Gdata AVK Internet Ambulance???

Discussion in 'other anti-virus software' started by hendrix, Jun 21, 2005.

Thread Status:
Not open for further replies.
  1. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Gdata AVK Internet Ambulance-WHERE IS ITo_O!!!

    I have been using Gdata AVK for about a month. I think this company comes from Germany and since I am from the USA, I am using the English language version. I was really liking this program very much until it found a trojan. The Monitor said that it found "Virus: Trojan-Downloader.JS.Istbar.j". It said that it was placed in quarintine, but there is nothing in quarintine!

    My question is this: I could find no customer service whatsoever (unless I wanted to phone Europe!) Finally, after looking all through the help files and all over the internenet, I found that Gdata AVK has what it calls an "Internet Ambulance", and if you have any questions regarding viruses or trojans- (definition of, removal help, etc.) you can "send it over the internet using the Internet Ambulance". You will then receive within 48 hrs. a resolution of your problem. Sounds great. First of all I would like to find out if this trojan is really quarantined or not. If it is still in my system how dangerous is it, and how do I get rid of it? The problem is I can find absolutely no directions at all anywhere regarding the use of the the "Internet Ambulence". I am wondering if by mistake maybe this is only for some European version of AVK. I do not care how good this program is- If there is no customer service it is not worth having. I would rather go back to Norton!

    By the way, there is an antivirus program called "Sophos" that I found on the net and Sophos was the only place I could find anywhere that had any knowledge whatsoever of my so called trojan. This makes me wonder if possibly Sophos created it to get people to use ther product? (I'm not going to.)

    If anyone has any input, I sure would appreciate it--HendrixGdata AVK Internet Ambulance-WHERE IS ITo_O!!!
     
    Last edited: Jun 22, 2005
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Sophos didn't create it to bring in business. You might want to go to the link you can use the online scan here to find and clean this trojan.
     
  3. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Thanks BigC! Trend Micro had a really good discription of this trojan. I ran the House Call on line scanner and it found nothing. Do you think that this probably means that AVK actually did quarintine the trojan even though it does not appear in the quarantine file?

    -Hendrix
     
  4. chia

    chia Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    89
    Go into the log files, when it found the trojan it should have made two or three entries in there depending on what you have the monitor set to do if it finds something. If you have it set to "Prompt required action" then there will be only two. Go through those entries and double check as to what action was taken by AVK (i.e. file cleaned, deleted, quarantined). At the very least it will give you the file path and you can see if the file is still on your hard drive.

    For support, I've always used support-eng(at)gdata.de and if you want a specific contact I use jamie.chen(at)gdata.de. He's been helpful in the past for me but is only in the office on Tuesdays and Fridays I think.

    AVK Internet Ambulance only works for files that are in quarantine. Attached a pic of the options it gives. I've never used it so I have no idea on how good or efficient it is (I quarantined an Eicar test file to get the pic).

    Hope this helps. :doubt:
     

    Attached Files:

  5. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Thanks very much CHIA for the great information! My monitor found two more of the same trojan and the log said that it quarintined them. This time they did show up in the quarintine file. The log also showed several other times that this same trojan was found by the monitor but it says that they were neither cleaned, deleated or quarintined. Does this mean that the trojan is still in my system, or since it quarintined it twice according to the log, does this mean that all instances of it are quarintined?

    I am not at all computer savey, but am learning as fast as I can. You mention that I should have the file path and can by that find out if it is still on my hard drive. I have no idea how to go about that. Can you or someone please give me step by step instructions on how to do that? Here is what is in the log: When closing file "C:\Documents and Settings\John\Local Settings\Temp\VIGROa04084" the virus "Trojan-Downloader.JS.Codebase.c" from enjine "KAV" has been detected.

    Thanks every one for all the help. This is a great forum!--Hendrix
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
  7. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Try running a system cleaner like CCleaner from http://www.ccleaner.com
    And then run an on demand scan with GData, once the first infected file pops a window up choose delete, and click the radio button that saya apply to all. HTH
     
  8. chia

    chia Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    89
    I agree with likuidkewl, that should take care of it. :)

    To answer your other question in regards to file path, first set Windows to show hidden files and folders.
    -Open your Start menu, the click on My Computer.
    -On the top left click on Tools, then Folder Options, then the View tab.
    -Scroll down and put a tick next to Show hidden files and folders.
    -Click OK.

    Using the file path you gave as an example:
    C:\Documents and Settings\John\Local Settings\Temp\VIGROa04084

    VIGROa04084 is the file you would want to find, so you start at the left and work your way over.
    -Open your Start menu, then click on My Computer.
    -Double click on your C drive (C:\)
    -Locate and double click on Documents and Settings folder
    -Locate and double click on John folder
    -Locate and double click on Local Settings folder
    -Locate and double click on Temp folder
    -Inside the Temp folder there would be your file

    Note: Since AVK quarantined that file I dont think it will be in your temp folder any more. I just used that as an example. Hope I didn't slaughter that too bad but that's the basic idea for finding something given the file path.

    Let us know how you fair. :)
     
  9. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Don, Likuidkewl, and Chia- Thanks very much for the help. I will let you know how I do.

    Chia- Those look like good clear instructions to me. (I would'nt even have had a clue without them!) I am looking forward to trying it out. I'll let you know how it goes.
     
  10. Nightshawod

    Nightshawod Guest

    Re: Gdata AVK Internet Ambulance-WHERE IS ITo_O!!!

    Hey mr - sophos is a very good british/european AV company - one of the best at detecting new virus on the net:0
     
  11. Inf

    Inf Guest

    Re: Gdata AVK Internet Ambulance-WHERE IS ITo_O!!!


    Oh my god .. Sophos is one of the best .. :)

    all the rest of the crew can step up and share their thoughts...

    Sophos vs. ..


    Who will win George?..
     
  12. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Sorry Mr. -No offense intended. Sounds like Sophos is very good. Maybe I'll give it a try. How is there customer service?
     
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Not that good, it scored around 90% in detection in the last AV-Comparatives, Kav 99,65%, BitDefender 94% which are the two scanners in AVK, anyway Sophos is a enterprice AV and expensive.

    Are you sure that you have configured AVK correctly both in real-time & on-demand settings?

    Have you tried the free online scanners from Kaspersky & BitDefender (in my signature) to remove Trojan-Downloader.JS.Istbar.j, both have this one in their bases? I would shutdown AVK while scanning with these two. :)
     
  14. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Did you not get rid of it?
     
  15. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Don

    I am pretty sure my set up is correct. How is your's set up? I'll try yours if mine is different. Thanks for the info regarding free online scanners from Kaspersky & BitDefender.
     
  16. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    I have not had time to try anything yet. I am hoping to work on this problem on my days off- Tuesday and Wednesday. If I get on the computer during a work day I sometimes get hooked and cant get off for hours. (Work suffers.)
     
  17. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yes, just if you do a scan: do it in safe mode at least...just to be sure :)

    Always better then in usermode.
     
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    I don't use AVK (i use Kav), but have tried AVK and liked it, i would stay with it if i were you until your license run out, you can always take look at the many other options available then.

    Anyway i would go through the settings and choose "All files" (at least until you're clean) in scan-options and as far as actions would choose "Clean" as first action, then "Delete", then quarantine (or rename) as last option. I can't remember much from my trial of it in this respect, so help from other AVK users would be appreciated. And i would still do the backup scans with the online scanners. Safemode like Infinity says, is not a bad idea.

    Btw. I have had "Trojan-Downloader.JS.Istbar.j" and cleaned it without drama, so since Kav is one of your engines in AVK you should be ok when you get your settings in order. :)
     
  19. chia

    chia Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    89
    Sounds like some of your uneasiness might stem from some log files that show no action was taken. Once an infection is detected AVK will make multiple entries into the log file, some of these entries show no action taken. They only serve as an initial report entry. So those are nothing to worry about.

    Also if AVK detects something and a you click "Cancel" in the warning pop-up then no action is taken at all. You might have done that inadvertantly and thus KAV would redetect the same file later. I'm just throwing that out there as a remote possiblity. It could happen to the best of us. ;)

    Don and Infinity give good advice. If KAV found it once it will surely find it again if it is still on your system. If after all your scans come up clean then you can probably rest assured that you'll be okay. :)
     
  20. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Chia, this is exactly what I was worried about- the log files sometimes showing no action taken. I feel so much beter after having received your latest info regarding the log files. And knowing that if KAV found it once it will find it again if it is still on my system is what I really was not sure about.

    I had already rerun a couple of online scanners as well as AVK, all in safe mode. The system came up clean each time. I also followed Likuidkewl's advise and ran CCleaner and then ran AVK and Trojan Hunter (both in safe mode)- No problems found. What a relief! Thank you very much to everybody who took the time to help.
     
    Last edited: Jun 28, 2005
  21. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Glad to hear it worked out for you, :)
     
  22. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Thanks likuidkewl. You're great!
     
  23. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Thanks, now only if my wife could agree with that statement! LOL
     
  24. hendrix

    hendrix Registered Member

    Joined:
    May 9, 2005
    Posts:
    39
    Yes. That can sometimes be a problem!

    I forgot to ask about AVK and email scanning- (maybe I should have started a new thread?) I only use gmail (and sometimes hot mail). Does AVK scan those or only Outlook Express and Outlook? If AVK does not scan gmail or hotmail is it a good idea to turn off email scanning to save memory and scan time? I have 512mg. of RAM and I have only used about a quater of my 80 gig. hard drive, (if that is significant).
     
  25. chia

    chia Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    89
    That's excellent news, happy that everything came back all clean for you. :)

    I have my monitor set to "Prompt required action" and whenever AVK detects something it makes two entries in the log. (See pic). The "Request" entry is the only one that shows what action was taken while the "AVK Monitor" entry shows none. Not sure how it logs things with different settings.

    For email, if you use only Gmail and Hotmail through their webpages then it's safe to turn off AVK's mail scanner. The scanner is for POP3 or IMAP mail clients like Outlook, OE, Eudora, Thunderbird..etc. You can save yourself a little bit of RAM.

    Again congrats :).
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.