Page 2 of 3 ‹‹123››
February 11, 2010 23:56 Fake Alert? #63761
Reply with Quote | Quick Reply | Top
ajbucini

Avatar

Novice
Join Date: 25.6.2009
Posts: 82
Yeah thats pretty much what happend to me I got redirected to that fake antivirus site when I clicked was the mail Icon on my att yahoo toolbar, I still figure that trojan I found the next day had something to do with it either it caused it or it snuck in when it happend?

For future reference I read that the best thing to do when you encounter this type of fake alert or virus is to open task manager and kill the iexplorer.exe process to make sure the browser can't be hijacked.
February 12, 2010 08:20 Re: Fake Alert? #63823
Reply with Quote | Quick Reply | Top
ondraploteny

Avatar

Administrator
Join Date: 27.3.2009
Posts: 6996
Hi,

is possible to share with us some names (filename + path) of detected files? As it could be cookies or just some internet temporary files stored in cache.

Thanks
***************AVG Team
February 12, 2010 15:46 Re: Fake Alert? #63971
Reply with Quote | Quick Reply | Top
ajbucini

Avatar

Novice
Join Date: 25.6.2009
Posts: 82
I can't remember exactly but I was listed as a Generic Trojan by AVG and was Located in the Tempory internet Folder so I deleted it outright knowing that it wouldn't cause any damage to my system losing this file.
February 20, 2011 23:18 Re: Fake Alert? #149986
Reply with Quote | Quick Reply | Top
elnet

Avatar

Novice
Join Date: 20.2.2011
Posts: 3
I am getting Fake Alert popups..

Hello,

I have been getting "fake alert" popups, but nothing is there to quarantine or to delete. I have tried the things mentioned so far:

RE: Fake Alert

Windows version. (2000, XP, Vista, Windows 7, etc...)=
Win XP Pro SP 3 Windows Version 5.1, Build No. 2600, SP 3

AVG version and virus db version (found in the lower left hand corner of the AVG User Interface) 
Avg Version: 10.0.1024 Virus Database Version: 1435/3452 Fri Feb 18, 2011 Link scanner 495

Other antivirus software installed / previously uninstalled (if any)
None, since reloading Windows 

Other protection software installed
None, since reloading Windows
 
The exact error message you are getting (if any)
Virus Found FakeAlert (more info) Detected on open 

Additional Info needed for Virus and other infection problems:

Infection file and path (post it exactly as given by AVG)
- Kindly attach the full computer scan result or the Resident Shield detection history export (how to)

"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-23.msg";"Infected";"2/18/2011, 6:16:45 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-22.msg";"Infected";"2/18/2011, 6:06:36 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-21.msg";"Infected";"2/18/2011, 5:56:23 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-20.msg";"Infected";"2/18/2011, 5:46:09 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-18.msg";"Infected";"2/18/2011, 5:35:47 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-16.msg";"Object is inaccessible.";"2/18/2011, 5:25:28 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-15.msg";"Infected";"2/18/2011, 5:15:19 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-14.msg";"Infected";"2/18/2011, 5:05:05 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-13.msg";"Infected";"2/18/2011, 4:56:55 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-12.msg";"Infected";"2/18/2011, 4:52:40 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-11.msg";"Infected";"2/18/2011, 4:46:57 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298076301640-10.msg";"Infected";"2/18/2011, 4:45:48 PM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-15.msg";"Infected";"2/18/2011, 10:49:31 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-14.msg";"Infected";"2/18/2011, 10:39:19 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-13.msg";"Infected";"2/18/2011, 10:28:54 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-11.msg";"Infected";"2/18/2011, 10:18:46 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-10.msg";"Infected";"2/18/2011, 10:08:35 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-8.msg";"Infected";"2/18/2011, 9:58:21 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-7.msg";"Infected";"2/18/2011, 9:48:08 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-6.msg";"Infected";"2/18/2011, 9:39:26 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-5.msg";"Infected";"2/18/2011, 9:34:58 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-4.msg";"Object is inaccessible.";"2/18/2011, 9:32:50 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-3.msg";"Object is inaccessible.";"2/18/2011, 9:31:59 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298050250468-2.msg";"Object is inaccessible.";"2/18/2011, 9:31:49 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-35.msg";"Infected";"2/18/2011, 9:14:48 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-33.msg";"Infected";"2/18/2011, 9:04:40 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-31.msg";"Object is inaccessible.";"2/18/2011, 8:54:27 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-30.msg";"Infected";"2/18/2011, 8:44:14 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-29.msg";"Infected";"2/18/2011, 8:34:05 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-27.msg";"Infected";"2/18/2011, 8:23:57 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-26.msg";"Infected";"2/18/2011, 8:13:48 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-25.msg";"Infected";"2/18/2011, 8:03:38 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-24.msg";"Infected";"2/18/2011, 7:52:46 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-22.msg";"Infected";"2/18/2011, 7:42:32 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-18.msg";"Infected";"2/18/2011, 7:36:18 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-17.msg";"Object is inaccessible.";"2/18/2011, 7:28:03 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-16.msg";"Infected";"2/18/2011, 7:23:53 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-15.msg";"Object is inaccessible.";"2/18/2011, 7:23:12 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-14.msg";"Object is inaccessible.";"2/18/2011, 7:21:56 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Virus found FakeAlert";"c:\Documents and Settings\NA\Local Settings\Application Data\Zimbra\Zimbra Desktop\store\incoming\1298042407375-13.msg";"Object is inaccessible.";"2/18/2011, 7:20:50 AM";"file";"C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe"
"Runtime packed mew";"c:\Documents and Settings\NA\Local Settings\Temp\ARCB8\crack\keygen.exe";"";"2/8/2011, 1:05:15 PM";"file";"C:\WINDOWS.3\explorer.exe"
"Runtime packed mew";"c:\Documents and Settings\NA\Local Settings\Temp\ARCB8\crack\keygen.exe";"";"2/8/2011, 1:05:01 PM";"file";"C:\PROGRA~1\IZArc\IZArc.exe"


These are from the GMER scan:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-20 14:58:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084
Running: gmer.exe; Driver: C:\DOCUME~1\NA\LOCALS~1\Temp\kwlyipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF49456C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF4945770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF4945810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF49458B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE[1124] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326054C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE[1124] ole32.dll!OleLoadFromStream 7752986B 5 Bytes JMP 330BD62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.3\Explorer.EXE[752] @ C:\WINDOWS.3\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB777BD] C:\WINDOWS.3\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1356] @ C:\WINDOWS.3\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\NA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3404] @ C:\WINDOWS.3\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

- You may also attach a screenshot of the detection dialogue displayed.
- False positive detection suspicions may be reported as described here.

Pasted from <http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=973>
February 21, 2011 12:36 Re: Fake Alert? #150042
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello elnet,

Please follow this article: How To Handle Suspicious False Positive Detection?

Thank you
___________________AVG TeamHow-To articles | FAQ
February 23, 2011 23:16 Re: Fake Alert? #150326
Reply with Quote | Quick Reply | Top
elnet

Avatar

Novice
Join Date: 20.2.2011
Posts: 3
RE: How to handle false positive detection..

Hello,

There is nothing to post! Please see the attached screen shots of the popups. When I ran a complete updated scan, it reported that my computer was infected with "fake alert". As you can see from the attachments, there is nothing to delete, quarantine or hide.
Multiple Threat Detection Screen Capture.jpgThreat Detected Screen Capture.jpg
February 24, 2011 11:35 Re: Fake Alert? #150383
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello elnet,

Because Zimbra is mail server *.msg files are mails so there is probably infection in those mails.
Resident shield dialog is probably displayed after message was already sent, if you not sure about it follow How to handle false positive detection.

Please note that AVG free is not for commercial use.
If you use mail server on machine with AVG free, put mail server folders to Resident Shield - Excluded Items in Advanced AVG Settings and remove E-mail Scanner component.

Thank you
___________________AVG TeamHow-To articles | FAQ
March 8, 2011 00:07 Re: Fake Alert? #151639
Reply with Quote | Quick Reply | Top
elnet

Avatar

Novice
Join Date: 20.2.2011
Posts: 3
Pokornyz wrote
Hello elnet,

Please note that AVG free is not for commercial use.

I am using this for my personal email, no commercial use. I only use Zimbra, because it is currently the only way to access yahoo mail for free, without having to pay for yahoo mail premium.

March 8, 2011 08:21 Re: Fake Alert? #151687
Reply with Quote | Quick Reply | Top
jirka82

Avatar

Administrator
Join Date: 19.6.2009
Posts: 3892
Hello elnet,

Pokornyz noted that only because Zimbra can be used as a mail server, which is not quite common for personal purposes. We are sorry for the confusion.

Thank you.

___________________AVG TeamHow-To articles | FAQ
September 5, 2011 03:09 Re: Fake Alert? #172032
Reply with Quote | Quick Reply | Top
schnautzr

Avatar

Novice
Join Date: 3.11.2009
Posts: 3
I'm having this issue as well. It has occurred upon receipt of every new message ever since I last upgraded Zimbra to the most recent version last month. Since I receive about 30 emails a day on a single Yahoo! account, I'm rather overwhelmed with these false positives and am growing accustomed to hitting "ignore" every time AVG Free notifies me of a threat.

I as well am using Zimbra for personal use. I run Zimbra, Thunderbird, and Windows Live Mail Desktop clients continuously every day to check multiple personal email accounts.

:disappointed:
Page 2 of 3 ‹‹123››