Ron Schenone

AVG 7.5 Flags Online Armor As Trojan

Posted by on Apr 13, 2008 | 6 Comments

This was posted over a Scot’s Newsletter Forum by Peachy:

Looks like today’s AVG virus database update is flagging oaui.exe as infected with the trojan SHeur.BEKO. This virus apparently does not exist and looks like AVG has caught a false positive. The workaround is to exclude the TallEmu directory but this only works for the paid version of AVG and not the free edition. I told AVG to heal the file but it has quarantined it and won’t let it run.

Hopefully AVG will have a fix for this real soon. I know there will some unhappy campers who use Online Armour along with the Free version of AVG. :-(

Comments welcome.

[tags]avg, online armor, tojan, fix,  [/tags]

  • Glen Martin

    I installed Online Armor free on Thursday, I think. In the market and not half the size of the free Comodo, OA seemed like really sleek, state-of-the-art, software. Excellent!
    Then Friday early p.m. (MST) my AVG7.5 free shot up a dialogue box . . . TROJAN! blah, blah, blah. Seeing that it was hitting on a part of my brand new firewall, I hit “ignore” and moved on. A few minutes later, same thing, same re-actiom. Then again . . . and again. So I went into my AVG controls to try and disable the hit on this item . . . but that’s not a free AVG option (and I’ve come to learn that even the paid versions wouldn’t let it go thru)
    Anyway, eventually I get tired of this warning box, so I dared hit cure!
    What a mistake that was. I didn’t really grasp what was going on, but AVG basically took control of my PC. After deleting half my firewall, it’d let me re-install the thing, but wouldn’t let me access (use,start,touch) it or it’s associated files. A terrible mess, I tell ya.
    There’s too much to write here, but I ended up installing the Comodo free, which is also sleek and current.
    During my insanity, of course I ventured over to AVG free forums. What a waste of space that is. They are so rigid on protocol that it’s useless. Folks in a panic want answers, not to be directed to “How to ask a question” crap.
    This is the only the 2nd false positive I’ve seen from my AVG in 3 years.
    The other wasn’t so destructive. I doubt, had the virus been real, it could have been any more destructive or stress causing.

  • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

    Hello Glenn,
    Thanks for sharing your experience with us. I also looked at the AVG forums, faq, and so forth and nothing of any use has been posted as of yet. If you happen to stumble on a solution or fix to the problem, please post your findings and I’ll do an update.
    TIA, Ron

  • http://lockergnome.com/truxter TruXter

    I really do not like avg or avast or nod32.
    If you do a google search for “jotti’s online scanner”
    You will see that they offer a way to scan single files with multiple scanners at one time. at the bottom left of the page you will see current real time results of what all the scanners have recently found. if you hit refresh, the results change. Avg,avast and nod32 either do not find anything (50% of the time) or give a false positive (30% of the time).

    I find it sickening that so many people defend them three because they are free. So is a twig.
    Good luck you guys.

  • Glen Martin

    Ron . . . I’ll likely stick w/ComodoFree, at least until my nerves calm down.
    Then I’ll likely try re-installing OA and see if AVG’s fix included disabling whatever is blocking the users access to OA and fixing whatever it’s -+ broke.
    IF my system won’t allow me to use OA now, then it’s up to TallEmu and AVG to get things straightened out.
    Have you tried releasing whatever AVG protection is enable re:Beko (I think you’ll find whatever you’ve quaranteed with AVG is already back on your system when you opt to “return” the file. That’s what happened when I hit “restore” anyway)
    Best of luck with this.

  • Glen Martin

    Ron – I just re-installed Online Armor without incident 4-14-08. I guess the AVG fix worked? Hopefully there won’t be any more problems. Seems to be working fine.

  • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

    Hi Glen,
    Thanks for the update. It is appreciated.
    Regards, Ron