Concerned about 7 July AVG defs update

Hello from a newcomer

I’m very concerned about the result of a full system scan run since I installed update 270.13.7/2222.

For the last eight years, I have kept Dr TCP (DRTCP021.exe) on the desktops of several computer systems. I’ve been running AVG 8.5 Free since its release and at least two previous releases of the software. Since installing 270.13.7/2222, which claims to detect variants of Generic13.BWUN, DRTCP021.exe is reported to be a Trojan horse called Generic13.BWER.

I have run a full online scan using Panda AV. I have also submitted DRTCP021.exe to Jotti and not one AV scanner found anything amiss. I assume this is a false negative and that the problem lies in the current virus database: 270.13.7/2222. Is anything known about this issue?

 

Lookslike a false positive, it happens. Simply report it to AVG and they should fix it quick.

 

I'm using the free version of the software. I don't think there's an option to submit a file/report. There is an AVG forum but I cannot persuade the registration process to complete successfully. Meanwhile, AVG is having a field day, constantly popping up. If the issue isn't fixed I'll have to change my AV software.

 

First use the option 'Revert virus database to previous version', you can find it in Tools - Advanced Settings - Update - Manage. Then you should send the file to virus(at)avg.com: False Positive

 

In trying to revert to the previous database I hit two problems. First, a "General Error Message" appeared. Secondly, the option to revert greyed out.

 

My Resident Shield picked this up today (Generic13.BWER) as I did a full system Ad-Aware scan immediately following updating Ad-Aware.

A Resident Shield alert came up during the scan, so I clicked on Heal, but at the end of the scan there was another Resident Shield alert for it, though it wasn't showing on the Ad-Aware scan results. So I guess it may have landed with the update.

It's location is C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe and Process ID is 3272

I could find no trace of an explanation on the web, and a Google search delivered nothing. Until now - this thread on this forum has come up.

Do I take it this is a false positive due to a trojan listed in the AWWService virus database following the update?

Tonto

 

Thanks for the welcome and advice JRViejo.

I will do what you said, though I'm uncertain what you mean by submitting the 'file'. What file would this be and how would I retrieve it?

 

OK, thanks. Nothing found. Prob a false pos.

Yet, it begs the question why isn't Resident Shield still picking it up? It picked it up twice yesterday, and I clicked on 'Heal' both times. Has RS removed it?

Will run an AVG scan to see if it will pick it up again. If it does, I'll re-submit file to Jotti before healing, and that should be the clincher.

Thanks again

 

Good morning All!

Thanks for your warm welcome. Tonto and I clearly have the same problem because of the 7/7/09 definitions update. It seems just as unlikely that either AAWService.exe or DRTCP021.exe are infected by Generic13.BWER.

The AVG forums do not indicate that this is a known issue. Perhaps this is not surprising because I found in impossible to register, giving up after at least 90 minutes effort. I cannot find information on Generic13.BWER via Google but there are a few references to AVG picking up Generic13 Trojans in what appear to be uninfected files.

Working with AVG popping up to warn me of the presence of Generic13.BWER became impossible. I have uninstalled the AVG 8.5 software and changed to Avast v.4.8. I installed this on my parents’ computers a few weeks ago and found it impressive though I prefer the AVG interface. I’ve run a full system scan with Avast set at the highest level. My system is reported to be squeaky clean.

 

I had the same threat detected 'on open' by "AVG 8.5 Free Resident Shield" when booting my machine this morning... DRTCP.exe contains "Trojan horse Generic12.BWER" (and again this thread is the only web page that Google finds).

The DRTCP.exe file on my system has been sat in my Apps directory since 2006 (the file was last modified in 2002) - so it's an old one.

One (big) concern was why this file should be being accessed anyway - soon after booting up the machine. AVG detected this "Trojan" when the file was 'opened'. I too have Ad-Aware installed - would this be doing a background check that would have caused the file to be 'opened'? Ad-Aware itself does not detect anything. I was not doing a deliberate system scan of any kind.

I chose not to do anything with the threat (based on this thread, the nature of the file and passed experience - I've had a few false positives with AVG).

My virus DB version is now: 270.13.8/2223
(+1 on Cheshire's reported DB version)
...and I no longer get any threat detected by AVG! (I previously tried to do a manual update of the virus DB and there were no new updates - I assume AVG had auto updated in the background)

This is all in the space of about 20mins (from getting a detected threat to no threat reported). I think the threat was detected BEFORE AVG had updated it's virus DB this morning. The AVG update yesterday (possibly to 270.13.7/2222) was perhaps the issue, but the DRTCP.exe file was not accessed/scanned until I booted my machine first thing this morning.

I'm currently running a full system scan (AVG) and no threats have been found.

As others have suggested, I think it's a false positive - IMO.

 

Yes. My AVG was also updated this morning, running scan at mo, and no threats found so far.

I also checked Res Shield history, and both yesterday's infections were in Ad-Aware's AWWService. One of them was named as DRTCP021.exe (located on Docs and Setts\blah blah\Desktop) and the other as a string of nos and letters, in System Volume Information.

I didn't realise I had DRTCP still installed. But it looks to me like Ad-Aware's AAWService (adwatch thing) opens DRTCP's files to check for threats, and this is picked up by AVG Res Shield as a false pos.

Also ran Ad-Aware scan, and Res Shield did not pick up anything as Ad-Aware opened DRTCP. I guess AVG have sussed it out and updated this morning.

 

That's good news, w3d and Tonto! If all continues well I just might go back to AVG--- we've had a long relationship-- but I'm quite pleased with Avast.

 

Presumably Ad-Aware's AWWService appears as the "process" in AVG's resident shield log and DRTCPxxx is the "object" that the infection appeared in. The "process" being the event that caused the "object" to be opened in the first place?

In looking at my logs, it appears that Ad-Aware did not seem to play any part in the detection in my case. "C:\WINDOWS\explorer.exe" appears as the process?! But I only used explorer to later examine the file AFTER the initial detection - so how did explorer.exe come to be looking at the file in the first place?!

 

All's well so far here too. Thanks every one.