I have Windows sp2 XP home edition IE7....
My laptop had a pretty serious infection recently that took a long time to clean up. Fortunately, I did not have to do a reinstall or anything. One thing that still has me puzzled and has not gone away since my system cleaned up is the daily popping up of a RESIDENT SHIELD ALERT(or I wil call it RSA) box.

It always says it found something like a trojan. And, since some of the malware I had on my pc WAS fake antivirus stuff, I still have my doubts if this RSA that keeps popping up IS from AVG.
I took a picture of it, though not the best, to submit if needed. OR, what can you tell me about this RSA to determine if its legit....
If it is legit, what am I supposed to do when it pops up again? heal? remove?
I thank you in advance

I'm positive this is a fake, I've been running the same version of AVG for months and never seen this, plus it popped up while I was running the actual AVG scan. It looks and behaves very similar to the 'Antivirus 2009' and 'Antivirus 2008' bugs, which is a pain to get rid of. AV09 took me about 2 solid days to dispose of with a list of files to nuke, a list I'm unable to find with this fake resident shield. AV09 was also a mimic of AVG though at least the name was different to search for. Also to note, neither AVG nor malwarebyte are detecting a single infected file with this one.

I don't have any tips on nuking the virus itself unless you are very comfortable with removing files and registry items and have a solid backup. Be prepared to spend a lot of time on removing this one. One this I do suggest is not to touch anything on the resident shield window

If anyone who reads this thread has experience with the resident shield bug or has a list of files known to be associated with it, please post. Both myself and the OP will probably be working to nuke this one for at least a week =/

@ azyardies

Quote "I took a picture of it, though not the best, to submit if needed".... If you think it will be useful just place the screenshot link in your thread....

You can create a screenshot (see http://www.winxptutor.com/screenshot.htm) and upload it e.g. to http://imageshack.us/ and send us a link to the screenshot (right-click on the image shown upon upload, choose "copy image link.." or similar).

Also have a look @ FAQ 1624 http://www.avg.com/faq.num-1624#faq_1624.

---

AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan

---

I have experienced the same problem as yourself. I have a link so you can see what I mean. http://img262.imageshack.us/img262/535/residentshield.jpg
I hope it works

It keeps coming up several times a day but no virus thing spots it. I also had the problem of fake anti virus software so not sure if it is an after thing with it or not.

Many thanks for your help.

@ scunnygal

Have a look @ these 2 links....
http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=54295
http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=53339

---

AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan

---

Hi all, I had already tried the screen print feature to try to make a good picture but the paste feature was grayed out. I tried doing it different ways, but it did not work (note that I have used this print screen thing before so I was doing it correctly)-Maybe it does not work for pop ups???

So here are 2 pictures from a camera. Like i said, its not that clear but at least you can see somewhat what it looks like.

Gmer, combofix, malwarebytes, and a few others are some of the programs i used to clean my pc (I posted these to diff good forums on the net)-I think this RSA malware is the last item that has not been able to get removed even after using these programs (unless it came back afterwards).
Thanks for your help....

http://img502.imageshack.us/img502/4278/residentshieldalertfake.jpg

http://img32.imageshack.us/img32/4278/residentshieldalertfake.jpg

Hi,

this is probably related with infection described at this thread - http://forums.avg.com/cz-en/avg-free-forum?sec=thread&act=show&id=51637#post_51637

Thanks
***************AVG Team

Showing Up On Lots Of Company Computers..

This fake Resident shield dialog box is starting to pop up on several computers at my company, even though AVG has been updated this morning with the latest. I have instructed everyone before this started happening to don't do anything, unplug the computer and reboot it. This usually keeps them from getting infected. 2 in the company ignored this and clicked the freaking thing and infected the computer just last week. This was a long drawn out process to clean the computer of this jack ass hijacking virus/trojan/malware. AVG needs to find a new way to keep these from sneaking in.

@ ratnick

The forum is only for AVG Free Edition... the help is only from other AVG Free users. Any questions concerning the Pro either Trial or Paid for version must be directed at AVG's Tech or Sales support, who have enough tools to help you with this situation, on the main website http://www.avg.com/ww-en/support-existing.

---

AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan

---