AVG 8.0 Resident Shield Alert

  • Thread starter Thread starter mayfriday
  • Start date Start date
M

mayfriday

Guest
The AVG has detected this shown as follows:-
C:\Docs nsetting\all users\application data\microsoft\Onecare
Protection\LocalCopy\{CFD.............}IEUPDATES.EXE

Thread name: Trojan horse Generic 11 SHA
and been asked to either Heal /Move to Vault/ Ignore

Process Name: C:\Prog files\Microsoft Windows OneCare
Live\Antivirus\MsMPEng.exe

Now what must I do with these?
 
RE: AVG 8.0 Resident Shield Alert

You have AVG and OneCare anti-virus installed and running? You should only
have one anti-virus running.

The "IEUPDATES.EXE" is related to the "Antivirus 2009" malware, but
typically that file was found in C:\WINDOWS\system32\ieupdates.exe location.

I don't know about AVG or OneCare cleaning out the "Antivirus 2009"
infection, but I've had excellent results using Malwarebytes. You don't need
to uninstall your current anti-virus software to install and use it for
periodic scans.

http://www.malwarebytes.org/

"mayfriday" wrote:

> The AVG has detected this shown as follows:-
> C:\Docs nsetting\all users\application data\microsoft\Onecare
> Protection\LocalCopy\{CFD.............}IEUPDATES.EXE
>
> Thread name: Trojan horse Generic 11 SHA
> and been asked to either Heal /Move to Vault/ Ignore
>
> Process Name: C:\Prog files\Microsoft Windows OneCare
> Live\Antivirus\MsMPEng.exe
>
> Now what must I do with these?
 
Re: AVG 8.0 Resident Shield Alert

You should only have one (1) anti-virus application installed & loading at
boot! As things stand now, neither OneCare nor AVG are working properly.

Assuming (1) your OneCare subscription is and has been current, (2) you're
able to manually update OneCare, and that (3) you didn't install OneCare
after you'd installed AVG or (4) after the machine was infected with
XPAntiVirus2009 (it is now), uninstall AVG, manually update OneCare, and run
a full scan with OneCare.

If no joy...

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

mayfriday wrote:
> The AVG has detected this shown as follows:-
> C:\Docs nsetting\all users\application data\microsoft\Onecare
> Protection\LocalCopy\{CFD.............}IEUPDATES.EXE
>
> Thread name: Trojan horse Generic 11 SHA
> and been asked to either Heal /Move to Vault/ Ignore
>
> Process Name: C:\Prog files\Microsoft Windows OneCare
> Live\Antivirus\MsMPEng.exe
>
> Now what must I do with these?
 
Back
Top