http://tinyurl.com/66okyz

-
Tommy

I belong to the users group hal pc users. I will call tomorrow and see what
they say. I was looking for the date too.

"Wolf Kirchmeir" <(E-Mail Removed)> wrote in message
news:49245ed7$0$5526$(E-Mail Removed)...
tommy wrote:
> http://tinyurl.com/66okyz
>
> -
> Tommy
>
>
>

Quote:

"AVG is detecting a key windows file as a false positive trojan virus.
An update for the AVG virus scanner released yesterday contained an
incorrect virus signature, which led it to think user32.dll contained
the Trojan Horses PSW.Banker4.APSA or Generic9TBN."

Unfortunately, there is no date on the article, so it's unclear what
"yesterday" refers to. I've e-mailed the webmaster and hope that in
future all articles (and follow-ups) will be dated.

--
Wolf Kirchmeir

"Wolf Kirchmeir" <(E-Mail Removed)> wrote in message
news:49245ed7$0$5526$(E-Mail Removed)...
> tommy wrote:
> > http://tinyurl.com/66okyz
> >
> > -
> > Tommy
> >
> >
> >
>
> Quote:
>
> "AVG is detecting a key windows file as a false positive trojan virus.
> An update for the AVG virus scanner released yesterday contained an
> incorrect virus signature, which led it to think user32.dll contained
> the Trojan Horses PSW.Banker4.APSA or Generic9TBN."
>
> Unfortunately, there is no date on the article, so it's unclear what
> "yesterday" refers to. I've e-mailed the webmaster and hope that in
> future all articles (and follow-ups) will be dated.
>
> --
> Wolf Kirchmeir

sources at halpc said Dwight Silverman's blog mentioned this in their widely
read techblog for the Houston Chronicle.

http://blogs.chron.com/techblog/

search for "avg free"
--
Tommy

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "tommy" <(E-Mail Removed)>
>
>
> | http://tinyurl.com/66okyz
>
> | -
> | Tommy
>
> I just examined the payload of a PDF exploiting the
Collab.collectEmailInfo() Javascript
> function in a highly obfuscated Javascript. The payload is a file named
SVCHOST.EXE --
http://www.virustotal.com/analisis/0...39b9482ca08f9f
>
> The malicious file did the following...
>
> File Renamed:
> Old Filename New Filename
> C:\WINDOWS\system32\user32.DLL C:\WINDOWS\system32\gucrqqx
>
> Files Created:
> C:\Documents and Settings\user\Local Settings\Temporary Internet
> Files\Content.IE5\5E7EYQDH\data[1].htm
> C:\Documents and Settings\user\Local Settings\Temporary Internet
> Files\Content.IE5\5E7EYQDH\r[1].htm
> C:\Documents and Settings\user\Local Settings\Temporary Internet
> Files\Content.IE5\BNPHK11H\data[1].htm
> C:\WINDOWS\system32\aston.mt
> C:\WINDOWS\system32\clfjmnm
> C:\WINDOWS\system32\dllcache\user32.dll
> C:\WINDOWS\system32\fjes.ra
> C:\WINDOWS\system32\fxe.sp
> C:\WINDOWS\system32\nvaux32.dll
> C:\WINDOWS\system32\rigv.xl
> C:\WINDOWS\system32\user32.DLL
>
> So one has to be "cautious" of calling something like this a False
Positive.
>
> In the above case, as you can see, user32.DLL is renamed and then the
malware dropped a
> file to replace the one in %windir%\system32\ as well as in the
> %windir%\system32\dllcache\ .
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
I see your point. That's really scary. So many sites require Javascript too.
Did you see the sources for those reports about AVG?

here's Dwight's first blog post on the subj 11-11-08
http://tinyurl.com/6o6akp

here's his source [s]:
http://tinyurl.com/5sug22

http://www.pcworld.com/article/154378/

he made another post about AVG false pos on 11 23 08
http://blogs.chron.com/techblog/archives/2008/11/

seems as though they admit it, and are offering free updates to the pro
version for a year for those that suffered any damage.

Adobe flash has also been labeled

Slick fellow that Dwight, he spoke to our user group and sold / signed
copies of his book about Vista.

I have switched to AVAST after reinstalling due to a bad drive because I
tried to install AVG 8 Free and it wouldn't install to anything but C:
drive. Avast is slicker than I first perceived, but I wish I could schedule
scans with it, and stamp email with certification stamps .
--
Tommy

tommy wrote:

> and stamp email with certification stamps .

Please don't do that. It's only advertising. There is no way any a-v
product can truthfully state that your mail is virus-free. Think about
it.

--
-bts
-Friends don't let friends drive Windows

"Beauregard T. Shagnasty" <(E-Mail Removed)> wrote in message
news:ggdal7$8nv$(E-Mail Removed)...
> tommy wrote:
>
> > and stamp email with certification stamps .
>
> Please don't do that. It's only advertising. There is no way any a-v
> product can truthfully state that your mail is virus-free. Think about
> it.
>
> --
> -bts
> -Friends don't let friends drive Windows

its reassuring to pc novices, and verifies that I do "have" an anti-virus
program running on my pc.
--
Tommy

tommy wrote:

> "Beauregard T. Shagnasty" wrote:
>> tommy wrote:
>>> and stamp email with certification stamps .
>>
>> Please don't do that. It's only advertising. There is no way any
>> a-v product can truthfully state that your mail is virus-free. Think
>> about it.
>> -- [please trim signatures. thanks.]
>
> its reassuring to pc novices, and verifies that I do "have" an
> anti-virus program running on my pc.

It is probably more annoying than reassuring to even novices. I doubt
they care if you have an a-v app running, especially those who don't
know what one is. Further, for those who forward email all over the
place, that 'certification' will be included - meaning nothing to the
next level except to confuse.

And as I said, there isn't a single a-v app that can fully guarantee
that what you sent is virus-free. Remember, zero-day viruses won't be
detected, along with the latest morphs of older viruses. It truly is
only an advertisement.

You may certainly continue to scan your outgoing mail (though that isn't
even necessary as all modern viruses use their own SMTP engines quietly
sending while you aren't looking), but there is no need to bother
everyone else. I have one friend who can't be talked out of removing the
ad, and all he does is embarrass himself by showing that he scanned with
an a-v database that is always three to four weeks or more out of date,
and therefore useless.

Be kind to your correspondents and turn it off.

--
-bts
-Friends don't let friends drive Windows

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:zp-(E-Mail Removed)...
> From: "Beauregard T. Shagnasty" <(E-Mail Removed)>
>
> | tommy wrote:
>
> >> "Beauregard T. Shagnasty" wrote:
> >>> tommy wrote:
> >>>> and stamp email with certification stamps .
>
> >>> Please don't do that. It's only advertising. There is no way any
> >>> a-v product can truthfully state that your mail is virus-free. Think
> >>> about it.
> >>> -- [please trim signatures. thanks.]
>
> >> its reassuring to pc novices, and verifies that I do "have" an
> >> anti-virus program running on my pc.
>
> | It is probably more annoying than reassuring to even novices. I doubt
> | they care if you have an a-v app running, especially those who don't
> | know what one is. Further, for those who forward email all over the
> | place, that 'certification' will be included - meaning nothing to the
> | next level except to confuse.
>
> | And as I said, there isn't a single a-v app that can fully guarantee
> | that what you sent is virus-free. Remember, zero-day viruses won't be
> | detected, along with the latest morphs of older viruses. It truly is
> | only an advertisement.
>
> | You may certainly continue to scan your outgoing mail (though that isn't
> | even necessary as all modern viruses use their own SMTP engines quietly
> | sending while you aren't looking), but there is no need to bother
> | everyone else. I have one friend who can't be talked out of removing the
> | ad, and all he does is embarrass himself by showing that he scanned with
> | an a-v database that is always three to four weeks or more out of date,
> | and therefore useless.
>
> | Be kind to your correspondents and turn it off.
>
> | --
> | -bts
> | -Friends don't let friends drive Windows
>
> I agree with what BTS posted here.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
I don't have it turned on. I don't know if AVAST has that feature even. I
like feedback , at least until I can verify that something new to me is
working.

On Nov 24, 7:02*am, "tommy" <tommylee9_2...@removeyahoo.dropcom>
wrote:
>
> its reassuring to pc novices, and verifies that I do "have" an anti-virus
> program running on my pc.
> --
> Tommy
==========
That can work 2 ways. I've had malware attachments even though the e-
mails had 'certified virus free by *insert AV name*'. Of course the e-
mail was never scanned by any vendor, the text was added in to give
the impression the attachment was scanned.

"Duh_OZ" <(E-Mail Removed)> wrote in message
news:fa43dbf2-9c43-4947-a8c8-(E-Mail Removed)...
On Nov 24, 7:02 am, "tommy" <tommylee9_2...@removeyahoo.dropcom>
wrote:
>
> its reassuring to pc novices, and verifies that I do "have" an anti-virus
> program running on my pc.
> --
> Tommy
==========
That can work 2 ways. I've had malware attachments even though the e-
mails had 'certified virus free by *insert AV name*'. Of course the e-
mail was never scanned by any vendor, the text was added in to give
the impression the attachment was scanned.

perfection is hard to attain. I settle in such cases for 99% where it's not.
I can't tag messages because gmail uses ssl, but since I use gmail now, the
incoming mail is scanned by them . Moot point