AVG Antivirus....More Ads added on my web searches? And a Virus question!


R

Roy Baldone

I am not sure, but it looks like I have more Advertisements on my IE
now that I have installed AVG. Each time I do a search....ads at the
top and ads at the bottom.
Eh? What's that?
Wow, that was a quick response.
You are right, it did change my search engine.

Well, I am glad I realized the answer before posting the question
here.
AVG ( the free version ) changed my search engine from google to
something else "Powered by Google." So I saw the google Icon and
figured I was still on google.
So just a heads up.

And yes, I do know it is a free version and the ads pay for the cost &
we should support the companies or they will not make their fine
products.
That is not a problem for me. And the search engine
https://isearch.avg.com may be safer then google, I don't know.
But, if they are going to change my search engine, I would at least
like to be asked. (( they may have asked but I really don't think
they did )).

One more question please...
What do YOU do when you have a file test POSITIVE for a
virus/Trojan/male ware?
Do you "repair" the file? Quarantine it? Verify the POSITIVE and if
so how? Do you run 2 virus scanners and if so which do you trust the
most?

I ask because occasionally I will run a program, say a game cheat or
trainer and those kind of programs just seem to drive my Virus scanner
nuts. And one AV program may say INFECTED and another might say
CLEAN. So what do you do?

I need to figure out how to run the Virtual Machine Software. maybe
that might help me. Will it do you think?

I thank everyone for any help, ideas or advice they share with me.
And, you can disagree with me, but please don't feel the need to be
disagreeable to get your point across. I'm just here to learn.
Again, I'd like to thank those of you responding. I'm usually
inundated with helpful advice and feel bad because I don't get the
chance to thank everyone individually. But I will try.
 
Ad

Advertisements

C

Charlie Hoffpauir

I am not sure, but it looks like I have more Advertisements on my IE
now that I have installed AVG. Each time I do a search....ads at the
top and ads at the bottom.
Eh? What's that?
Wow, that was a quick response.
You are right, it did change my search engine.

Well, I am glad I realized the answer before posting the question
here.
AVG ( the free version ) changed my search engine from google to
something else "Powered by Google." So I saw the google Icon and
figured I was still on google.
So just a heads up.

And yes, I do know it is a free version and the ads pay for the cost &
we should support the companies or they will not make their fine
products.
That is not a problem for me. And the search engine
https://isearch.avg.com may be safer then google, I don't know.
But, if they are going to change my search engine, I would at least
like to be asked. (( they may have asked but I really don't think
they did )).

One more question please...
What do YOU do when you have a file test POSITIVE for a
virus/Trojan/male ware?
Do you "repair" the file? Quarantine it? Verify the POSITIVE and if
so how? Do you run 2 virus scanners and if so which do you trust the
most?

I ask because occasionally I will run a program, say a game cheat or
trainer and those kind of programs just seem to drive my Virus scanner
nuts. And one AV program may say INFECTED and another might say
CLEAN. So what do you do?

I need to figure out how to run the Virtual Machine Software. maybe
that might help me. Will it do you think?

I thank everyone for any help, ideas or advice they share with me.
And, you can disagree with me, but please don't feel the need to be
disagreeable to get your point across. I'm just here to learn.
Again, I'd like to thank those of you responding. I'm usually
inundated with helpful advice and feel bad because I don't get the
chance to thank everyone individually. But I will try.

Male ware? Is that some kind of asexual costuming?

Running multiple copies of antivirus is a sure recipe for disaster.
Pick one (and only one) and live iwth it. If you decide to change,
remove the one you're not happy with, don't let more than one exist on
your computer.

The free versikon of AVG comes with lots of things most of us don't
want, and if you're not careful, they will be installed. You did have
the option to "NOT" allow it to change your search engine.
 
P

Paul

Roy said:
I am not sure, but it looks like I have more Advertisements on my IE
now that I have installed AVG. Each time I do a search....ads at the
top and ads at the bottom.
Eh? What's that?
Wow, that was a quick response.
You are right, it did change my search engine.

Well, I am glad I realized the answer before posting the question
here.
AVG ( the free version ) changed my search engine from google to
something else "Powered by Google." So I saw the google Icon and
figured I was still on google.
So just a heads up.

And yes, I do know it is a free version and the ads pay for the cost &
we should support the companies or they will not make their fine
products.
That is not a problem for me. And the search engine
https://isearch.avg.com may be safer then google, I don't know.
But, if they are going to change my search engine, I would at least
like to be asked. (( they may have asked but I really don't think
they did )).

Did you try changing it back ? I'm curious whether AVG would
bother to change it again or not.
One more question please...
What do YOU do when you have a file test POSITIVE for a
virus/Trojan/male ware?
Do you "repair" the file? Quarantine it? Verify the POSITIVE and if
so how? Do you run 2 virus scanners and if so which do you trust the
most?

Treatment depends on the file. If it was a System File, and both the
working copy and the cached version were damaged, then I might have
to do a Repair Install to get a fresh copy from the Windows installer CD.

A file can be "repaired" in some cases, as the AV program knows the
infection mechanism (like, an added sector) and can then attempt to
fix it. But not all infections will be that easy to deal with.

To verify something you've quarantined, first we'll assume your
system survived. It probably wouldn't be a good idea to reboot,
if the file is necessary for the system to come up again. I use
www.virustotal.com as it has the ability to scan a submitted file
with multiple AV scanners.

If you have a real malware problem though, you may find the
browser is just about useless. They may modify the browser,
so it can't reach bleepingcomputer.com or virustotal.com and
so on. You may have to move the file to another computer,
and work from there. Move the file to a Linux computer
and use the web browser there...

If the infection has a name, sometimes you can download a "cleaner"
specific to the infection. For example, if you got a TDSS rootkit,
Kaspersky has a cleaner specifically for that family.

If the file is part of an Application Program, you could uninstall
the program. Then re-install to get a fresh copy of the application.

If some of your files "disappear", you can dig up a copy of
"unhide.exe" and use that to try to bring them back.

But afterwards, if you survive the experience, it's pretty hard
to trust that the system is completely clean.

The free version of Malwarebytes MBAM, can be used for a lot
of the "popular" problems. Lots of viral content, is set up
to recognize a copy of MBAM being put on a system, or a user
going to their site. So the tool gets "respect" from virus
writers.
I ask because occasionally I will run a program, say a game cheat or
trainer and those kind of programs just seem to drive my Virus scanner
nuts. And one AV program may say INFECTED and another might say
CLEAN. So what do you do?

When you run the file through www.virustotal.com , the description
will say whether it is adware or something more serious. If you think
the program file is "trustworthy" and it's all a "mistake", you
can use Google to check and see whether "program X seems infected"
results in other people having seen the same thing.

If it was a false positive, you'd think not all the AV tools of
the scanner server would have the same false positive, at the same
time.

If you get executable files from "megajumbofileserver.com", instead
of from the company or person who wrote them, that might mean the
file you get, is different than a file from the originator. So even if
others aren't seeing virus indications on the file, it could be
that the "megajumbofileserver" has added its own adware or toolbar
code to the file.
I need to figure out how to run the Virtual Machine Software. maybe
that might help me. Will it do you think?

You can run an OS in a "container", but there are proof of concept
malware designs out there, that can "punch out" of a virtual machine.
I don't know right off hand, whether it's a function of the state
of VT-x being enabled or not (hardware virtualization support).
The thing is, a virus writer would have to be pretty sure of themselves,
to go to the extra trouble. How common is it for home users
to run VMs ? From a commercial perspective, is a virus writer
going to craft something specifically for VMs ? Seems too "hard"
a target to be worthwhile. On the other hand, if the author of
the malware is a nation-state, and the target contains valuable
information, then all bets would be off. If you're a "valuable"
target, live at a .gov address, then you're more likely to see
a complete array of approaches. But for botnet purposes,
it probably isn't worthwhile targeting VMs specifically.
There are much softer targets out there you could capture.
Like a person's host OS.

As to whether malware can tell it's inside a VM, yes, it can.
When I boot Linux in a VM, Linux can tell immediately it's inside
a VM, and then it does stupid things.
I thank everyone for any help, ideas or advice they share with me.
And, you can disagree with me, but please don't feel the need to be
disagreeable to get your point across. I'm just here to learn.
Again, I'd like to thank those of you responding. I'm usually
inundated with helpful advice and feel bad because I don't get the
chance to thank everyone individually. But I will try.

You're asking a malware question, in a non-malware group. The
answers you get, might not be as good as if you asked elsewhere.
You never know. There are some USENET groups, I simply won't
send people to though, because of the rough crowd that hangs
out there, and the chance they'll fight with one another more
than they'll help you.

Malware protection is a layered approach. And the very first
layer, is choosing what to download. I gave an example of the
"megajumbofileserver" source of files. If a file is worth
having, it's worth trying to trace down the author and use
the authors web site. But some people just can't be trained
as to what to look for in a site, so they're going to be
relying on their AV software to be their primary protection.

On some sites, I use this:

http://www.siteadvisor.com/sites/virustotal.com

In that case, I'm asking siteadvisor, whether it thinks
the virustotal.com site is safe or not. Web sites that offer
downloads, siteadvisor can scan the site and determine how
virulent it is. At least one site got flagged, not because
the owners of the site put malware on it, but because
someone broke into their server, and loaded it up with
malware. Even some search engine web pages, contain
rudimentary comments about how trustworthy a site is.
So it's possible to get a few "opinions" before even
touching something dodgy.

But just the other day, a search engine sent me to a
dodgy site, so their "dodgy check" isn't that reliable.

When I need to unpack a dodgy Windows download, I use Linux
in a VM, and I use a copy of the WINE program loaded. That
allows Windows downloads, to be run in Linux. I disassemble
things like webcam drivers that way. (WINE runs the installer,
sprinkling the fake C: drive in Linux with the driver files.)
WINE stored installed programs, in a section of the Linux file
tree, so you can go in there after WINE runs an installer, and
look at the fragments. And maybe, upload a fragment to
virustotal.com etc. By doing it that way, I don't have to keep
thirty different "unpackers", to sniff at stuff.

Usually, if a download is "packed", it's a hint of the
potential for trouble. I use a hex editor for a quick check.
The bit pattern after the PE header, tells me how "stinky"
the file might be. And if I know I've just downloaded a
webcam driver from a Chinese site, the combination of "packed"
and dodgy source, equals "head for the Linux VM and WINE"
as the next step.

Some day, there is going to be a class of malware which is
cross-platform, and can attack through VMs. So at the moment,
all of the above approaches are "security by obscurity", and
there is no guarantee we'll "stay in control" forever. I
think it's just a matter of time until this happens.
Not "if" but "when".

Paul
 
F

Flasherly

One more question please...
What do YOU do when you have a file test POSITIVE for a
virus/Trojan/male ware?
Do you "repair" the file? Quarantine it? Verify the POSITIVE and if
so how? Do you run 2 virus scanners and if so which do you trust the
most?

I ask because occasionally I will run a program, say a game cheat or
trainer and those kind of programs just seem to drive my Virus scanner
nuts. And one AV program may say INFECTED and another might say
CLEAN. So what do you do?

Seldom get a positive test -- that's Clamwin, Source Forge distributed
maybe open-source stuff. No question, then it's history. (Wouldn't
mind more of CW or like it for back testing -- I like it's very "non-
intrusive" nature.) Question - then I research, I suppose, both the
program containing a virus and the nature of the virus reported, if
necessary the virus identifier for a false positive.

Anything that stinks or is of marginal use should be treated
accordingly. History. Maintain three binary copies of the system OS
drive, none of which should have prior internet contact prior to their
creation. A dual-boot HD is at an older minimum required for a
simpler approach to binary backups. The second or third binary image
will safeguard against later program intrusions should they be
initially misidentified.

A direct copy of program installs occurring on another drive will
suffice when synchronized to a binary image of the OS (keep a text
file of notes beside the binary file of recent system changes).

Avoid suspicious site downloads. Avoid complex installs. Look for
reputability and public awareness of programs before selecting to run
them. Select standalone installs when possible. Test and observe
programs as needed before incorporation into the OS backups.

Beyond that it's a matter of tolerance for minimalism, keeping it
simple. Simple is the simplest route to back out if you don't want to
go there.

http://www.clamwin.com/
 
Ad

Advertisements

R

RayLopez99

You can run an OS in a "container", but there are proof of concept

malware designs out there, that can "punch out" of a virtual machine.

I don't know right off hand, whether it's a function of the state

of VT-x being enabled or not (hardware virtualization support).

Yes, good stuff. I'm going to turn off VT-x support and double check it is not enabled in BIOS after reading your speculation above and this PDF* which implies VT-x enables certain virtual rootkit viruses to punch out into the host OS.

RL

http://www.theta44.org/software/HVM_Rootkits_ddz_bh-usa-06.pdf
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top