowed to a crawl   :lol

[raymond]

Being a snow bird, I spend about 5 months down south and 7 months up north. I can remember a few years ago when I was still on dial-up down south that it took a complete night to download the 7-month-worth of Windows updates when I first hooked up to the internet when I arrived!!! :eek :boohoo:

[dedndave]

when i "build" my hard drive OS, i install updates manually
it results in a much faster machine
i have about 250 files on disk for that   :P
i never let ms updates do it