Kaseya Community

AVG 8.5 and 9.0 REALTIME PROTECTION WORTHLESS!!!

  • This has happened numerous times on numerous machines where the fake ANTIVIRUS (virus) program infects the computer and destroys AVG.

    AVG 8.5 and now even 9.0 IS NOT PREVENINTING ANY VIRUSES.

    ATTACHED IS SCREEN SHOT. I AM RUNNING VIRUS SCAN NOW THROUGH KES MODULE ON VSA SERVER. AM UNABLE TO OPEN AVG ON LOCAL DESKTOP PER THE ERROR DISPLAYED IN THE SCREENSHOT.

    THIS ANTIVIRUS PROGRAM (AVG) IS WORTHLESS. THIS IS AT LEAST THE 3RD COMPUTER IN THE LAST 2 MONTHS THAT HAS GOTTEN A WIDELEY KNOWN VIRUS, MOST COMONLY THE "FAKE" AV PROGRAM.


    I KNOW THAT YOU ARE NOT AVG, BUT THERE SOFTWARE IS HORRIBLE!! INSTALLS FROM VSA WORK ONLY 80% OF THE TIME, AND REALTIME PROTECTION IS A JOKE!!! PLUS IT SLOWS DOWN THE COMPUTER TREMENDOUSLY. I HAVE TRIED INSTALLING JUST THE REALTIME PROTECTION AS WELL AS THE FULL BLOWN SUITE (LINK SCANNER, SEARCH SHIELD, EMAIL, ETC) AND NEITHER PREVENTS ANY VIRUSES.

    IT DOES DETECT THEM AFTER THE FACT, BUT WHAT GOOD DOES THAT DO?

    I AM ALSO PUTTING THIS ON THE FORUM BECAUSE MAYBE SOMEONE HAS FIGURED THIS OUT ALREADY. HELP!!

    Legacy Forum Name: AVG 8.5 and 9.0 REALTIME PROTECTION WORTHLESS!!!,
    Legacy Posted By Username: ctaaz
  • Hoo boy. I'm going to put in my two cents' worth on this, and please understand that I'm trying to help. I won't bother defending AVG: It's not exactly best-of-breed, I think more of us here will agree with that than won't. With that said...

    Okay, yes, this is very frustrating. I feel the pain: We've had to wipe-and-type several machines in the last month due to this new breed of rogue-antimalware garbage.

    But. I dare you to name an antivirus product which would have stopped all of those infections. The bad guys are always ahead of the curve in this arms race. Always. And this new batch of crap which blocks ANY executable from running, thus rendering the PC essentially useless? Yeah, I'm highly frustrated. (Yes, we can use a boot CD... but that means rolling a truck and/or having the infected machine delivered to us. Whee.) And it's not "the" fake-antimalware... there are dozens of variants, a new one popping up every few days.

    The bigger question is, what else can you to do prevent this junk? Can you talk the clients into using restricted-permissions accounts where possible? Change browsers (Firefox w/ Adblock Plus has made believers of several otherwise-technophobic clients)? Implement the no-Javascript fix to Adobe Reader to help plug that infection vector?

    I don't have answers, you'll notice, only more questions... but you literally cannot expect a single antivirus product to make all of the bad stuff go away forever all by itself. If that was possible, the antivirus guys would win and the bad guys would have to get real jobs...

    And trust me... McAfee would NOT do a way better job. We dumped McAfee for KES back in the (somewhat shaky) 1.x release days and never looked back.

    Two cents' worth, make of this what you will. And hang in there, man...

    Legacy Forum Name: KES,
    Legacy Posted By Username: GreyDuck
  • well i can only disagree, i love AVG best of a bad bunch (so to speak), I've used most antivirus companys over the years, and AVG is not one that i associate with an aggressive scanning engine?

    other questions need answering here also, are you implementing any DNS proxy servers (opendns for example), any sort of web filtering software?

    These also greatly reduce exposure to fake antivirus programs and malware, you need to tackle this on multiple fronts!


    FYI, ive only seen your screenshot, on residential machines with little or no protection, never had it occure on a business machine which is locked down for business purposes.

    Maybe you need to revisit your policys & Procedures? in repspect to your SLA.

    on a funnier note, spitting your dummie out, cracked me up!

    Legacy Forum Name: KES,
    Legacy Posted By Username: FrankieBoy
  • Ok, I admit it!

    At first glance I was distraught and frustrated with many other issues on KES and when I had this call come in this morning it was the perverbial "straw that broke the camels back".

    After the dust has settled I can see that you all are correct. It is important to have additional policies in place and firewall blocking rules setup to help prevent this type of problem.

    My main issue is that AVG doesn't even seem to notice these viruses until you run a manual scan, then it does a fairly good job of cleaning/removing them.

    The second part of the issue is after further review that workstation was still running AVG 8.5 and I have read that 9.x has greatly improved upon the antispyware/adware functionlity.

    I do agree that one AV program is not the end-all to virus problems and it does take a multi-tiered approach to get the best level of protection. I will be having a thorough sit-down with those clients that are still fighting internet access policies and firewall rules.

    I will stand by my statement though that I have seen AVG miss or not detect, in realtime, viruses that other antivirus solutions I had installed prior to KES which never had an infections getting through the resident shield without at least a warning or message saying virus detected. (ie Kaspersky and Symantec Corporate).

    I know that significant improvents to KES have been released this past quarter and more improvements are too come in 2010. I will give AVG one last chance this year, unless they get their problems resolved I will not be renewing my licenses with them.

    Thank you for your non-partial responses to my RANTING AND RAVING!! =)

    Legacy Forum Name: KES,
    Legacy Posted By Username: ctaaz
  • I used to rely on Avast, and they sh*t the bed, too. There is not really any one product that will protect against everything, unless you go for the big bucks with Symantec full enterprise or MS .. something point.

    I've been taking the route of AVG+ SuperAntiSpyware, or MalwareBytes. The volume licensing is pretty good. And I don't put it on every machine; just the trouble users that can't seem to stop clicking junk.

    I trust my AVG Small Business installs more than AVG Free. But I'll do AVG Free instead of nothing. I may go Kaspersky if I run into a big problem with lots of AVG sites. Yes, there is not any one thing that will protect a network. I'd look into dual scanners that don't conflict with each other, and a border protection like an Untangle box.

    Legacy Forum Name: KES,
    Legacy Posted By Username: FarVision
  • I would say the biggest difference we see is done by 2 approaches.

    1) We've seen alot of the fake virus software and people tend to just click to download the update that suppose to fix the viruses. Education is key on this so that people know what is providing protection and to get in touch with right people as soon as they see anything that mentions an infection.

    2) We've implemented Untangle with as much protection as possible. We've seen a large reduction in the number of infections at any site that we have this type of border protection.

    Legacy Forum Name: KES,
    Legacy Posted By Username: doug.jenkins@ispire.ca
  • I have had a couple of instances of this infection; the way I managed to get around it is to login to the infected machine as another user.

    Upon login you get a windows 'file is not signed, run/don't run' type message from the malware .exe file; you can then get not only the path to the .exe but stop it from running (hklm\software\microsoft\windows\currentver\run key) - In both cases i deleted the file at this point as well. Then login as affected user and scan/complete cleanup. Process only takes a few minutes less the post manual cleanup scans Smile

    Legacy Forum Name: KES,
    Legacy Posted By Username: Jeremy Johnson
  • I have seen this with several clients. The way they were infected was by opening an attachment on an email.

    I have not had this problem with any clients on Managed Services though, but we require all those ones to also use an offsite email scanning service before it hits AVG for Exchange...

    We also Use Sonicwalls with Spyware and AV filtering on at the border too. You can't just rely on the AV protection at the endpoint nowdays Big Smile

    Legacy Forum Name: KES,
    Legacy Posted By Username: droytrobb
  • Who do you guys use for pre-delivery scanning? I've been tossing around the idea of using third-party remote exchange mailboxes.

    Legacy Forum Name: KES,
    Legacy Posted By Username: FarVision
  • This is a pretty simple virus to remove. Do the following:

    1. Download combofix.exe available http://www.forospyware.com/sUBs/ComboFix.exe
    2. Put it in the “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\” folder, you can copy it to the computer from another workstation using hidden shares if IE is hosed.
    3. Create a new administrator account, I usually use kaseya, Remote Cntl->Reset Password
    4. Log in, follow the steps for combofix. It will ask you to disable realtime scan (if you don’t it doesn’t matter), it will then download and install windows recovery center from Microsoft
    5. It will then reboot and run a full scan within the recovery center
    6. The machine will be offline for 10-20 minutes
    7. When it comes back it will generate a report of where it found the rootkit/virus and what files it removed.
    8. Remove all scheduled tasks, often times there will be a scheduled task to reinfect the system
    9. If IE doesn’t work turn off the proxy
    10. I typically then run it one more time and then do a malwarebytes scan

    Legacy Forum Name: KES,
    Legacy Posted By Username: jcourtney
  • FarVision
    Who do you guys use for pre-delivery scanning? I've been tossing around the idea of using third-party remote exchange mailboxes.


    Currently using Trend Micro IMHS.
    http://www.trendmicro.com.au/au/products/enterprise/interscan-messaging-hosted-security/

    Plans are in motion to move to our own hosted Linux servers using Sophos over the next few months.
    http://www.sophos.com/products/enterprise/email/security-and-control/unix/index.html

    Fantasic Anti-Spam engine, and multiple AV engines.

    Legacy Forum Name: KES,
    Legacy Posted By Username: droytrobb
  • droytrobb
    Currently using Trend Micro IMHS.
    http://www.trendmicro.com.au/au/products/enterprise/interscan-messaging-hosted-security/

    Plans are in motion to move to our own hosted Linux servers using Sophos over the next few months.
    http://www.sophos.com/products/enterprise/email/security-and-control/unix/index.html

    Fantasic Anti-Spam engine, and multiple AV engines.



    What would be the incentive to bring this back in-house? We're currently debating outsourcing this and reselling it vs. in-house and reselling it.

    Legacy Forum Name: KES,
    Legacy Posted By Username: FarVision
  • FarVision
    What would be the incentive to bring this back in-house? We're currently debating outsourcing this and reselling it vs. in-house and reselling it.


    Control. A higher Margins. You do have higher costs when you have it inhouse though so when you start off with a new service like this it's often easier to have it running looked after by someone else till it's proven itself and that it's worth the investment (Time & Hardware).

    We have been using IMHS for 2 years now, and in combination with the Sonicwall protection at the gateway we have few hassles with Malware. I think it's proven itself, now we want more bottom line out of the service now that we have the Qty.

    Legacy Forum Name: KES,
    Legacy Posted By Username: droytrobb
  • I have been seeing this fake AV for years now. Its like a weed who's roots run deep and no matter how many times you pull it out....

    We have had clients with AVG , Trend Micro OfficeScan, Mcafee and Symantec (almost all migrated to KES now). All of them fail at preventing these types of infections....makes u wonder why we use AV at all sometimes! Basically if a user clicks on an EXE and then selects RUN....all bets are off.

    I do a reboot into safe mode and then a MalwareBytes Anti-Malware scan in order to remove. I find it the fastest and the most thorough.

    I also scan users IE History etc and determine point of infection. If it was accidental, no charge. If it was due to porn, warez, torrentz etc....I hit em for each hour spent cleaning it up.

    Legacy Forum Name: KES,
    Legacy Posted By Username: XeviouS
  • Since AVG is slow getting protection against rogues, perhaps the fine folks at Kaseya could use their cheap overseas labour to actually add value to AVG by making KES proactive by customizing the definitions to block the stuff zero day (now) Kaseya could actually be proactive and send alerts regarding threats to us all so we that we don't look like asses in front of our customers. I should rely on Kaseya and not fellow users. If Kaseya's "product" wasn't the best....

    Legacy Forum Name: KES,
    Legacy Posted By Username: j.lee@carceron.net