What is avgrsstarter?

[kwschumm]

My Windows XP SP3 laptop was just idling away when Spybot S&D popped up a notification about a registry change to avgrsstarter.

Anyone know what that is?

I couldn't find much information about this key so I denied the change. It may be related to AVG but a search of their website turned up nothing.

[Tom.K]

Have you checked the path of it?
If the path does not lead to folder where you have installed AVG, search that file and if it's small size (> 500 KB) try to upload it for scanning to VirusTotal (Search for it using search engine like Google or Yahoo).
Does AVG still works after denying a registry change?

[kwschumm]

Thank you for your response.

Sorry, I did not check the path and will if it happens again.

The most recent Spybot log entry in

c:\Documents and Settings\All Users\Application Data\Spybot Search and Destroy\Logs

is Sept. 14th of 2007. Is that still the correct location for log file entries?

AVG 8 is doing a full scan of the computer right now and it seems to be running fine.

[kwschumm]

... and the AVG 8 Full Computer Scan reported no errors, and six warnings about tracking cookies which were deleted.

[kwschumm]

OK, there's definitely something going on.

Spybot just popped up another message that a registry entry was changed. There is no path reported. This is what it says:

Spybot - Search & Destroy has detected an important registry entry that has been changed.

Category: Winlogon notifiers
Change: Key added
Entry: avgrsstarter

The old data and new data fields are blank.

Coincident with this a Windows Security Center message popped up a message that says that Virus Protection was turned off. I didn't turn it off, the AVG icon in the tray is still there, and AVG says that "All security features are working correctly and are up to date".

Is this just something that AVG is doing? I haven't allowed or denied the registry change at this time.

[drragostea]

I'm a bit stumped too (some Google results came back clean with this .dll but some marked it as malicious), but it seems like this entry is associated with "avgrsstx.dll". You can perform a Search for this file on your machine and upload it to VirusTotal to see if it is flagged.

http://www.bleepingcomputer.com/star...dll-23492.html

I can't really give a definate answer, but an expert can.

[kwschumm]

Thanks. VirusTotal says the avgrsstx.dll file is clean.

AVG is now not behaving correctly. First, the update process crashed, now when it starts there is an "unspecified error" popup.

I'm working with AVG support now. They guided me through repairing the AVG installation but the "unspecified error" popup still occurs.

Maybe I should have allowed the avgrsstarter key in the first place

[Tom.K]

Can you get a resident log?
Go to TeaTimer Tray Icon (Right-click) > Show log.
Look for avgrsstarter and find the path of it.
When you find it, look for it in Explorer. When you have found the file, right-click on it and select properties. Go to "Version" and "Digital Signatures" tab. Is there anything that refers to AVG or Grisoft?

AVG 8 does not support Windows Security Center.

Have you selected "Remember this decision." option after popup?

Can you re-install AVG 8?

[Shirin]

I am experiencing exactly this same thing and I have also denied the change. It continues to ask me every few minutes. I have tried to follow the instructions described here viz. checking the filepath but there isn't one, maybe because it was denied? Also, the icon in my tray doesn't say TeaTimer just Spybot S&D Resident, sorry to be so ignorant, but is that the same thing?
This is what the log shows:

1/9/2009 5:52:31 PM Denied (based on user decision) value "avgrsstarter" (new data: "") added in Winlogon Notifiers!
1/9/2009 6:00:24 PM Denied (based on user decision) value "avgrsstarter" (new data: "") added in Winlogon Notifiers!
1/9/2009 6:01:58 PM Denied (based on user decision) value "avgrsstarter" (new data: "") added in Winlogon Notifiers!
1/9/2009 6:03:01 PM Denied (based on user decision) value "avgrsstarter" (new data: "") added in Winlogon Notifiers!

I also got a notification that AVG required a restart of computer which I did, but then it just sort of took forever on the Windows XP startup screen.

I tried to start AVG and it seems to be ok, I canceled it after about 30 secs because it normally takes 40 mins. to run a full system scan. However, when I click on the Update I got the S&D pop-up re: the registry key, every time. Maybe this is really a question for AVG? KWSCHUMM could you give us an update if you found out anything from AVG?

Not sure what you mean by some of the suggestions like:

1) Upload it to Virus Total

2) Look for avgrsstarter and find the path of it.
When you find it, look for it in Explorer. When you have found the file, right-click on it and select properties. Go to "Version" and "Digital Signatures" tab. Is there anything that refers to AVG or Grisoft?
Do you mean Internet Explorer? I guess it doesn't matter since I don't show a filepath anyway.

[drragostea]

Shirin:

Well, there seems that there can be a problem because you are Denying the change (prompt about avgrsstarter) yourself, so that might explain the problems.

From the descriptions in this thread already, it could suggest that this "avgrsstarter" could be legitimate. So you have allowed the change and see if that makes a difference?

Quote:

However, when I click on the Update I got the S&D pop-up re: the registry key, every time.

So you're saying AVG won't update correctly, or not even update at all?

1. Following the step below, you'll have to find the file and upload it to VirusTotal (http://virustotal.com).

2. Using Windows Explorer (a window where you can view files and documents in your hard drive; eg. My Documents/Music/Videos/Computer) Tom K is telling you to search for the "avgrsstarter" term (I'm assuming it's a .dll file). Like any other file, it should display a mini statistics if you hover your mouse over it.