AVG anti-virus software mistakes Windows system file for a trojan

Discussion in 'other anti-virus software' started by ronjor, Mar 14, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://www.h-online.com/security/ne...Windows-system-file-for-a-trojan-1823171.html
     
  2. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I hate when that happens to Windows files, but it's an occurrence we're going to have to live with with these programs. Another solid reason for having backups.
     
  3. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    This is very important. I also find it equally important to set your real-time protection to not automatically deal with detected files, instead have it set to ask you what to do with it. Imagine if this was Bitdefender Free Antivirus :rolleyes:
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Or, another reason not to have them (antimalware apps). :D

    @ Antimalware18

    According to BitDefender team member, it won't delete system files.
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    AVG seems to be notorious at detecting system files as malware. If it happens once, fair enough, no one is perfect. But this is what, second or third time with AVG? They should know it better by now...
     
  6. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    Didn't it do so in 2010? On 64-bit Windows, it either deleted or quarantined all systems files when they ran, resulting in blue screens and not able to boot in either regular nor Safe Mode. Many people had to re-install their systems.

    Based on reading old Bitdefender forums, Bitdefender was actually paying people for their trouble (I imagine their attorneys told them to do it.)

    Edit: here is to what I was referring: http://www.tomshardware.com/news/bitdefender-64-bit-vista-xp-trojan,9948.html

    I had BitDefender Internet Security in the Bitdefender Store basket, after coupon, for $11 a few weeks ago. But I did not finish purchase after reading those 2010 reports and then searching for names of many of the latest games and Bitdefender in a search to find message after message stating such and such game was being stopped by Bitdefender. These were wide-scale commercial-released games, and in pretty much every one of those games, players had problems with Bitdefender for first week or so and then periodically after updates and patching of the games.
     
    Last edited: Mar 14, 2013
  7. ght1

    ght1 Guest

    I second that, even if AV companies disagree! :p
     
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    False positives.All antivirus software have them.Nothing new here.
     
  9. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    "AVG anti-virus software mistakes Windows system file for a trojan"
    .... This is not "normal FP"..............
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I don't actually follow the mistakes these folks (antimalware folks) make, so I got no idea how many times any of them screwed up systems. :argh: But, recently, due to the concern of BitDefender Free AV automatically deleting/quarantining files, a BitDefender member mentioned that it has mechanisms to prevent it from deleting system files. Whether or not that happens, I got no clue. :)
     
  11. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    I absolutely agree with you but windows files can be manually excluded from scanning so you can protect your files that way.
    But windows files can become infected themselves and subject to malware analysis.Sure we can exclude them but we may also be excluding hidden malware.
    Sometimes what we consider a FP may in fact be a genuine malware within a windows file so there are several ways of viewing this.
     
  12. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    What would be the expected behavior when the user is not logged in and hence not around to respond to the alert. Should the antimalware let it go ? or remove it right away ? Sometimes a go/no-go decision is require right away and can't be postponed.
     
  13. er34

    er34 Guest


    All security software makes mistakes - either false negative or false positive alarms. But fact is some make more mistakes than others. And some make little to practically no mistakes. If you use Microsoft security solutions - you are very unlikely to see false positive alarm especially on Windows/Microsoft files. They perform very in-depth testing before relesing update an follow extremely strict rules re. this. Additionally, big vendors such as Symantec, McAfee generally take more precautions when releasing updates (especially for their business/enterprise customers). My recommendation I do is to stick with bigger reputable company and your problems with FPs are less likely to occur. AVG is far too small player in the industry, with less people and with less resources and the chance of FP is higher than with any big and more reputable player/vendor.

    Additionally, other than just AV - there are other security measures that should back-up both against other attacks and against other measure's failures (e.g. back-ups - archives - that can be used should the AV/FW/HIPS/IPS,etc fails to protect or makes a mistake).
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Isn't this like a monthly thing for AVG now? :D
     
  15. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    These kind of occurrences reaffirms my belief in at least having an option (even if it's not the default) whereby the user can set it to ask for decision once something is detected. Although it is not applicable for all computing environment (with AV installed), at the very least it's a useful option to have for those who value their decision (and be responsible for it in case of wrong decision) over an AI.
     
  16. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    New AVG Proactive Malware Defense. Nuke the OS so it doesn't boot = no more future malware issues. ;)
     
  17. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    Haha.. well you can't ask for much from Free software. You get what you pay for!!
     
  18. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    **This**
     
  19. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Sorry but this is utter BS. Ppl always say ugh oh its free what did you expect. Where do ppl get such idiotic conclusions?

    AVG Free is just a part of programs where other editions share the same core but are paid versions. So, if what you say is true, paid versions are what, worthless? It's the same with others. avast! has exactly the same core for Free or Paid versions. We all know how good avast! was in tests and they trusted their Free version so much, they were the only ones constantly sending Free version for testing against Paid programs from other vendors (AV-C, AV-T).
    In which case you are getting twice as much as you paid for, because you haven't paid anything at all, yet you are still getting top class software.
    Only that isn't exactly the same is AVIRA where free lacks the ProActiv module and may show differences.

    And as for the paid gems, McAfee also made critical mistakes that made systems unbootable. They don't have any free version, so what should we think about that? You paid and got the same flawed program as you would with free (which was free and didn't cost you anything). See? That analogy just doesn't work and free programs can in fact have much higher value than any paid program. It's just that ppl still have a completelly wrong perception of quality between paid and free products.
     
  20. ght1

    ght1 Guest

    Instead of implementing tuneup and registry booster they should focus on whitelisting important files! :doubt:
     
  21. er34

    er34 Guest

    No. Solution is more money => generally more resourses => better developers => better service & more resourses to spend on the quality of virus lab and pre-testing.
     
  22. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    And a change at the top :) Arrogance doesn't help.:rolleyes:
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,238
    I second this. I see no need for a home user to pay for antivirus software.

    I couldn't find the post on Avast's blog just now, but they had a similar issue with false positives a few years back, and after that they put in new measures to test new definitions before they are release to the public to ensure a similar situation does not happen again.
     
  24. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Exactly, whitelisting helps in reducing & protecting from FPs.

    I am using Comodo Internet Security for the same reason. Previously it use to give FPs, now Comodo has improved a lot & fewer FPs like any other AV. But it never detected any system files as FPs here. Trusted Files/whitelisting approach is good & helps reducing FPs & protecting system from blunders like system files as FPs.
     
  25. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    They haven't improved. They fixed some FP's but those that are detected now take freakin ages and still going, if you report it through the program. It's pointless and stupid.
     
Loading...
Thread Status:
Not open for further replies.