AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
Larry Zambrano Unkown virus disables AVG
I use AVG since the early 2000s. Never had a problem with the level of protection that it had, that is until last Sunday.
I run AVG2015 Free along with Malwarebytes Anti-Malware (MBAM) to get the most protection, in a computer that is critical for me since I am self-employed.
Last Sunday, MBAM refused to work. No matter how many times I clicked on the Icon, it just aborted. I then checked on AVG and to my utter horror it said that I was unprotected and yet everything was 100% okay.
Whatever it was did the following:
1. Killed all processes belonging to any antivirus or antimalware software. Thus both MBAM and AVG not running.
2. It kept the AVG User Interface running but it was tricked into believing that the program was up-to-date in virus definitions, etc. Nothing told me that AVG was crippled.
3. It prevented AVG to connect to the internet.
4. It prevented AVG to update offline.
5. It disabled System Restore and deleted all the restore records. It went so far as to hid the System Restore option, not content with just disabling it.
6. It created an UNKOWN user and hid it.
What I did was:
1. Run to Safe Mode and try to run MABM and AVG (my former antivirus) nothing detected.
2. Restart and Run in Safe Mode with network access and Install PANDA Antivirus and let it run, since AVG absolutely REFUSED to update while on Safe Mode. It killed two programs but the report says nothing. No names, nothing whatsoever. It is as if the files never existed. But the scan reported two threats deleted and the report says nothing.
3. I checked the Task Manager to identify the processes belonging to the antivirus software.
4. Deleted the UNKNOWN user.
5. Reboot in normal mode and checked the Task Manager. The antivirus processes were there this time. MABM was again loaded with windows startup.
6. Reenabled the System Restore.
That required the following:
6.1. To run a registry file enabling and unhiding the System Restore processes.
6.2. Checking on the Group Policies for Windows 7 and disabling the posibility to stop System Restore.
6.3. Enabling again System Restore for all the drives.
At day three, everything is normal and so far I hope it will remain so.
Yesterday I had to do the same to my brother's computer, who also uses AVG, that had the same virus, only this time I did it quicker since I knew the process.
I don't know what was the malware that did this. It is a piece of quite good programming, since it managed to hid from the task manager and killed everything while telling you that everything was all right.
PANDA killed it, but it remains anonymous. I believe this piece of malware probably tries to convert a computer into a zombie, enabling the UNKOWN user to use it as he sees fit, very likely as a SpamBot or a DOSBot.
I am not happy having to ditch AVG for PANDA, but the lack of options while on Safe Mode was a deal killer. The fact that an unknown malware entered and took over my computer scared me.
I still feel that AVG didn't impact my computer's performance as PANDA does but I prefer to be safe than sorry. My laptop still runs AVG but I am checking it to see if it develops anything.
I believe that this is something you should know.
BTW, the last time my brother's computer did an update was June 18, 2015. That thing remained on his computer for nearly 75 days!! Not cool AVG, not cool. If it weren't because MBAM refused to absolutely work without it's main process then I would be every bit as oblivious as my brother was.
This is the reason why I switched to PANDA. I hope you will earn back the trust that I used to have in your products, but so far I am totally discontent for what happened.
I run AVG2015 Free along with Malwarebytes Anti-Malware (MBAM) to get the most protection, in a computer that is critical for me since I am self-employed.
Last Sunday, MBAM refused to work. No matter how many times I clicked on the Icon, it just aborted. I then checked on AVG and to my utter horror it said that I was unprotected and yet everything was 100% okay.
Whatever it was did the following:
1. Killed all processes belonging to any antivirus or antimalware software. Thus both MBAM and AVG not running.
2. It kept the AVG User Interface running but it was tricked into believing that the program was up-to-date in virus definitions, etc. Nothing told me that AVG was crippled.
3. It prevented AVG to connect to the internet.
4. It prevented AVG to update offline.
5. It disabled System Restore and deleted all the restore records. It went so far as to hid the System Restore option, not content with just disabling it.
6. It created an UNKOWN user and hid it.
What I did was:
1. Run to Safe Mode and try to run MABM and AVG (my former antivirus) nothing detected.
2. Restart and Run in Safe Mode with network access and Install PANDA Antivirus and let it run, since AVG absolutely REFUSED to update while on Safe Mode. It killed two programs but the report says nothing. No names, nothing whatsoever. It is as if the files never existed. But the scan reported two threats deleted and the report says nothing.
3. I checked the Task Manager to identify the processes belonging to the antivirus software.
4. Deleted the UNKNOWN user.
5. Reboot in normal mode and checked the Task Manager. The antivirus processes were there this time. MABM was again loaded with windows startup.
6. Reenabled the System Restore.
That required the following:
6.1. To run a registry file enabling and unhiding the System Restore processes.
6.2. Checking on the Group Policies for Windows 7 and disabling the posibility to stop System Restore.
6.3. Enabling again System Restore for all the drives.
At day three, everything is normal and so far I hope it will remain so.
Yesterday I had to do the same to my brother's computer, who also uses AVG, that had the same virus, only this time I did it quicker since I knew the process.
I don't know what was the malware that did this. It is a piece of quite good programming, since it managed to hid from the task manager and killed everything while telling you that everything was all right.
PANDA killed it, but it remains anonymous. I believe this piece of malware probably tries to convert a computer into a zombie, enabling the UNKOWN user to use it as he sees fit, very likely as a SpamBot or a DOSBot.
I am not happy having to ditch AVG for PANDA, but the lack of options while on Safe Mode was a deal killer. The fact that an unknown malware entered and took over my computer scared me.
I still feel that AVG didn't impact my computer's performance as PANDA does but I prefer to be safe than sorry. My laptop still runs AVG but I am checking it to see if it develops anything.
I believe that this is something you should know.
BTW, the last time my brother's computer did an update was June 18, 2015. That thing remained on his computer for nearly 75 days!! Not cool AVG, not cool. If it weren't because MBAM refused to absolutely work without it's main process then I would be every bit as oblivious as my brother was.
This is the reason why I switched to PANDA. I hope you will earn back the trust that I used to have in your products, but so far I am totally discontent for what happened.
What really broke my trust was that AVG NEVER told me that something was wrong. It knew that there was a problem and yet it didn't warn me of it. I believe that when EVERYTHING is disabled, the user deserves at least a warning.
Better yet, just like MBAM do not let AVG run without its main process. If its main process is killed then kill all of AVG, that will at least tell me that something is wrong. 75 dyas was that thing in my brother's computer and all those days he believed he was protected.
Also, Safe Mode is an important tool for recovering from errors and viruses. Having AVG stuck on scanning instead of you know, automatically update (if the network is enabled of course) is not wise.
Yes. I wanted to scan my entire computer, but I also wanted to be sure that AVG had the latest database available, specially since this virus had prevented it from updating.
Also, AVG scan started for a while and I was completely disheartened to see a lof of "Locked File, not scanned, Ok" No. That was not Ok. It should tell me what files it was skipping, not a line that just told me the directory where the file is located.
All of these killed the faith I had in AVG, and I liked the product, but I don't trust it anymore. I'll avoid using it for any mission critical computer until you can show me that you have improved that. I was also disheartened to see AVG stuck in the middle of the pack in effectiveness. I chose Panda because all reviewers said that its heuristic scanner could kill things that weren't in its database, something that this virus proved when it killed what AVG couldn't.
BTW, about 6 weeks ago I found a file installed by something called Cat Joy Kareo Cha (https://software.com/windows/apps/cat-joy-kareo-cha). I don't trust pieces of software whose exe name begins with OBSJHD0987~1.exe and installs itself on the Roaming folder of Apps Data instead of a proper subfolder. I had to manually stop and delete that thing as well. That one is more iffy but at least I hoped that AVG brought that one to my attention and asked me what to do. I am uncertain if that was the virus delivery program, or what not. But certain characteristics made it suspicious and I should be allowed to know about it. Guess, what software killed that one without asking? Panda again. A very deep google session told me that.
I could have jsut switched and left it at that, but that virus scares me. Worse, since I found that there is a rash of people asking for help because their computers refuse to run antivirus software, so that tells me that it is widespread and nobody is aware. Something else that it seems you also missed. Specially since everybody seems to be blaming Windows for that one.
Please fix the issues with AVG so there won't be a next time that a piece of software kills AVG and leaves the corpse sitting pretty at the table and nobody knows that it is a corpse instead of a living entity. As I said, you should do it as MBAM did, if the main process is killed. Kill everything and warn the user. And for pete's sake make AVG update when in safe mode with network.