- Posts: 470
- Thank you received: 20
Thanks to Darragh
- mjc
- Offline
- Main Sequence
Less
More
14 years 10 months ago #83360
by mjc
Replied by mjc on topic Re:Thanks to Darragh
Frank
First - you keep mentioning AGV - make sure you've got the correct product - AVG. Could be a typo - but just in case.
I've read Dave G's comment regarding AVG and none of this is intended to run counter to his general recommendation.
I'd be inclined to unquarantine that which AVG quarantined for you for the following reason:
The unquarantine is just to get the files back to test them. Not all virus products catch all the same bad guys and some give false positives - it may be that you have quarantined something that wasn't infected and is needed (or was infected but a working version is still needed).
I'd suggest take the files that AVG (or any antivirus program) is identifying as malicious and submit those files one by one to virustotal that will test against 40 different anti-virus products. One can even crankup the heurestic feature of AVG (I assume its there) which maximises chances of catching bad guys - but also produces more false positives)
www.virustotal.com/
Those that pass a concenus of products that you would collectively trust keep and regard them as false positives and those that fail a significant number of trusted products regard as infected.
I, myself, also ran a suite of tests on my machine (must have been ten plus hours scanning) - I had one "detection" (but only from my avira installation) but I researched it (and ran by virustotal) and concluded it was a false positive. I can't say I've noticed my PC doing anything scary.
I used the folowing Microsft document as a guide for the additional scans (I didn't go the whole hog and make a PE installation disk - which is intended to minimise chances of malware affecting the scans).
download.microsoft.com/download/9/f/b/9f...%20Starter%20Kit.doc
Basically, I'd recommend that you backtrack and make sure that you haven't removed from use something that you need - if such a file really is infected then you'll need a tool to fix it or replace the file from installation media.
Hope this helps more than bewilders.
And just in case anyone has any suspicsions - I am defintely no expert in this area.
Mark
First - you keep mentioning AGV - make sure you've got the correct product - AVG. Could be a typo - but just in case.
I've read Dave G's comment regarding AVG and none of this is intended to run counter to his general recommendation.
I'd be inclined to unquarantine that which AVG quarantined for you for the following reason:
The unquarantine is just to get the files back to test them. Not all virus products catch all the same bad guys and some give false positives - it may be that you have quarantined something that wasn't infected and is needed (or was infected but a working version is still needed).
I'd suggest take the files that AVG (or any antivirus program) is identifying as malicious and submit those files one by one to virustotal that will test against 40 different anti-virus products. One can even crankup the heurestic feature of AVG (I assume its there) which maximises chances of catching bad guys - but also produces more false positives)
www.virustotal.com/
Those that pass a concenus of products that you would collectively trust keep and regard them as false positives and those that fail a significant number of trusted products regard as infected.
I, myself, also ran a suite of tests on my machine (must have been ten plus hours scanning) - I had one "detection" (but only from my avira installation) but I researched it (and ran by virustotal) and concluded it was a false positive. I can't say I've noticed my PC doing anything scary.
I used the folowing Microsft document as a guide for the additional scans (I didn't go the whole hog and make a PE installation disk - which is intended to minimise chances of malware affecting the scans).
download.microsoft.com/download/9/f/b/9f...%20Starter%20Kit.doc
Basically, I'd recommend that you backtrack and make sure that you haven't removed from use something that you need - if such a file really is infected then you'll need a tool to fix it or replace the file from installation media.
Hope this helps more than bewilders.
And just in case anyone has any suspicsions - I am defintely no expert in this area.
Mark
Please Log in or Create an account to join the conversation.
- Frank Ryan
- Offline
- Super Giant
Less
More
- Posts: 3298
- Thank you received: 57
14 years 10 months ago #83361
by Frank Ryan
My Astrophotography
Shannonside Astronomy Club __________________________________________
Meade ETX-125PE, Bresser 10 x 50 Binos & Me Peepers
Replied by Frank Ryan on topic Re:Thanks to Darragh
Thanks Mark!
My Astrophotography
Shannonside Astronomy Club __________________________________________
Meade ETX-125PE, Bresser 10 x 50 Binos & Me Peepers
Please Log in or Create an account to join the conversation.
- mjc
- Offline
- Main Sequence
Less
More
- Posts: 470
- Thank you received: 20
14 years 10 months ago #83363
by mjc
Replied by mjc on topic Re:Thanks to Darragh
I hope it helps Frank.
Just for completness - the PE installation environment is also intended to ensure that you are off the network so that it avoids being re-attacked during the process.
I didn't bother making a PE installation nor did I separately disconnect my network (strictly speaking - a professional should do both as some malicious software can be quite prevalant and one can encounter it from multiple sources on a network over a relatively short period of time - hence network disconnection - or the malcious software can embedd in part of your normal boot O/S and hence can compromise your attempted fix - hence separate boot media).
My money is on not having to make a PE installation but if you can keep of the net during fix process might be worth doing. As I said I did neither. I found no evidence that I've been compromised - and I searched quite hard.
But maybe the two shortcuts will come back to haunt me...
Mark
Just for completness - the PE installation environment is also intended to ensure that you are off the network so that it avoids being re-attacked during the process.
I didn't bother making a PE installation nor did I separately disconnect my network (strictly speaking - a professional should do both as some malicious software can be quite prevalant and one can encounter it from multiple sources on a network over a relatively short period of time - hence network disconnection - or the malcious software can embedd in part of your normal boot O/S and hence can compromise your attempted fix - hence separate boot media).
My money is on not having to make a PE installation but if you can keep of the net during fix process might be worth doing. As I said I did neither. I found no evidence that I've been compromised - and I searched quite hard.
But maybe the two shortcuts will come back to haunt me...
Mark
Please Log in or Create an account to join the conversation.
- Frank Ryan
- Offline
- Super Giant
Less
More
- Posts: 3298
- Thank you received: 57
14 years 10 months ago #83424
by Frank Ryan
My Astrophotography
Shannonside Astronomy Club __________________________________________
Meade ETX-125PE, Bresser 10 x 50 Binos & Me Peepers
Replied by Frank Ryan on topic Re:Thanks to Darragh
Cheers yall but I eneded up haveing to reinstall Vista recovery disk
but now I have avg and a few other small free progs running
instead of macafee.
For some reason I'm not hating Vista immediatly...
weird.
but now I have avg and a few other small free progs running
instead of macafee.
For some reason I'm not hating Vista immediatly...
weird.
My Astrophotography
Shannonside Astronomy Club __________________________________________
Meade ETX-125PE, Bresser 10 x 50 Binos & Me Peepers
Please Log in or Create an account to join the conversation.
Time to create page: 0.111 seconds