Go Back   Steve's Digicams Forums > Digicam Help > General Discussion

Reply
 
Thread Tools Search this Thread
Old Oct 8, 2005, 6:42 PM   #11
Moderator
 
Join Date: Jun 2002
Posts: 1,139
Default

JimC wrote:
Quote:
Lin:

I'm testing with the one Ken Cox posted on their forums (suggesting an e-mail be sent to Grisoft with a link to it). So, I guess it's possible it's corrupted in some manner (but, I've never seen anything like this before).

The copy I've got is unchanged from the .zip he posted. Just to make sure, I even downloaded it again without any virus protection at all turned on.

VERY ODD.

Even if it is corrupted in some manner, that would not explain the symptoms I'm getting. Without ever trying to run it (just trying to read it using programs treating it as a binary file), the OS is stopping me with accessed denied errors (I'm trapping for the errors in the program). But,that only happens if it's still named with a .exe extension.

I have never seen this type of thing -- ever. It's almost if the operating system has some kind of special hooks in it whenever it sees a certain combination of bytes in the file you're trying to read.

I just now registered on the forums, and I'm going to make a post in the thread about it and see if anyone can explain it.


Hi Jim,

Now that I've removed AVG I again downloaded the sample file Igor posted and unzipped it and it works perfectly.

Best regards,

Lin
Lin Evans is offline   Reply With Quote
Old Oct 8, 2005, 6:44 PM   #12
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Removed it or disabled it (AVG)?
JimC is offline   Reply With Quote
Old Oct 8, 2005, 6:54 PM   #13
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Lin:

Just tried for the 4th time. I can't run it or open it (downloading the .zip file and extracting the .exe again). Yet, if I rename it to something other than .exe file, I can open it

AVG is not running (although it may have a process that is not obviously AVG that's stopping me somehow).

I'll reboot and see what happens with AVG setup not to load on boot.


JimC is offline   Reply With Quote
Old Oct 8, 2005, 6:59 PM   #14
Moderator
 
Join Date: Jun 2002
Posts: 1,139
Default

JimC wrote:
Quote:
Lin:

Just tried for the 4th time. I can't run it or open it (downloading the .zip file and extracting the .exe again). Yet, if I rename it to something other than .exe file, I can open it

AVG is not running (although it may have a process that is not obviously AVG that's stopping me somehow).

I'll reboot and see what happens with AVG setup not to load on boot.

It's got to be running something in the background. I uninstalled AVG and cleaned the registery and the file is perfect.

Best regards,

Lin
Lin Evans is offline   Reply With Quote
Old Oct 8, 2005, 7:06 PM   #15
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Yep... Just verified that.

With AVG totally uninstalled, the .exe file is fine.

Somehow, AVG hasgot "hooks" into the OS, even when it's shut down/disabled.

No warnings from AVG, only accessed denied messages from the Operating system for a .exe file it thinks is bad.

Windows also knows when you uninstall it (then Window's Security Center warns you that no virus detection is installed.

So, some kind of Windows process (or AVG process that's not obvious) is blocking access to the .exe files as soon as it sees what it thinks is virus code in it.

You may want to check your files that you thought were ruined. They may be just fine. I didn't need to download yet another copy of the test .exe (the one I could not load or read works with AVG uninstalled).



JimC is offline   Reply With Quote
Old Oct 8, 2005, 7:59 PM   #16
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Lin:

FWIW, this is something else (the way AVG and/or Windows is trying to protect you). I just reinstalled AVG again (downloading the latest version). That thing even alerts you if you only do a directory listing of files that it thinks containthis virus definition (and to my knowledge it's not supposed to do that).

It must have some deeply embedded hooks into the OS somehow to be that efficient. I just don't see how there could beany way a separate process would have tiime to scan the files that fast and compare them to any kind of virus database -- efficiently indexed or not.

It must have some kind of special hooks specifically for certain variants (immediately looking at a given byte offset in the files to find them, before you even try to load or copy one).

Hmmm... are we going to see a Microsoft Announcement that they now have MS Virus Scanner in beta soon). LOL It looks too darn efficient to be outside of the OS to me for this particular trojan code that it thinks it's identifying (especially given the behavior even after I shut it down, with errors from the OS versus AVG before I uninstalled it completely).

JimC is offline   Reply With Quote
Old Oct 8, 2005, 8:07 PM   #17
Moderator
 
Join Date: Jun 2002
Posts: 1,139
Default

Yes, it's a strange behavior indeed. The files reclaimed from the Virus Vault work fine now that I've completely removed AVG. Hopefully they will be able to cure the problem soon, but I've decided to try something else - it's just too much effort to keep installing and uninstalling the program.

Panda killed my internet connect - I discovered this after installing and uninstalling and repeating numerous times. I've asked for a refund for it and will keep trying until I find something which works. Dang computers anyway .... HA!

Lin
Lin Evans is offline   Reply With Quote
Old Oct 8, 2005, 8:39 PM   #18
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

I've used AVG for years (and it's been a good program).

This is the first time I've seen a false postive like this from it.

I had one a few months back that *might* have be a false positive (alerted me tosome kind of virus in a .zip file containing some Sun java stuff that I *thought* was downloaded directly from Sun, but I didn't remember for sure). I saw it in the morning after a full scan with a new virus database.

But, I never checked into it to see if it was a valid alert or not (since I didn't need the .zip it thought it saw a problem in).

Other than that, I can't recall it ever failing me (and it sure doesn't eat up resources like Norton does based on my experience with it). It's found some viruses since I've been using it for sure (mostly junk mail delivered stuff).

As for the rest of 'em -- I haven't tried anything else in a long time. So, I have no idea how they compare.

I'm running AVG, Microsoft Antispyware, Zone Alarm, scanning periodically with Spybot S&D ("immunizing" against new threats), and even using Adaware periodically, too (and have a hardware firewall). LOL

I don't like needing to run all of this stuff. But, at the same time, I'm not very happy about some of the alternatives either (for example, the OS only letting you install and run programs that have been "certified" as safe, which is part of some proposals that have been around for a while).

That would stifle innovation too much (I want to be able to download and install anything that I want to, without MS or anyone else telling me I can't for my own good). Ditto for writing anything I may want to myself (and giving it to others to run if I so choose).

There is no perfect solution (if you want to use a PC and take advantage of any current software you want to use). I may end up giving Linux a go at some point, though. My wife has been using it for about 6 months now (I tried a bunch of different distros and ended up leaving Mepis on a used laptop I bought for her).

From what I understand, KDE has some kind of basic image editor in it now that has some color management stuff, too. But, I haven't checked it out yet. Wine would probably allow me to use most of the editors I normally use anyway (most of them are old enough technology that they'd probably run OK under it). But, it doesn't appear to be a really good solution either. It's too much trouble for developers to write anything compared to Windows (dependencies, etc.). Web based apps will probably be the key.
JimC is offline   Reply With Quote
Old Oct 10, 2005, 3:52 AM   #19
Moderator
 
Join Date: Jun 2002
Posts: 1,139
Default

Hey Jim,

On a recommendation from someone on another forum, I purchased a Nod32 multi-license and installed it on two of my systems which are linked by broadband wireless to the internet.

After installation, I was not able to access the internet so I emailed technical support at Nod32's home page and within moments Stephen sent me an email asking a few questions. As it turns out, an old, deleted copy of Norton anti-spyware which had been shipped with my computer still had vestiges which are not removed completely and was causing the incompatibility. Stephen sent me a program which cleaned all traces of the Norton program from my system and another winsock program which corrected issues which resulted from the old program.

I reinstalled Nod32, configured it and everything works perfectly - it even found two virus infections which no other program had detected.

I've yet to hear a word from Grisoft - after four emails not a single reply. In the space of one hour I had four separate email communications with Nod32 - and guess what? They correctly diagnosed my problem, solved it and were extremely helpful. They also have a telephone number where you can speak to real live people - something Grisoft could aspire to.

My problems caused by AVG are but a fond memory now and I'm very happy with Nod 32 - here's a link for anyone looking for a great anti-virus program with fantastic support:

http://www.nod32-av.com/

Best regards,

Lin

Lin Evans is offline   Reply With Quote
Old Oct 10, 2005, 7:28 AM   #20
Administrator
 
Join Date: Jun 2003
Location: Savannah, GA (USA)
Posts: 22,378
Default

Thanks Lin.

I may give it a try.

Yes, I seem to remember trying to contact Grisoft once some years back.

My wife got some very unsual virus, from just from being connected to the internet (not even trying to visit any suspect web sites or download anything)

Somevirus was exploiting a security vulnerability for sharing over a network connection at the time (it was on an older Windows version that wasn't updated to current patches), and we had a lot of trouble trying to remove it.

She was not running AVG at the time (but, I was, and immediately installed it on her PC when we discovered a problem). They never responded to my queries. So, yes, they could learn a thing or two about customer service.

On the other hand, I figured that since I was not a paying customer (I use the free version), that they were within their rights not to spend time trying to work out problems a user may have (my assumption was that was why they didn't respond).


JimC is offline   Reply With Quote
 
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 8:16 PM.