AVG 8.0 Resident Shield Alert

[Guest mayfriday]

The AVG has detected this shown as follows:-

C:\Docs nsetting\all users\application data\microsoft\Onecare

Protection\LocalCopy\{CFD.............}IEUPDATES.EXE

 

Thread name: Trojan horse Generic 11 SHA

and been asked to either Heal /Move to Vault/ Ignore

 

Process Name: C:\Prog files\Microsoft Windows OneCare

Live\Antivirus\MsMPEng.exe

 

Now what must I do with these?

[Guest CTOS]

RE: AVG 8.0 Resident Shield Alert

 

You have AVG and OneCare anti-virus installed and running? You should only

have one anti-virus running.

 

The "IEUPDATES.EXE" is related to the "Antivirus 2009" malware, but

typically that file was found in C:\WINDOWS\system32\ieupdates.exe location.

 

I don't know about AVG or OneCare cleaning out the "Antivirus 2009"

infection, but I've had excellent results using Malwarebytes. You don't need

to uninstall your current anti-virus software to install and use it for

periodic scans.

 

http://www.malwarebytes.org/

 

"mayfriday" wrote:

> The AVG has detected this shown as follows:-

> C:\Docs nsetting\all users\application data\microsoft\Onecare

> Protection\LocalCopy\{CFD.............}IEUPDATES.EXE

>

> Thread name: Trojan horse Generic 11 SHA

> and been asked to either Heal /Move to Vault/ Ignore

>

> Process Name: C:\Prog files\Microsoft Windows OneCare

> Live\Antivirus\MsMPEng.exe

>

> Now what must I do with these?

[Guest PA Bear [MS MVP]]

Re: AVG 8.0 Resident Shield Alert

 

You should only have one (1) anti-virus application installed & loading at

boot! As things stand now, neither OneCare nor AVG are working properly.

 

Assuming (1) your OneCare subscription is and has been current, (2) you're

able to manually update OneCare, and that (3) you didn't install OneCare

after you'd installed AVG or (4) after the machine was infected with

XPAntiVirus2009 (it is now), uninstall AVG, manually update OneCare, and run

a full scan with OneCare.

 

If no joy...

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjunction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. **Post your log to

http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

http://forums.spybot.info/forumdisplay.php?f=22,

http://aumha.net/viewforum.php?f=30, or another appropriate forum for review

by an expert in such matters, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

mayfriday wrote:

> The AVG has detected this shown as follows:-

> C:\Docs nsetting\all users\application data\microsoft\Onecare

> Protection\LocalCopy\{CFD.............}IEUPDATES.EXE

>

> Thread name: Trojan horse Generic 11 SHA

> and been asked to either Heal /Move to Vault/ Ignore

>

> Process Name: C:\Prog files\Microsoft Windows OneCare

> Live\Antivirus\MsMPEng.exe

>

> Now what must I do with these?