Jump to content
Sign in to follow this  
rhodges

How to stop AVG antivirus scan from deleting my addon f...

Recommended Posts

Launch the AVG Test CenterGo to: Tests|Complete Test SettingsUncheck "Automatically heal infected files"Now that I didn't know and I've been using 'AVG Free Edition' for years! It's so easy to take things for granted while all is well.Thanks for that very useful tweak.I can go and scan my D: and E: drives now without needing to feel concern that any files may be deleted without my permission ;)Mike

Share this post


Link to post
Share on other sites
Guest DreamFleet

I dunno, I may not be the brightest bulb on the Christmas tree when it comes to this subject, but considering that I have had the same e-mail address since I first got on the internet (10+ years ago) and still only get the e-mails that I want to, and have never been infected with a virus... ;)If you are using an anti-virus program that is giving you sweats / headaches, etc...Excuse me, as I am going to shout.GET RID OF IT!!!!Why are you wasting your valuable time trying to sort it out?Forget about trying to make it work. If the thing is flagging F1 executables then there are serious issues with it that are causing you to waste valuable time, and time IS money!Do some homework in research, spend a few bucks extra and get something else. Whatever it may be.If you get something that works and does not give you sweats, that saves you time and MONEY because, again, your time is worth money.Seriously, if you waste a couple hours sorting out a problem, and your time is worth even $20 an hour, never mind more...Again, I am no brain surgeon when it comes to this, but for those who have access to it here is my advice, which is worth what you are paying for it, which is nothing:A. Switch to Earthlink as your ISP. They have been around a long time and know what they are doing. Their customer service is also very good.B. Use Earthlink Protection Control Center (it comes FREE when you use Earthlink as your ISP) to deal with virus scans, etc.C. I NEVER have to shut it down when installing software.No, I do not get paid to say this.Now, why do I say it?Let's see...Same ISP and e-mail address since day one (that's 10+ years).You have no idea how tired I am of getting e-mails from folks who change their ISP every year and send me an e-mail with a new e-mail address!No virus problems either.Never a problem with F1 files nor any other legitimate files.Just my 2 cents for those who CAN sign up with Earthlink (not all of you can). For those who can, do it and don't look back. Trust me, it's not expensive either and they have dial up and broad band access.I would like to think that with ten years with the same ISP and e-mail address that I might just know something, despite how dim my "bulb" may be. ;)If I can just help one person with this advice then this post is worth it.Regards,http://www.dreamfleet2000.com/gfx/images/F...R_FORUM_LOU.jpg

Share this post


Link to post
Share on other sites
Guest

most modern AV programs do this, they just don't notify you ;)And some do it poorly, corrupting the files in the process...

Share this post


Link to post
Share on other sites

My first post did not make it .. will try again. Sorry if this turns out later to be a duplicate post!My results (log file) from a scan using the register version of AVG found two Flight1 wrapper viruses.*************@HL_ReportFindC:Documents and SettingsVaughanMy DocumentsFlight1-ATR-FS9ATR-Downloaded-SetupFileFlight1ATR-2-1.exe@EID_Id_virPacked.Themida@HL_ReportFindC:Documents and SettingsVaughanMy DocumentsFlight1-DreamFleetDF-727DF-727-Install-exe-fileGA-727-2.exe@EID_Id_virPacked.Themida*****************Probably false positives.They went to the vault but were probably "healed" first .. don't know.If they were healed they are probably useless now.It shows that the Packed.Themida virus has infected "downloaded" vendor setup files. These files that were used once months ago to set up the program and never used again but remain on the hard drive in case need at a future date.virus scans in the past months have not deteced a virus in these setup files.So, do not do a virus scan after you install the Flight1 programs/aircraft or you may have the same problem.I e-mailed AVG ... maybe they will fix it soon.Flight1 may have to contact AVG and give them their technical data so AVG can avoid these false positives with the Flight1 wrapper and products.See two attached JPGs.


Best Regards,

Vaughan Martell - PP-ASEL KDTW

Share this post


Link to post
Share on other sites

These are of course False-Positives. They are not viruses at all. AVG is making a mistake.AVG should fix it and unfortunately we can't force them to fix the error. But hopefully it will be fixed soon.The more that report it, the likelihood it will get fixed the better.I will keep after them myself! Hopefully they will listen. If not, then that is not good.


Thanks,

 

Steve Halpern

Flight One Software

Share this post


Link to post
Share on other sites

Steve,Do you happen to know if these Flight1 files can be restored from the virus vault or should they be "deleted" and redownloaded?I have a feeling ... once they go to the vault they may have been "healed" or modified in some way.Have other users mentioned just restoring from the vault and you were good to go ... no real damage to the Flight1 file?


Best Regards,

Vaughan Martell - PP-ASEL KDTW

Share this post


Link to post
Share on other sites

I've just scanned the following installer executables from Flight One using AVG FREE 7.5.516 (virus base - 269.20.9/1295 - 23/02/08):GEX, FEX, Level D Sims (The 767), FSDiscover, UTX-Europe and UTX USA Edition.All came up clean: 'No Threats Detected'.I didn't bother to scan these files when first they were downloaded as I used the Flight1 Downloader Tool in each case. Some were almost certainly scanned before by AVG when I did my occasional full scan of D:Mike

Share this post


Link to post
Share on other sites
Guest EdrickV

I did some searching and found out a few things about just what Themida is. Themida is a packer program intended to prevent software (for instance installers of commercial software) from being cracked/reverse engineered. And it's used in more then just Flight 1 software, and detected as a virus/threat in more then one program. By it's very nature, it can be (and apparently has been) used to hide viruses from AV scanners. (They can't reverse engineer the packed file to access the files it contains inside for scanning.) So that's why they won't get rid of Themida detection completely. If individual legit files are submitted to a particular anti-virus provider they may specifically get removed in future updates. (And yes, AVG Free detects the ATR installer as packed.Themida, but since I made the change I mentioned above AVG asked me what I wanted to do with it and I could easily hit ignore. AVG detected it as soon as it finished downloading.) If your anti-virus doesn't detect the ATR package (or the other one mentioned above) as a Themida packed exe, that may mean it's specifically excluded, or it could mean that it's not detecting any Themida packed files as possibly a threat, which is worse.And incidently, I could use a free security suite provided by my ISP, but I prefer to use something that is not tied down to a specific ISP. I personally know someone who has had bad experiences with Earthlink, though that was quite a while ago. Their own security suite is actually made by a company called Aluria that they bought, and interestingly enough it's hard to find any recent reviews/tests of it. At least one 2006 review found Aluria's anti-virus to be lacking in a few ways, though it's anti-spyware product was said to be good. That is of course out of date info.Since I don't use Aluria/Earthlink I can't say for sure how well it works now, but I know that AVG, Windows Defender, and my firewalls work because I've seen them in action when Bethseda's forums were hacked a while ago. For the most part, if you have some sort of security software/suite, are reasonably careful what websites you visit and e-mails you read, I wouldn't worry too much about getting a virus.Informative thread about Themida on NOD32 support forums:http://www.wilderssecurity.com/showthread.php?t=184840Website of the creators of Themida:http://www.oreans.com/"Let me help you out. You're cleared to taxi any way you can to any runway you see."

Share this post


Link to post
Share on other sites

We use more than just Themida, and what is occuring now is not on all our files or on all versions of Themida. It just pops up every few months it seems.It is truly not right for any security company to universally flag something that makes users think is a virus. Let the USER select it as an option, or as NOD32 does, label it as a Potentially unwanted application.I have seen people dumping AVG in frustration. It is going to cost the end user more work to potentially recover their software compared to having a solution that does not always flag non-viruses as viruses.NOD32 is a better example at this point. You can make it flag Themida, or other applications, but you have to specifically set it to do that. It is not the default and it does not cause the alarm from the customers like AVG is doing.On my soapbox... But to have something delete, or alter a file out of the box is not good, when AVG potentially knows there is a good liklihood that the file is NOT a virus. At worst this should be a user configured setting, or an option that does not cause alarm, and does not treat the file like it is a virus. But all the sudden, after customers had files for a few years, their library was getting deleted. AVG's method was either not well thought out, or was a partial mistake! I make enough of those myself...Anyway, hopefully things will get smoothed out to everyone's satisfaction. AVG could not likely deal with all the files we would have to send them to flag as OK. And Flight1 is just a small player in the bunch. I am sure we are far less than 1% of the files getting affected.At least AVG is following up with us, and probably other vendors also.


Thanks,

 

Steve Halpern

Flight One Software

Share this post


Link to post
Share on other sites

So why all the hassle ? If an AV program interferes with performance, FSX or any other game, it won't be on my hard drive even one minute longer... I had a quiet good experience with the Live OneCare trail, but the purchase is a major headache (at least it is/was for me). I don't bother further and have now the ESET smart security NOD32 trail installed. Works very well, i think those guys get my hard earned cash.Heiko

Share this post


Link to post
Share on other sites

I got this reply from AVG today on Flight1 false positives:Dear Sir/Madam,Thank you for your e-mail.Please let us inform you that the false positive detection of the filewill be removed in next virus database update.AVG will not detect this file as a threat anymore.In case of any other problem or question regarding AVG please feelfree to contact us.Thank you.Good news indeed!


Best Regards,

Vaughan Martell - PP-ASEL KDTW

Share this post


Link to post
Share on other sites

I know how frustrating this is Steve. We get occasional accusations of viruses which we are quite sure do not exist. The most regular culprit is Norton.Even more frustrating is that some customers write to us rather agressively assuming it is a real virus when we know it isn't. I have never managed to get through to any of these virus companies, since there is no communication channel unless you purchase their somewhat flakey anti virus software.To its credit we have never had a false alarm reported with Macafee. Most of the others spew out entirely spurious virus alerts from time to time.Regards,Rob Young - RealAir Simulations


Robert Young - retired full time developer - see my Nexus Mod Page and my GitHub Mod page

Share this post


Link to post
Share on other sites

I have reported this to avg and hopefully if others to the same there will be a fix for this error.Richy

Share this post


Link to post
Share on other sites
Guest EdrickV

I sent a link to the Flight 1 ATR (download files and web page) to AVG Free's false positive e-mail address (virus@grisoft.com) telling them it was a false positive. The FSX version I know was affected, don't know about the FS9 one, but I mentioned it. I also mentioned the 727 and provided links. Got a reply that said they confirmed it was a false positive and can confirm that the FSX ATR at least has been removed from detection in the current updates. (Haven't tested the FS9 ATR or the 727.)And I agree AVG's warning box would be better if it described it as "possily unwanted" or something else, but it seems to me it calls everything it finds a virus. (Including what it identifies as trojans.) So I think it's only got one warning box.Edit: Oh, and and I've never really had any preformance problems or install problems caused by AVG in the years I've been using it, as long as I'm not trying to start a flight while it's running a full scan. It's resident protection seems rather benign to me, and I rely more on that then on full scans. The pay version of AVG I'm told has an option to ignore specific files and possibly folders."Let me help you out. You're cleared to taxi any way you can to any runway you see."

Share this post


Link to post
Share on other sites

I have the pay version.Cannot find where you can exclude a specific file or folder.I wrote to them and asked if were possible .. no reply from them yet.


Best Regards,

Vaughan Martell - PP-ASEL KDTW

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...