AVG 8.0 "Automatic Scan" shows more than 24,000 threats, all in "HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\..." trojans, dialers, etc.

But Spybot and Lavasoft Ad-Aware show none.

I ask AVG to Remove all infections but the results happen again.

Please advise me on whether these results are actual infections. If they are, why they are not found by Spybot and how to eliminate them for good.

Thank you very much.

Augusto

Ugh. And I actually thought they changed it. Are you sure it's 24,000 not 2,400?

Those are false positives. They had to do with SpywareBlaster's and Spybot-SD's immunization. Don't worry you're not infected or anything.

I had a similar experience. After moving them to the virus vault, some entries of SpywareBlaster and Spybot-SD will show up as immunized. Scanned again with AVG 8.0 and they came up again.

It looked like this?:
http://forums.spybot.info/showthread.php?t=27264
--

Hello,

AVG 8.0 "Automatic Scan" shows more than 24,000 threats, all in "HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\..." trojans, dialers, etc.


24,000 threats? :eek: Most machines would not be able to run at all.


Please advise me on whether these results are actual infections.


Hard to advise on another program's detections when no other application is reporting them. ;)

Cheers.

Edit: Thank you drragostea. :bigthumb:

aserrano:

You indicated:


AVG shows 24695 infections ...
Is the count of 24695 listed as "Infections found:" or "Warnings count:"?

If you know how to use Registry Editor (regedit.exe), can you post a few of the entries listed in AVG's listing. The AVG listing itself does not list the full registry key so you cannot tell if the dword in the entries are permissive or restrictive.

Same thing happened to me with AVG 8.0. Apparently, this comes from the immunize feature of Spybot. It takes over the registry keys of certain spyware programs in order to block them. I had 50-some warnings pop up in my AVG scan. I checked the registry entries for these things, and they were all of the form:

Compatability flags REG_DWORD 0x400 (1024).

Marty81:

Compatibility Flags DWORD = 0x00000400 is the kill bit for an ActiveX control. Adding a registry entry with the kill bit is the method use by Spybot immunization, SpywareBlaster, etc. to stop an ActiveX control from running.

Apparently AVG is flagging those entries based on the CLSID without examining the DWORD to see of it is a kill bit. Those detections are false positives.

See the following reference:
How to stop an ActiveX control from running in Internet Explorer
http://support.microsoft.com/default.aspx?kbid=240797