Reboot.exe and a0016388.exe - false positives?

[DanielUK]

We use AVG Internet Security Enterprise Edition for our Windows 2000 network.

As of today's daily scan I've found that four of our XP Proff Workstation are reporting having moved this file to the vault:

Object: C:\Windows\System32\reboot.exe

Result: Potentially harmful program Tool.EA

Status: Potentially Unwanted Program

Further scanning as administrator reveals another potentially harmful program:

A0016388.exe in c:\System Volume Information

Has anyone else picked up on this today as I'm not entirely sure it's a false positive as a result of an AVG update?

Thanks

Dan

 

[sggaunt]

reboot.exe would appear to be a trogen. Its not a windows file.
I would recoment that you do a scan with HiJackThis and post the results here forum760


Steve: N.M.N.F.
Playing the blues isn't about feeling better. It's about making other people feel worse.

 

[DanielUK]

Thanks, AVG have written back to say it is a false positive:

Unfortunately, the previous virus database might have detected the
mentioned PUP on some legitimate applications. We can confirm that it
was a false alarm. We will release very soon a new PUP update that
removes the false positive detection on this file. Please make sure to
be updating your AVG and check your files again afterward.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:

- Open AVG Virus Vault (Start -> Programs -> AVG 7.5 -> AVG Virus
Vault).
- Locate the file that was incorrectly removed.
- Right click on it and choose the "Restore File(s)" option.

We are sorry for the inconvenience.

Dan

 

[sggaunt]

Thats good. But do keep an eye on the Virus/Spyware forum, you will find it useful for more general saftey type stuff.

Steve: N.M.N.F.
Playing the blues isn't about feeling better. It's about making other people feel worse.

 

[felixc]

I found that the folks at AVG are quick to respond to false positive alarms when you signal the problem. I stick to AVG as much as I can.

Too bad I was not able to install it on my bro's Vista system.

 

[DanielUK]

Not quick enough for me I'm afraid, I spent most of the day panicking until they verified that it was a false positive, after my second email saying that I needed more information.

Although AVG is a pretty solid product I would prefer it if I could phone/chat via live help when these problems arise.

Dan

 

[cajuntank]

You can if you would have purchased he product from

http://www.wallingdatasystems.com/

instead of AVG directly or a small reseller.

Walling is the largest distributor of AVG in the US and they have their own support system. You always have Grisoft to fall back on, but with purchasing from Walling, you can email, online chat, and call via phone into their support helpdesk. I know that in a short while, that telephone helpdesk is supposed to be up 24x7.

I puchased 1500 licenses of the Anti-Malware/Virus Enterprise Ed. from them and they went as far as installing it for me for free. I just bought at the end of 2007 and will get version 8 for free here in another 2-3 weeks.

So far, I am very happy with this company and they have made it a point to go out of their way to make sure I'm pleased with their service and informed about product.

 

[lwalling]

Cajuntank,

Thanks for the positives on our company, appreciate it. I don't frequent this forum often - but was pleasantly surprised to find your comment. We are always here to help -- of course, and 24x7 Phone Support is coming this year. US based email support is already 24x7 from us.

Appreciate it, again.

Thanks.

Walling Data Systems, Inc
AVG Authorized Distributor

http://www.avg-antivirus.net