PDA

View Full Version : Registry keys vulnerable found in AVG 8.0



drragostea
2008-04-24, 23:02
After completing a full scan with AVG 8.0 Free, more than a dozen registry came up. However... the threat counter was at zero. In the results screen, I look up the dozen of registry keys. In the details tab, it told me that it was a potentially dangerous object.

HKLM/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/-{00000001-C003-4A2F-9142-7CB1D78DE6C1}

Result/Infection: Found Adware.InternetOptimizer

Note: The forward slashes in the result are backslashes. I had to type it manually because I could not copy and paste.

Another one I found was: Adware.Generic
HKLM/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/-{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}

Any help would be appreciated. Btw. I just left the results intact. Closed the results window.

drragostea
2008-04-25, 00:21
It appears that if I removed it to the Virus Vault, SpywareBlaster's IE counter would have 190 disabled. Spybot-SD would have 30 in it's IE plug-in unimmunized.

ght1
2008-04-25, 14:26
Is there an automatic update from avg 7.5 to avg 8.0? :cowboy:

drragostea
2008-04-25, 18:19
You never knew that. AVG 8.0 Free released 4/23.

Edit: You'll have to download from the site manually because AVG 7.5 does not offer the upgrade via-updates.

ght1
2008-04-25, 19:22
I installed AVG 8.0 Free a few hours ago, i love the graphical user interface :heart: AVG detected 0 spyware/viruses.

drragostea
2008-04-25, 19:29
@tpro1... did it detect the registry keys? This thread is not about... user GUIs and AVG. It's about the registry keys.

ght1
2008-04-25, 19:32
The last key was detected and deleted :cowboy:

Edit: But i never use internet explorer hm ... maybe a false positive?

drragostea
2008-04-25, 19:42
Erm. The last key... erm. Well from how I see it, the registry key might enable IE to get a "infection" through ActiveX/Flash. Did your results have a several dozen of registry keys?

>Once I moved them to the Virus Vault... SpywareBlaster and Spybot-SD both have some items unimmunized.
Btw. It couldn't be a false positive. Read my first post.

drragostea
2008-04-26, 04:00
Bump. A Spybot-SD Advisor/Team member may look into this.

Greyfox
2008-04-27, 04:54
drragostea

As I indicated in the other posting, mine is a very similar experience. Some 90 Adware (generic & specific) items were detected during the AVG v8 registry scan. All HKLM\Software\Microsoft\Internet Explorer\Active X Compatability\{... very long number...}, Currently they are quarantined with the result that 30 plugins (IE) are now shown as unprotected.

Castle Cops list sever of these that I specifically checked as Adware.

Will do some more testing in this area, but it does seem to be some sort of problem between Spybot Immunisation and AVG v8 registry scan.

enigma947
2008-04-28, 07:13
i previously had AVG 7.5 installed it only used to tell tht there is a change in the host file which after some research i came to knw tht its not a problem as i checked the host file n the only extra thing it contained was the immunization database of S&D....but now i have installed AVG 8.0 it displays keys from registery conatin not all but some of the entries of immunization database i thought it was viruses or adwares so i let the AVG remove it....it might be possible tht the sponsor adwares tht come along A&D might be taken as "bad" by AVG...as it might be considering them as ilegmitate ad-ons if thts the case then either S&D or AVG has to do something.......apparently the S&D is working alright but i doubt abt it as its setting of database to act might has been changed..
help me please wht to do

drragostea
2008-04-28, 07:24
From what Greyfox said, he sent a message to AVG. I'm waiting for the results, from what he gets back. Apparently it's a false positive.

Greyfox
2008-04-28, 17:24
drragostea & enigma947

See my post (link) below in the main Spybot forum. It has a link to a thread in the AVG v8 free forum. If you look at the moderator's post you will see that he doesn't see the registry entries being picked up by AVG as false positives, although it is acknowledged that they are immunisations placed there by SpybotSD and also by Spyware Blaster rather than true entries from the items they are intended to protect against.

I still haven't had a reply from AVG and I don't expect this to be resolved in a short time. That and other considerations about the new version have lead me to abandon AVG version 8 for the time being and return to the 7.5.524 version.

http://forums.spybot.info/showpost.php?p=186596&postcount=6

This subject is now spread across a number of threads and it getting a bit messy to follow. Would perhaps be nice if it could be shifted into one place.