Good morning. I'm a new forum member, in Australia. I've been retired many years. I run three computers on a LAN and experiment.

Today 31st October 2007 All three machines tell me after downloading latest update that four zips dating from late 1990s have "PSW.OnlineGames.PLZ" virus

Your encyclopedia and database seem to have no record of this. Nor does Symantech. Nor does Google.

The products are archives for which I paid - Drag-and-File, Drag-and-Zip and Drag-and-View; a much superior file manager to Windows Explorer, and which is no longer available. Manufacturer was Canyon Software.

I think it unlikely that all three machines should become infected at the same time, when running today's update.

The fourth is another competing product with Windows. SuperNoteTab, a superior notepad-like product. Can you please advise if you have released a buggy update? The setup and uninstall executables of the installed versions have also been removed by your latest update.

Look forward to hearing any thoughts, please,

Richard Ashton
Adelaide, South Australia.
beta tester for Linux and BSD.

richard.a

Please pay attention to where you are posting and make it fit the subject of the forum area you are in. This wasn't an 'Update Issues' question which was the forum area you posted it in... moved to the 'Removing Viruses, Virus Removal Tools' area.... For an explanation of the Forum areas see [forum.grisoft.cz]...

With AVG Free please have a look @ this Sticky post [forum.grisoft.cz] if you suspect a file to be a false positive.

I disagree. If it had happened to you immediately after having updated, you would have thought so too, I suspect.

I have had legacy files (as in straight html files that could not possibly contain a nastie) deleted today and yesterday too.

No it is a problem associated with your upgrade, automatically downloaded and installed.


Thankyou

Richard Ashton
Retired CAD and PC trainer
past CAD consultant
Past contributor to Australia's premier CAD monthly
beta tester for PC-BSD and PuppyLinux
insider at linspire.com

I have no idea what a false positive is, my friend.

All I know is that on three computers on my home LAN (no, not commercial, I am retired, and do opensource system development to help the industry which handsomely supported me during my working life), suddenly since an update a few minutes before my previous post I am having straight html files being deleted as well as other files which could not have possibly been infected.

I believe that for the last few days that AVG Free has turned into a lemon.

And as this was my first post, and you went to the trouble to move this post without reading it properly, when you could have with far less effort PM'd me for fuller details, I have rather lost confidence in the product.

I have actually been sharing my distrust of AVG free with a number of Windows users who are rather surprised at what has happened.

So instead of sneering at me about what you perceived to be my mistakenly posting in a wrong thread, I would like to find out what if anything is going to be done about what appears to be rogue updates from your download server.

Thankyou

Richard Ashton
Retired CAD and PC trainer
past CAD consultant
Past contributor to Australia's premier CAD monthly
beta tester for PC-BSD and PuppyLinux
insider at linspire.com

richard.a

Quote 'I have no idea what a false positive is, my friend'.... Please have a look @ this link [www.google.co.uk] & then read thro' the false positive link provided in the 1st post again.

Quote:
Please have a look @ this link [www.google.co.uk] & then read thro' the false positive link provided in the 1st post again.

Okay, thanks for that, and I had made the assumption it meant that. But it really concerns me that these forums do little apart from either ignore those who post, or criticise or brow-beat them.

I have been well mannered all along because I believe in support forums (like where I assist) that maintaining your cool is important. No good getting your knickers in a knot. Really.

But still no comment by the forum about my concern that AVG has suddenly (and potentially dangerously) turned into a lemon - which is not a criticism but an observation.

Further unanswered posts by others with a similar tale of woe only go to confirm my opinion. I have used this product for many years, around the time that Steve Gibson wrote about ZoneAlarm - also a product I now view with skepticism, and which I've stopped using.

However I've found some of those whose comments your forum has ignored have been spread far and wide on other lists, which I'm sure is not good PR for your product.

Today AVG deleted an executable for a music file format conversion application on a computer that is seldom on-line, and which is checked regularly and is always clean.

Fortunately my backup server runs on Linux and its drives are not set up as shared drives which MAY (no guarantees) have saved me some of this time-consuming strife. However no guarantees there are there? AVG will likely delete them again, right?

I wrote this in my opening post - which was totally ignored...

Quote:

Your encyclopedia and database seem to have no record of this (meaning PSW.OnlineGames.PLZ). Nor does Symantech. Nor does Google.

That is still the situation I notice, from looking. How can AVG find a fictitiously nameed infection?

That is more than a false positive. It is invention - a very different thing.

Oh, and yes, these quotes from the google link you asked me to check out are interesting in the perspective of this thread...

Quote:
From VirusList
False positive
Synonyms: False alarm

A false positive is another way of saying ‘mistake’. As applied to the field of anti-virus programs, a false positive occurs when the program mistakenly flags an innocent file as being infected. This may seem harmless enough, but false positives can be a real nuisance.

* You waste productivity due to user down-time.
* You may take e-mail offline, as a security precaution, thus causing a backlog and more lost productivity
* You waste even more time and resources in futile attempts to disinfect ‘infected’ files. And if you load a backup, to replace ‘infected files, the backup appears to be infected too.

In short, false positives can be costly nuisances.

The term is not confined just to the anti-virus world. It also applies, for example, to anti-spam protection, where it refers to the misidentification of a legitimate e-mail message as spam. This too could be very costly, since the undelivered e-mail may be a business critical message.

Quote:
From Symantec
A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus.

A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity.

Norton AntiVirus and Symantec AntiVirus Corporate Edition use Bloodhound heuristics to detect virus-like activity.

Examples of such activity can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.

False detections, once confirmed, are usually corrected as soon as possible

I know many people who never admit they made a mistake. I didn't think that your company would be one of them

I rest my case.

Richard in Australia
Where we usually fix things that are broken with fence wire
(Not possible here)

@richard.a...

Most of your assumptions or opinions are from ignorance of the real situation and I'm not being critical of that... just pointing it out.

First... you say others are "brow beat"... correcting a mistake or pointing out that a user may not be following the rules.. or posting in the proper area... is not brow-beating.. it is just that... correcting them or making the user aware of the issue being mentioned. It would be a dis-service to not correct a mistake.

Trying to look up that name that one antivirus program uses verses another and then not finding that malware name in the others encyclopedia... doesn't mean that Grisoft "made up the name". Each company uses their own naming convention and it has always been that way. Grisoft doesn't place every malware name in their encyclopedia either... they only place the most dangerous ones there... that isn't something I like... but that is how it is. As to proof of each company using its own naming conventions.... sign up for a free account at [www.virusbtn.com] and then enter the name of any common viral malware you can find and see what it crosses too with all of the other company's... don't use an obscure viral name since that cross reference database is usually very far behind in being updated.

You claim some experience in the computing world and yet you were not familiar with false positives which seems a bit odd to me. False positive detections have existed in all antivirus products since antivirus programs were created and these only increased after hueristic analysis was added to them later.

This often happens with many antivirus programs and the main cause is from the fact that the malware authors are also using the very same compilers and file libraries of code that normal programs use so when a new malware detection is added to the antivirus definition files... it can have enough common code with normal programs that the normal program gets misdetected as a malware threat.

Taking that into account... I believe you were upset that you were told that you had posted in the wrong forum area... and now you are trying to twist this subject into something its not. You have been pointed to the post that describes the forum areas so you would know what they were for... not to brow beat you... but to correct your misposting in the wrong area. That post is also mentioned in the PLEASE READ BEFORE POSTING thread that is in the top of each forum area in an effort to make what is expected of a user... to tell them what info to provide if asking a question and to provide other hopefully helpful info to them. You aren't the first to have not completely read it and you won't be the last... but if we direct a user to either post its to provide them the info they need to effectively use the forum... its not to brow beat them. Pointing out a users oversite or error is never meant to be that... just as it isn't meant if a teacher or for that matter a policeman points it out to someone. Its part of the duties as moderator.

Well.. enough of trying to explain things some... Since you have been told how to report a possible false positive and even check if it is... there is no need to leave this thread open any longer.