Just a note about AVG. I recently caught a virus at my home PC. It was running a hidden svchost.exe that regularly reads from the local drives and slows down every thing. I have to say, it was my fault from the beginning, although I was running AVG, I disabled the Resident shield (Just to make it faster). However, After installing the newest version, updating AVG and full scanning. It doesn't detect the virus!!. After few restarts and desperate registry tweeks, Filemon analysis and frustration. I found out that AVG was removed :shock: then I was sure that it is a virus.
Further more, I noticed some thing screwy about a file called msze.exe. further readings pointed out that it is a spyware and that it is ranked as "safe" :!: I managed to delete the file, it was hidden, Then I ran every possible spyware app I could download but no gain. Note that I could not download couse this was making the connection so slow, I went to an other place to do my downloads. The spywares detected loads of stuff, I removed all, but the problem was still there. The next day comes, and I was thinking should I just reformat.
Scvhost.exe was accessing every part of all the drives I've got. Even when I kill all Scvhost.exe proccesses (which is not possible by the way with taskmanager), Filemon still shows me that Scvhost.exe is reading my drive, and I do indeed see activity.
Further readings leads me to some thing called root kit viruses. basically, root kits are programs that are designed to integrate them selves into the operating systems kernel or drivers and hide such that they are very hard to crack out. I downloaded every rootkit removal tool I came across, gmer, AVG rootkit tool, sophos rootkit tool and catchme. Tried them all, gmer caused a stop error, sophos did not find any thing. catchme, nothing. Only AVG found 3 hidden things:
It offered to delete them but warned me that problems could occur. I was sure that if I deleted svchost.exe I most probably not going to be able to start the machine. So I deleted only msac32.dll and c:\windows\system32\msae. It rebooted, confirmed that the files were removed, then ..... yaaay no disk activity. It worked!!. I went to check every thing and svchost.exe was silent. :twisted:
The file msac32.dll was backed up (renamed) by AVG rootkit tool. I installed an AV called AntiVir, then tested that file, it indeed is a virus, (forgot the name). Then I reinstalled AVG AV to test the file and It did not detect the virus :!: I guess you see the irony here.
I like AVG and still like it. It's small and fast. But this incident places some droughts. still, I'm gratefull for that AVG root kit removal tool that saved the day..... well, two days
I know this is 7 mmonths after the origional post but I would just like to add that with AVG, you get what you pay for.. Same with all AV/AS.
Seriously, stay away from this product. It lulls you into a completely false sense of security. The stuff they have out there these days will chew this up and spit it out ... or ... may you think it's working wonderfully ...