Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Exploit.pdf Found By Resident Shield
May 18, 2012 12:30 Re: Exploit.pdf Found By Resident Shield #203093
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
Gary Bee wrote
BIG AL, the post was available all day Thursday, so there is no need to indicate it is Friday morning

The info link was provided for user parrottoyangels to show what the working hours of the AVG Team are actually.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
May 18, 2012 13:48 Re: Exploit.pdf Found By Resident Shield #203103
Reply with Quote | Quick Reply | Top
parrottoyangels

Avatar

Novice
Join Date: 15.5.2012
Posts: 17
https://chrome.google.com/webstore/search/timeline%20remove?hl=en-US&_ac=0

I had the first one installed (it's since been removed). Not sure which one CaboSteve had. My alerts did not start right away. I'd had TimeLine Remove on my system for a couple days before it started.
May 18, 2012 15:23 Re: Exploit.pdf Found By Resident Shield #203125
Reply with Quote | Quick Reply | Top
CaboSteve

Avatar

Novice
Join Date: 16.5.2012
Posts: 6
nemethste wrote
Hello all,

Can you please provide us with link to chrome extension which is causing the issue?

I have just installed newest version of this timeline remover and experiencing no detection so far.

Thank you.




See my post #202689 above for one of them. I will try and find the other and post later
May 18, 2012 15:38 Re: Exploit.pdf Found By Resident Shield #203127
Reply with Quote | Quick Reply | Top
CaboSteve

Avatar

Novice
Join Date: 16.5.2012
Posts: 6
Here is the link to the second one http://timeline-remove-chrome.en.softonic.com/

I have not tried selective de-selects yet to see if either one alone is the culprit. but for sure, one of them is giving the False Positive as with BOTH extensions de-selected the AVG alert has now disappeared.

PC running Vista Home Premium 32 bit and latest Chrome browser.
May 18, 2012 16:46 Re: Exploit.pdf Found By Resident Shield #203135
Reply with Quote | Quick Reply | Top
Gary Bee

Avatar

Novice
Join Date: 29.7.2010
Posts: 296
Nemethste,

The initial problem was being unable to find the specific Java Script file which was displayed in the Resident Shield Alert. As ParrottoyAngels showed in her previous Post, and I included in the Summary, the full pathname is:
C:\Users\username\AppData\Local\Temp\scoped_dir_2608\CRX_INSTALL\api-utils\lib\observice.js

(As a note: This folder was not found when ParrottoyAngels manually typed it into the Address Window of Windows Explorer. This method will get past "blind-spots" like the Content.IE5 folder.)

Understanding that Temporary Folders and Files can be created which are deleted when the process exits. Is there an explanation for why, even when the Alert was still in progress and "freezing" the activation process, this file and bottom four folders were not present on the system?
May 23, 2012 13:12 Re: Exploit.pdf Found By Resident Shield #203963
Reply with Quote | Quick Reply | Top
parrottoyangels

Avatar

Novice
Join Date: 15.5.2012
Posts: 17
CaboSteve wrote

I have not tried selective de-selects yet to see if either one alone is the culprit. but for sure, one of them is giving the False Positive as with BOTH extensions de-selected the AVG alert has now disappeared.

Cabo Steve,
Have you found any "timeline remover" extension that works without receiving the false positive?
Lynn
May 24, 2012 07:57 Re: Exploit.pdf Found By Resident Shield #204107
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello parrottoyangels,

I am testing timeline remover mentioned in my previous post for almost a week now and experiencing no false positives or issues so far.

Thank you.



AVG Team
How-To articles | FAQ | Free Support
May 24, 2012 22:27 Re: Exploit.pdf Found By Resident Shield #204277
Reply with Quote | Quick Reply | Top
Gary Bee

Avatar

Novice
Join Date: 29.7.2010
Posts: 296
Hi ParrottoyAngels and CaboSteve,

Just to get the links in one place, and not have to page through this Thread.

Links to Timeline Remove which cause the Shield Alerts:


The link from Nemethste which does NOT cause Alerts:
- https://chrome.google.com/webstore/detail/dnedfaenfnkikficknkklbdedlecmpgc?hl=en

The unanswered question from this thread (repeated for 4th time).
Why is the Resident Shield Alert displaying the file and pathname:

- C:\Users\username\AppData\Local\Temp\scoped_dir_2608\CRX_INSTALL\api-utils\lib\observice.js

The file, observice.js does not exists anywhere on the system, and the path, starting with \scoped_dir_2608\ does not exist. More details in Post and throughout Thread.

AVG Please Respond

Edit: After Nemethste's Post below, Thanks for Responding. Even without being able to reproduce this (did you load a copy of TR from 2nd and 3rd link?), could you discuss with your developers; With their understanding of details of the Alert process, can they envision a situation like this occurring?
May 25, 2012 14:59 Re: Exploit.pdf Found By Resident Shield #204417
Reply with Quote | Quick Reply | Top
nemethste

Avatar

Administrator
Join Date: 1.11.2011
Posts: 1730
Hello Gary Bee,

I have tested timeline remover from mentioned links. No detection so far.

Unfortunately since we are not able to induce this issue, it is hard to say why this particular temporary folder is inaccessible.

Can anyone please confirm, that with the newest version of AVG and Timeline remover extension, is this issue still occurring?

Thank you.



AVG Team
How-To articles | FAQ | Free Support
May 28, 2012 08:44 Re: Exploit.pdf Found By Resident Shield #204689
Reply with Quote | Quick Reply | Top
Shazzbut

Avatar

Novice
Join Date: 28.5.2012
Posts: 1
nemethste wrote
Hello all,

Can you please provide us with link to chrome extension which is causing the issue?

I have just installed newest version of this timeline remover and experiencing no detection so far.

Thank you.




Greetings nemethste,

I have had this version of Timeline Remove installed for a couple of months and have been getting the exploit.pdf detection. I just now disabled it so will see AVG detects it again. I hope this can be resolved - I'm not a big fan of fb timeline!

Sharon