AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
john red No recent history/quarantine and how to confirm a detection
hi,
I installed a software from the official website of the company and got the virus alert for IDP.Alexa.53 and I talked to the company support and they confirmed their software is clean, eventually I excluded the file from scan then removed the exclusion, once I done that a file/virus with same name was detected in something.. PowerShell.
The first problem
an having with AVG is there is no event for any of that, all of this happened on May 5th and the last history of anything happened was May 1st, I reached that info by 1.opening main software 2.clicking on notification 3. clicking on history tab 4. Nothing is newer than May 1st, I also checked all log files they all have the automatic entry of log creation with stars behind the lines but but no findings or any details, I just remembered that AVG stopped Trendmicro house call few hours ago accessing/editing a photo, I did not take any action but the event was not logged in ransomware shield.
Also there is no hidden Quarantine folder in C and when I open MENU > TOOLS > Quarantine, there is nothing there but AVG did quarantine a file in powershell...
The second problem,
I need help on what to do to be 100% sure that I did have a virus IDP.Alexa.53, I uploaded the software package (150MB) to virustotal several times and made sure to ask for rescan and all 63 antiviruses gave me that it is clean, is this a false positive?
Thanks
I installed a software from the official website of the company and got the virus alert for IDP.Alexa.53 and I talked to the company support and they confirmed their software is clean, eventually I excluded the file from scan then removed the exclusion, once I done that a file/virus with same name was detected in something.. PowerShell.
The first problem
an having with AVG is there is no event for any of that, all of this happened on May 5th and the last history of anything happened was May 1st, I reached that info by 1.opening main software 2.clicking on notification 3. clicking on history tab 4. Nothing is newer than May 1st, I also checked all log files they all have the automatic entry of log creation with stars behind the lines but but no findings or any details, I just remembered that AVG stopped Trendmicro house call few hours ago accessing/editing a photo, I did not take any action but the event was not logged in ransomware shield.
Also there is no hidden Quarantine folder in C and when I open MENU > TOOLS > Quarantine, there is nothing there but AVG did quarantine a file in powershell...
The second problem,
I need help on what to do to be 100% sure that I did have a virus IDP.Alexa.53, I uploaded the software package (150MB) to virustotal several times and made sure to ask for rescan and all 63 antiviruses gave me that it is clean, is this a false positive?
Thanks
We're glad to look into this & help you.
Initially, you can be rest assured that your computer would be protected against emerging threats, with AVG installed on it.
From your description, we see that AVG has provided a threat notification. Please share us the screenshot of it (if you have it with you) for better clarity.
Usually, AVG detects & notifies, if it finds a file/url to be malicious. However, AVG will block the file from being downloaded or site being reached on your browser. This shows that AVG will not let the file/url to affect your computer.
Since, you've excluded the file, it might not be listed in quarantine.
If you could regenerate the issue (notification), please click on see details in it & then share us the screenshot of it for better clarity.
Also, there are possibilities for the program to provide false positive, when the program doesn't have the latest patches applied to it.
To ensure that the program has the latest patches : Open AVG program - click on refresh icon beside virus definitions - Restart computer after successfull update.
First of all AVG does not block the file from being downloaded, I already downloaded the package with no alerts, I rescanned the file in downloads folder again and it is still clean, this is not malware from visitng a site, this is a code hidden in a pckage and was only detected after getting extracted to windows folders.
You have not explained why AVG has no record of any of the previous notification since several days, downloaded or aborted or caught or whatever, there should be a record, AVG is not working correctly simply ackowledge it and fix it or help me fix it, something is wrong with AVG. (well don't bother, I am uninstalling it anyway).
I said I excluded it THEN I said I removed it from eclusion.... THEN AVG detected the same virus in powershell... I already mentioned all that.... so the virus/fasle postive SHOULD be in Quarantine...
"If you could regenerate the issue"
You want me to install the infected software again??? this is AVG solution? you could have asked for the software package link and do the regernation yourself. I am not going to try running a possiblly infected virus on my PC, thanks a lot! Also if AVG did not have a problem with history I would have been able to do that without regeneration...I mean I am here because I saw a notification but it is not in history, celarly there isa problem with AVG...
The program is up to date, eveything is on auto.
AVG calls this support?
P.S Use spaces/paragrpahs dude
In order to analyze the software, we request you to submit the file for analysis through this https://www.avg.com/false-positive-file-form website.
If it is confirmed as safe, it will be whitelisted and the virus definitions database will be released through update.
You will also get the status updated via email.
We are sorry to know this.
Please compress the file and then try to submit it for analysis.
Thank you.
I managed to downsize it 3% only using 7z best compression, still too big.
What now?
Please let us know what is the exact file size that you are trying to submit in the shared link.
Thank you.
Thank you for the information.
We would request you to upload the file in this link:
Thank you.
Are you using a free version of AVG or paid version?
Thank you.
Rename the new folder as case number_your email address.
Then open windows explorer and type as ftp:incoming https://support.avg.com/SupportArticleView?urlname=AVG-FTP-file-upload and once it is open.
Please drag and move that renamed folder to FTP incoming.
Thank you.
The case number for this conversation is 13132081.
Thank you.
Now I am escalating this case to my senior team for analysis.
If it is confirmed as safe, it will be whitelisted and the virus definitions database will be released through update.
You will also get the status updated via email.
Thank you for your understanding.