Jump to content

AVG is reporting Mbam.exe as a threat


Recommended Posts

That's interesting, and explains why I didn't encounter this problem when updating or performing a MBAM scan today or yesterday, as I have the free version of AVG 8.5.

Strange though, as AVG say that the free and paid versions use the same virus definition base and the same scanning engine, so I don't understand why the free version's Resident Shield wouldn't kick off too... Maybe they just mean the pro version and not the other paid versions...

AVG corrected their recent FP with iTunes and iPod within 24hrs, so hopefully if this isn't fixed already, it will be very soon.

The free edition doesnt include the avg's firewall. Its the firewall that flagged it and deleted it. Since I enabled windows firewall and turned off AVG's firewall it hasnt happend since

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

The free edition doesnt include the avg's firewall. Its the firewall that flagged it and deleted it. Since I enabled windows firewall and turned off AVG's firewall it hasnt happend since

Oh OK. I didn't see it mentioned in this thread that it was a firewall that flagged it, and I assumed it was via a scan or the Resident Shield. That makes sense then. Thanks :)

Link to post
Share on other sites

  • Root Admin
Its the firewall that flagged it and deleted it

What the heck kind of Firewall deletes files? It might block the download of a file but it should not be deleting a file - that's not what a firewall is for.

Do you have a link to an authoritative FAQ or article that confirms that behavior?

Link to post
Share on other sites

The free edition doesnt include the avg's firewall. Its the firewall that flagged it and deleted it. Since I enabled windows firewall and turned off AVG's firewall it hasnt happend since

not exactly true

2 of my clients have AVG internet Security without the firewall installed and both have the problem

the rest have the firewall installed and have the problem

It is not just the firewall that is causing the problem otherwise those 2 that the firewall is not installed would not have had this happen to them

robin

Link to post
Share on other sites

This could also be caused by different heuristics in the two versions or different DB versions being downloaded (paid vs free).

*nods*

One interesting thing though - I read a response to a post in the old AVG free forum where someone actually from AVG Technologies (as opposed to the free users who moderate the forum but do not work for AVG) stated that the free and paid versions of AVG use exactly the same scanning engines, and the same virus definition files. The free version does not have a full web shield, a firewall, and some rootkits won't get detected. I don't have enough knowledge to figure out the ins and outs of it all personally, and the comment she/he made might have been oversimplified for us novice users out there.

Link to post
Share on other sites

@ Robinb and anyone else reading this

whoa whoa! Lots of info here.

Well, I have the paid internet security suite and I use AVG's firewall (since I have XP), I haven't added any exclusions as of yet and I updated mbam this morning and did a quick scan, and no conflicts whatsoever happened. I use the paid version of mbam as well.

Robinb, are your mbam issues caused with paid and/or free versions of mbam?

I find this kind of strange. I believe you though of course :)

Also, did you JUST barely update from 8.0 to 8.5? Just curious because the transition from 8.0 to 8.5 happened somewhere between March and April I believe, if you are just updating then that means in the meantime the systems in question were very behind on updates from AVG!

I agree with AdvancedSetup about the firewall, what kind of a firewall deletes files? Blocks, sure. But deletes? eh??

Link to post
Share on other sites

*nods*

One interesting thing though - I read a response to a post in the old AVG free forum where someone actually from AVG Technologies (as opposed to the free users who moderate the forum but do not work for AVG) stated that the free and paid versions of AVG use exactly the same scanning engines, and the same virus definition files. The free version does not have a full web shield, a firewall, and some rootkits won't get detected. I don't have enough knowledge to figure out the ins and outs of it all personally, and the comment she/he made might have been oversimplified for us novice users out there.

I suspect you just nailed it. One of MBAM's drivers uses what would be considered a rootkit driver to load and scan. Kaspersky always detects it on installation and I have to ignore it. It's not uncommon for modern security programs to use this technique both to protect themselves from being deleted by malware as well as being able to detect, of all things, rootkits :) . You may have found the culprit.

Link to post
Share on other sites

I suspect you just nailed it. One of MBAM's drivers uses what would be considered a rootkit driver to load and scan. Kaspersky always detects it on installation and I have to ignore it. It's not uncommon for modern security programs to use this technique both to protect themselves from being deleted by malware as well as being able to detect, of all things, rootkits :) . You may have found the culprit.

Nah I just gave you the clues - it looks like you just nailed it exile360! :)

Only bit that does not make sense is why there is so much apparent inconsistency in who is having a problem and who isn't (see comment 30 by robinbb). Perhaps some people missed a critical virus definitions file when they updated? Though you would think (or hope rather) that the AVG update manager would give you all the updates you are missing, not just the latest one.

Link to post
Share on other sites

It's not the firewall that's the problem, notice she said all are running Internet Security which is the paid version, which means its AV engine would include more advanced rootkit detection than the free version, regardless of whether or not the firewall component is installed. The free version simply lacks the ability to detect the hidden driver, otherwise it would be having the same false positive.

Link to post
Share on other sites

It's not the firewall that's the problem, notice she said all are running Internet Security which is the paid version, which means its AV engine would include more advanced rootkit detection than the free version, regardless of whether or not the firewall component is installed. The free version simply lacks the ability to detect the hidden driver, otherwise it would be having the same false positive.

Whoops, sorry exile, my bad. I mentioned the wrong comment number. :) I meant comment 21 by robinb. The pro version will detect rootkits too, but the problem isn't happening in that version either. The difference between the AVG versions is shown on this page: http://free.avg.com/download-avg-anti-virus-free-edition

Link to post
Share on other sites

I'm honestly at a loss then, unless they do indeed push out a different DB for the two versions or there are different settings on the various users' systems.

this is where the problem is, it is in the identity protection database as you see below- this just came in via email from AVG, I just asked them which new data version it would be and when they answer me i will post it here

Unfortunately, the current AVG Identity Protection database version

may detect the mentioned virus on some legitimate applications. We can

confirm that it is a false alarm. We would like to inform you that the

false positive will be removed in the next database update.

Please update your AVG and check the situation again.

Link to post
Share on other sites

Robinb, are your mbam issues caused with paid and/or free versions of mbam?

Only AVG Internet Security like I mentioned when i first posted this

Also, did you JUST barely update from 8.0 to 8.5? Just curious because the transition from 8.0 to 8.5 happened somewhere between March and April I believe, if you are just updating then that means in the meantime the systems in question were very behind on updates from AVG!

No these computers were updated when 8.5 just came out and all virus databases are up to date

I agree with AdvancedSetup about the firewall, what kind of a firewall deletes files? Blocks, sure. But deletes? eh??

and if you see my last post you will see it has nothing to do with the firewall, it has to do with the AIP because only the internet security has AIP wether you install the firewall or not

robin

Link to post
Share on other sites

@ Robinb

I am sorry that I misunderstood you.

I'm glad that you were able to get ahold of AVG and that they are addressing the issue. Has the problem resolved yet? :P

Link to post
Share on other sites

  • 1 month later...

Hi all,

just to add a bit of news

On NEW / fresh install od Dell pc and the latest Malwarebytes + latest AVG v 9.0.686 the resolution for error 703 (0,5) =

1. deinstall mbytes

2.deinstall AVG

3.clean with mbam-clean.exe + reboot

4. just in case clean registry with CCleaner + Glary utilities - maybe not necessary

5.reinstall mbytes and test = all OK

6.reinstall AVG + test both = all OK so far

Please note that all the exceptions (6 of them as mentioned in the posts above/before) in AVG ver 9 are in 2 places (maybe not needed but....)

under tools\ advanced

1 = PUP exceptions = x all 6 of them

2 = Resident Shield \ Excluded files = x all 6 of them

This way in my case it coexists together

hope it helps

Thank you

Link to post
Share on other sites

  • 1 month later...

I've added the six exceptions in both locations in AVG. My locations were slightly different than those listed, but I found the files. I'm on Win XP x64.

I then followed the cleanup/reinstallation process exactly as shown here.

I'm still getting the same error message:

"An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.

Error code 703 (0,9)"

Well... previously I think it was "Error code 703 (0,5)".

I've run Malwarebytes' Anti-Malware on this computer previously, without any issue. This is the first issue.

I've been suspicious of some sort of infection as images and file downloads are being corrupted, and my internet feels bogged.

Any suggestions?

:D

Link to post
Share on other sites

@ geolemon -

Please note as this is your second post for the same problem it is hard for us to follow your progress - Either start your own topic or read below -

As we don't work on detailed Malware removal in the general forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Thank you - :D

Link to post
Share on other sites

  • Staff
this is where the problem is, it is in the identity protection database as you see below- this just came in via email from AVG, I just asked them which new data version it would be and when they answer me i will post it here

Unfortunately, the current AVG Identity Protection database version

may detect the mentioned virus on some legitimate applications. We can

confirm that it is a false alarm. We would like to inform you that the

false positive will be removed in the next database update.

Please update your AVG and check the situation again.

They ought to have that already embedded into an automated reply. Or perhaps add to their FAQ pages as a special addition. It happens often enough for goodness sake. :D

They've done almost as much damage as some malware, crippling our software so often.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.