How to stop AVG antivirus scan from deleting my addon f...

[Guest EdrickV]

Hmm, it seems (at least from looking at disabled stuff in my AVG Free) that the only option (outside of not checking some system files) is to not scan files with user specified extensions, which isn't what you would want.If you're getting a lot of errors about Flight 1 installers, you could try renaming the files to something other then exe so it won't scan them. (When you need to use one you can disable the resident shield, rename and run the file, then change it's name again and re-enable resident shield.) You could also try sending the download link(s) for the affected files to Grisoft so they can specifically remove detection for them in future updates.With the Themida issue, there only seem to be two ways for anti-virus companies to handle it:1. Don't detect Themida at all despite it being used to install viruses by some people, while being used for legit software by others.2. Detect Themida in general and start excluding specific products on a case by case basis when false positives are found and brought to their attention.AVG uses method 2."Let me help you out. You're cleared to taxi any way you can to any runway you see."

[vonmar 122]

Right, I know about the file extensions.I do not know how they fix it in their software but thay have in the past for the Level-D false errors some months ago ... maybe the get the info. from the vendors. Hope so ... then wen do not have to "tweek" our file names and try to remember or log in what we have done.

[Steve Halpern 176]

Hopefully, the false positive rate will be going down. Some changes have been made recently that should reduce this.

[vonmar 122]

Steve,That sounds great to me!Have a good day.

[Guest EdrickV]

In theory what you are usually supposed to do when you get a false positive is to send a copy of the file to the AV company. (In this case Grisoft.) They'll check the file out to make sure it isn't infected, and then will put code into an update so that the anti-virus program will recognize that particular file as one that is fine. Since the files were a bit too big for E-mail, I sent them an e-mail with the download links for the files as well as links to the web pages.Some false positives from anti-virus programs would come from heuristic analysis, which tries to find new unknown viruses rather then the regular signature type. (The effectiveness of heuristic analysis IMHO is questionable, but it's better then relying only on definitions of known viruses.) The packed.Themida however is detected through signature detection."Let me help you out. You're cleared to taxi any way you can to any runway you see."

[rhodges 6]

The Plot thickens!I don't know whether I owe AVG an apology or not. In any case, I did have a False Positive relative to the LDS 767.I totally removed AVG from my system and am giving Panda Antivirus 2008 a try (Trial Version). The exact same thing happened. When I get up in the morning and click my space bar to crank up my computer (Windows monitor and harddrive timed shutdowns), my monitor off of my secondary video card is blank. I can reinstall the drivers and it comes up fine. This happened three nights in a row, so I think it is reasonably confirmed. My LDS 767 is fine and was not affected.I had AVG setup to automatically scan my system every night. I was assuming that the scan was where my drivers (and the LDS 767 were being zapped), however, I am not sure of that now. In fact, I am not absolutely sure that an Antivirus program is the problem. If I understand correctly, Panda does not have an automatic scanning option and only scans when told to do so manually. Immediately after installation I scanned my system. I got 30 detected spywares which were blocked, but no Viruses, Unknown threats, Phshings, Jokes, Hoaxes, Dialers, or others threats. this pretty well matches what is found when I run Spybot -Search and Destroy. I have not scanned again manually, so my assumption is that Panda does nothing but monitor my system and update daily. Also a little differently from AVG, Panda does not display the update operation while it is taking place. I assumed this was at night, but that may not be the case.Now the kicker: Yesterday, I restarted my computer in the afternoon, and lost my secondary video output (first time I have noticed this with the exception of my initial early morning startups). I reinstalled the drivers, restarted my computer and it came back normally. Last night, I disabled automatic updates in Panda. This morning, everybody cranked up normally and my secondary video output was fine. I will try this again (both ways, enabled and disabled)for the next few days to confirm what is happening, but it appears that the glitch occurs during updates NOT during a scan. One other new item. Since installing Panda, every time I restart my computer, in the startup progression between the splash screen display and when the welcome screen displays, I get two notifications: "RTHO Program not found Skipping Autocheck" and "OCES Program not found Skipping Autocheck". Being that my initials are "RTH", I really was not sure to what this referred. I did a Google search and it references the Adobe PDF program. I removed Adobe 8.1.2 from my system and reinstalled it, but the messages still appear every time I restart my computer. I also checked my scanner as I thought maybe "OCES" had something to do with those drivers and it worked fine. The messages may pertain uniquely to the trial version of Panda and mean nothing, but I don't know that. I haven't found anything that is not working yet.By trial and error, it may take days of weeks to isolate this problem so I will wait until I find something to add to this boredom, before taking up more space here, but if anyone can define these error messages and/or has any ideas, I sure am open to hearing from you.Respectfully:RTH

[Guest EdrickV]

The autochk program is the one that checks harddrives when the system is booted, but You might check out the BootExecute registry key in:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerNot sure what the RTHO or OCES would be, but it wouldn't surprise me if they're viruses/trojans or even a security tool that got disabled by one of your anti-virus programs. Panda Anti-virus does have a resident protection system (TruPrevent) that guards against virus but it might not be enabled in a trial version. (An anti-virus without some sort of resident protection IMHO wouldn't be worth having. Fortunately I'm not sure there are any that don't have one these days.)"Let me help you out. You're cleared to taxi any way you can to any runway you see."

[rhodges 6]

Thanks for the reply Ed: In the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager", I find that for the "Boot Execute" the data reads: "autocheck autochk * autocheckRTHO (followed by two squares)uc (followed by two squares) tocheck autochk * autocheck oces (followed by two squares) EC". Copied data is as follows assuming that this will show up in a reply. It may be like brackets, which are not acceptable by the forum.autocheck autochk *autocheck RTHOŭĈ阈ɚtocheck autochk *autocheck ocesĔĈSo this looks like it is directly tied to my "RTHO" and "OCES" messages. I deleted the data, and have tried multiple restarts. I no longer see the error messages and everything seems to be working. Thanks a million.I don't really think my problems are associated with an antivirus program any more. The same thing happens with AVG, Panda, and now I am useing esat (NOD32). Last night, I turned my computer off, and it still happened. My secondary display adapter / third monitor would not work until I reinstalled the drivers when I cranked up my computer this morning.Thanks again, and until tomorrow morning????RTH