I'm using avg 2014 free 2104.0.4158 virus database 3614/6744 on windows 8. it has picked up a hidden application identified by an anti-rootkit. it is unable to remove it and says the data is invalid.
I've attached the exported overview from avg.
I'd greatly appreciate any help with this. My technical knowledge is quite limited so don't fully understand anti-rootkits and the processes involved to resolve this.
AVG says i'm protected across the top, with the individual boxes for computer, web browsing, identity & emails protected. Firewall has "activate now". I have the windows firewall active.
I restarted my computer and run the rootkit scan. it returned clear results.
over view attached
I then run a full scan and this came back clear. overview attached.
I looked at the thread you linked to and noticed others had the similar issues of it showing hidden applications and then not picking them up in further scans. Is there an infection or false positive as it doesn't have a name like shadowzgoth? I haven't followed the steps by Pokornyz in post 234842 but it is not picking up anything currently. Should I follow the steps by Pokornyz?
I ran a scan and came up with a high security threat. When I went to remove it, it said "Unable to remove, invalid data". I downloaded the Gmer scan as suggested and here are my results:
I have the same problem with all the users. I have a paid AVG 2014. This only happened after the latest AVG update/upgrade. I don't know if that's the reason of the problem as it has a very similar problem a few updates ago (with the Anti-Rootkit falst-positive). After AVG released another update, the problem disappeared.
Also ever since yesterday, my AVG has become unresponsive very often. And it detected infections which have never detected before (my scans have been clean for the last two months!)
I think someone at AVG should look into this matter, maybe release another update to solve it?
Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.
Should the infection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.
I know that AVG does not scan files *.dat (Only the "Scan shell extension"), although they may contain trojans:
%UserDir%\secupdat.dat - BackDoor.Generic13.*** (Sometimes - in the folders of all users, not just the one that constantly are using. Then the Internet can not be everywhere at work.)
%System%\secupdat.dat - BackDoor.Generic13.***
The first part - blocks browsers (and update AVG) of the Internet user %User%.
The second part - "Service function NtMapViewOfSection hook -> 0x********".
Not too many of these files in these folders - can all be found and manually scan (manually scan all file types).