AVG Free question: avgtray.exe trying to access... something (ZA pop-up)

Discussion in 'other anti-virus software' started by bloomcounty, Feb 28, 2010.

Thread Status:
Not open for further replies.
  1. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    My stats: Windows XP SP2, ZoneAlarm 6.1.744.001, AVG Free 8.5.435

    This has happened two times now about 10 days apart...

    When I did my virus definition update via the "Check for updates" in the AVG Free program, the little ZA window popped up asking for permission for "AVG Tray" (avgtray.exe) to access something or other (see logs below). I never saw it before, so I let it just sit there while AVG updated. So then I finally just hit deny for it, and everything seemed to be fine. AVG Tray was added to the Program Control in ZA (with all ?'s) like any new program, but I removed it. Then I checked for updates to AVG again, just to see if it would pop up, and it didn't. And it didn't again until about ten das later (today) when it did it today.

    avgtray.exe does always run in Task Manager (as far as I know), but I've never seen ZA ask permission to let it do something (and add it to the Program Control).

    In Program Control, for AVG Free 8.5, I only have:

    Product name AVG Internet Security
    File name C:\Program Files\AVG\AVG8\avgemc.exe
    Last policy update Not applicable
    Version 8.5.0.401
    Last modified date 8/17/2009 13:52:18
    File size 886 KB

    Product name AVG Internet Security
    File name C:\Program Files\AVG\AVG8\avgupd.exe
    Last policy update Not applicable
    Version 8.5.0.427
    Last modified date 1/7/2010 16:35:08
    File size 1116 KB


    Here's the info for avgtray.exe in Program Control, before I removed it:

    Product name AVG Internet Security
    File name C:\Program Files\AVG\AVG8\avgtray.exe
    Last policy update Not applicable
    Version 8.5.0.427
    Last modified date 1/7/2010 16:35:30
    File size 1995 KB


    And here's the log stuff for when avgtray.exe was trying to do something the first time:

    Description AVG Tray Monitor requested permission to access the internet.
    Rating High
    Date / Time 2010/02/18 08:13:08-8:00 GMT
    Type New Program
    Program C:\Program Files\AVG\AVG8\avgtray.exe
    Source IP
    Destination IP 208.67.222.222:53
    Direction Outgoing (connect)
    Action Taken Blocked (once)
    Count 1
    Source DNS
    Destination DNS resolver1.opendns.com

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.222.222:DNS).
    Rating Medium
    Date / Time 2010/02/18 08:14:58-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 4
    Source DNS
    Destination DNS

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (127.0.0.1:port 117:cool:.
    Rating Medium
    Date / Time 2010/02/18 08:14:58-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 127.0.0.1:1178
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 1
    Source DNS
    Destination DNS Loopback

    Description AVG Tray Monitor was temporarily blocked from connecting to the Internet (199.71.0.44:DNS).
    Rating High
    Date / Time 2010/02/18 08:14:58-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 199.71.0.44:53
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 5
    Source DNS
    Destination DNS ws.arin.net
    I think this was me looking up the IP address I saw at ReverseIPLookup.

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.220.220:DNS).
    Rating Medium
    Date / Time 2010/02/18 08:15:00-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 208.67.220.220:53
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 3
    Source DNS
    Destination DNS resolver2.opendns.com

    Description AVG Tray Monitor was temporarily blocked from sending data to the local zone (208.67.222.222:DNS).
    Rating Medium
    Date / Time 2010/02/18 08:15:02-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP
    Direction (data)
    Action Taken Blocked
    Count 1
    Source DNS
    Destination DNS


    And here's the log stuff for when avgtray.exe was trying to do something the second time, which was today:

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.222.222:DNS).
    Rating Medium
    Date / Time 2010/02/28 13:35:24-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 4
    Source DNS
    Destination DNS

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (127.0.0.1:port 1061).
    Rating Medium
    Date / Time 2010/02/28 13:35:24-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 127.0.0.1:1061
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 1
    Source DNS
    Destination DNS Loopback

    Description AVG Tray Monitor was temporarily blocked from connecting to the Internet (212.96.161.234:DNS).
    Rating High
    Date / Time 2010/02/28 13:35:24-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 212.96.161.234:53
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 5
    Source DNS
    Destination DNS guru.avg.com

    Description AVG Tray Monitor was temporarily blocked from sending data to the local zone (208.67.222.222:DNS).
    Rating Medium
    Date / Time 2010/02/28 13:35:26-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP
    Direction (data)
    Action Taken Blocked
    Count 1
    Source DNS
    Destination DNS

    Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.220.220:DNS).
    Rating Medium
    Date / Time 2010/02/28 13:35:26-8:00 GMT
    Type Program Access
    Program avgtray.exe
    Source IP
    Destination IP 208.67.220.220:53
    Direction Outgoing (connect)
    Action Taken Blocked
    Count 3
    Source DNS
    Destination DNS resolver2.opendns.com


    Then, both instances, I finally chose "block" then just removed it from the Program Control (since it got added).

    The first time, I ran scans with AVG and SuperAntiSpyware, just to be safe, and both came up okay. I don't *think* it seems like anything nefarious, but it is weird that it's just started doing this recently, and now it's two times (and it's not every time I try to update -- I updated virus definitions many times between the two incidents).

    Any thoughts?

    Thanks for the help!
     
  2. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    I think it's just a usual AVG thing, when I used ZA and Avg it did the same thing and I just allowed it.
     
  3. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks for the reply! Are you talking about avgtray.exe particularly?

    I have these other two things normally in ZA:

    Product name AVG Internet Security
    File name C:\Program Files\AVG\AVG8\avgemc.exe
    Last policy update Not applicable
    Version 8.5.0.401
    Last modified date 8/17/2009 13:52:18
    File size 886 KB

    Product name AVG Internet Security
    File name C:\Program Files\AVG\AVG8\avgupd.exe
    Last policy update Not applicable
    Version 8.5.0.427
    Last modified date 1/7/2010 16:35:08
    File size 1116 KB


    ...but avgtray.exe has never asked for permission in the x-number of years I've been using AVG Free (so that's why I'm wondering).
     
  4. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    I remember seeing AVG tray monitor connecting online, I have not used AVG in 6+ months but I am pretty sure it connected.
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,916
    Location:
    U.S.A.
    BC, I can't recall whether I had to allow avgtray.exe in ZA for my old AVG 8.5, however, under this AVG 8.5 Free Edition Knowledge Base's topic:

    What AVG processes and URLs need to be allowed in 3rd party irewalls/programs

    avgtray.exe is one of those processes. And according to your own log, the connection to guru.avg.com is also one of their listed URLs. As to why this tray connection is happening now, perhaps someone who is using AVG 8.5 and reading this post could confirm that same action to ease your concerns. If you PC scans clean, maybe AVG 8.5 is working as intended today.

    PS. I know that you are waiting until the last possible minute to upgrade to AVG 9.0, yet the inevitable is coming. ;)
     
  6. bloomcounty

    bloomcounty Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    64
    Thanks for the replies!

    That's good to know. Next time it asks for permission, I'll be sure to allow it. :)

    Do you think there's anything to worry about not having it allowed it these past two times? o_O

    Re: AVG Free 8.5/9.0 -- Yeah, I'm still holding out for the last minute. I'm hoping/assuming they'll post something on their site ahead of time that support is ending and not just end it. I keep checking this thread for updates -- which hasn't been updates since Nov. 2009. If you hear anything, please PM me and let me know!

    (I put it off just because I have to set time aside to do it and hope nothing goes wrong! :) I am a bit fearful about the slowdowns with their computer, and hard drive always running, with AVG 9.0 with similar set-ups to mine, but those were old posts and hopefully that's not an issue any longer...)

    Thanks again! :thumb:
     
Loading...
Thread Status:
Not open for further replies.