Several people have reported that AVG Free v8 has recently begun triggering a TeaTimer warning about an unlisted Registry change. The change is not in the current official TeaTimer Whitelist and so requires the user to agree the alteration. The TeaTimer popup lists the change as "avgrsstarter" with no details of the old or new values - so it is difficult to see what it is attempting to modify and why it is required.

I just got the same warning myself - and decided to track it down.
The "avgrsstarter" registry change relates to the following registry setting:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
"DLLName"="avgrsstx.dll"
"Startup"="AvgStartup"

Avgstarter doesn't exist as a file - it appears to be an internal reference inside the avgrsstx.dll file. The avgrsstx.dll file resides in the System32 folder and is named as the "AVG Resident Shield Starter".

The TeaTimer popup happens when the AVG automatic update system wants to force a restart of Windows after a major program update. If the change is allowed it is followed by a popup message from AVG that a restart is needed to complete the update - with a countdown that has only one button - OK to proceed. AVG Free is currently updating from 8.0.176 to 8.0.233 which is a major program version update that requires a restart. You do not get the "avgrsstarter" registry update message from TeaTimer if you do a manual install of the new version - you just get a request by AVG to restart Windows to complete the update.

If you see this TeaTimer popup you need to allow this Registry change or this update will not activate until your next reboot - and file version conflicts may occur if you attempt to run a scan before the reboot. AVG appears to have altered the way a forced restart is requested - as I have never had this problem before. For now you need to choose ALLOW and you can also tick the Remember this change box.

I suggest that this item should be added to the official TeaTimer Whitelist to avoid future problems.

Thanks very much for the information on Avgrsstarter. I received the same Teatimer warning yesterday morning, and after some research, I allowed the change, and was asked to restart by AVG 8 Free. However, since then AVG has asked me to restart again immediately after every restart. On booting up it claims to have run a successful update, and requests a restart - but there are no updates shown in the event history log since before I allowed the addition of Avgrsstarter.

AVG normally requests a restart after each successful update, but these are shown in the log, and one restart is usually enough! Any suggestions on what the problem is would be gratefully received.

You would be better asking in the AVG Free Support Forum (http://freeforum.avg.com).

I did a quick search for you and found this thread http://freeforum.avg.com/read.php?12,167934

Essentially try a repair installation over the top of current install to fix the broken restart setting.

Could someone with AVG please use RunAlyzer to check for ratings and submit unknown ones? I searched our complete list for these entries, but did not find any.

Also, could an AVG user please check if avgrsstx.dll is codesigned? Right-click the file, choose Properties, see if there is a tab Digital Signatures.

Whitelisting by code signature would be much more generic, and could thus cover other files signed by AVG as well.

We tried to initate some cross-whitelisting among ASC members to avoid false positives and conflicts between security software, but nearly no one was interested really :lip:

Since you mentioned the AVG forum, if you ask anything there, please recommend to them to codesign their files if they do not do this already, and send us an example file that we could add their signatures serial to the whitelist.

PepiMK,

I have checked avgrsstx.dll and it is codesigned. I have attached the certificate to this post.

@Patrick: maybe you should check this forum instead; http://betaforum.avg.com/index.php :fear: (Those guys really need more beta-testers :oops: (not that I'm gathering them here, but maybe Patrick could do some usefull work (for himself) :laugh:

Since they are readying another catastrophic release.. :mad: (8.6?)