August 20th, 2009, 07:31 AM
AVG Resident Shield keeps finding this problem
AVG Resident Shield keeps popping up while surfing the net. Just about any link I click on causes this to happen. I can't believe every link is infected. Seems to be in my laptop. I have DSL wireless modem using WPA. I am in a rural location so nobody is near physically to hack me. AVG says I am virus free. Below is the text in the box from resident shield.
"Found ";"C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\firstname.lastname@example.org";"Potentially dangerous object";"8/20/2009, 4:18:12 AM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Is this serious and how should I proceed?
Thanks in advance
August 20th, 2009, 10:14 AM
The first one.. the cookie is not dangerous and can be ignored or you can simply delete the cookie. It's definately nothing to worry about.
As for the second alert, I'd submit it here..
To be scanned by other a/v utilities. If it turns out that it's not infected then it's a false positive but if other scanners see it as a trojan/virus/malware then we'll give you instructions to follow.
Let us know what happens when you submit it.
August 20th, 2009, 10:28 AM
Thanks for the quick response.
I'm kinda slow or I didn't communicate clearly. I think I have ONE problem. When I click on a link I get the message from AVG resident shield. I believe it is just a text message. (I could be wrong) I just copied and pasted that message in my post above. I went to the resident shield history to copy that information.
Understanding that sshould I simply clear out all my cookies to solve? Or do I need to send that test file to virustotal.com?
August 20th, 2009, 11:02 AM
If the only problem found is the cookie just delete it. Cookies are not a serious security problem.
So, to be sure there's just the one alert, delete the cookie(s) and run the scan again to see what it finds.
If the iexplore.exe file is still part of a separate alert then submit it to that site. Don't delete or quarantine it yet since it's your browser and without it you won't be able to use internet explorer.
August 20th, 2009, 06:50 PM
Bee_Manemail@example.com is a tracking cookie. Many consider tracking cookies harmless. They do record data about your surfing. But probably not a source of malware.
It used to be possible to opt out of getting this cookie. http://www.atdmt.com/CookieUpdate.as...ieActions.aspx
Another way, once you delete it, is to use IE Tools|Internet Options| Privacy tab|Advanced and Block "All third party cookies".
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
August 21st, 2009, 12:26 AM
Interesting stuff going on. AVG Resident Shield is now declaring serious threat. I drilled down to the firstname.lastname@example.org file and tried to upload to virustotal.com. I got an error saying I didn't have permission to upload the file. Also earlier today I got an error saying there was no more room in the vault for more files. Since I was already committed to this trouble shooting process I have not followed WELSHJIM'S direction yet. next?
August 21st, 2009, 01:12 AM
This is known issue with AVG being oversensitive regarding atdmt cookie.
No reason to upload it to virustotal. Cookie is just a text file - harmless.
Empty AVG vault, and delete cookie.
August 21st, 2009, 06:52 AM
Well this is getting a little scary. I tried WelshJim's fix. It looked like I successfully opted out. IE was already configured for blocking all 3rd party cookies.
I tried Broni's fix. That one looked promising. I emptied the vault , oops........... I drilled down and the atdmt.txt file was gone. I did not delete cookies. I rebooted and fired up IE. clicked on a link and got the same path except instead of atdmt I got instead revsc.txt. FYI I have done a print screen and saved all three alerts as jpg in paint. If it's important or I'm not being clear I could upload the jpg links onto photobucket and post the links so you can see them. Anyway, I will start over and empty the virus vault empty the history and this time delete all cookies and test. I will report back results. I will not give up if you don't. Thanks again, John
August 21st, 2009, 07:51 AM
For what it's worth
I emptied virus vault, deleted cookies, deleted history, I still have same symptom except now there are more filenames instead of the single original atdmt.txt.
Also, all of a sudden I'm getting more warnings. Same path except the filename.txt is different like adbrite.txt or doubleclick.txt
Last edited by Bee_Man; August 21st, 2009 at 08:00 AM.
August 21st, 2009, 11:50 AM
Can't see a thing in your pics.. they're way too small.
I'd like to see them to confirm but if all the warnings are about cookies I
wouldn't be losing sleep over it. I would get AVG to stop the warnings
though, if possible. Haven't used it in a long time but most a/v's have a way
to not show meaningless/low priority alerts.
August 21st, 2009, 12:15 PM
if you give me a place to send the jpgs I will send them so you can look at them. Photobucket makes the pictures smaller and I haven't been able to leave the pictures full size. Is it ok to pist pictures directly to this forum?
August 21st, 2009, 12:28 PM
yes, as attachments. www.imageshack.us works well too... use hotlink for forums (1)
Is it ok to pist pictures directly to this forum?
August 21st, 2009, 12:50 PM
August 21st, 2009, 01:08 PM
Looks to me that those are all cookies. As I've said cookies are most definately nothing to be concerned about. The most info that can be gleaned from a tracking cookie is what website you were sent from and which ads/items you looked at while at that site. All anonymously.. they have no idea who you are.. just some person who surfed in basically. They are mostly used for ads and compiling data about which pages/ads/items are being viewed.
Perhaps someone who uses AVG can tell you how to stop those alerts.
I would also install spywareblaster which will block most tracking cookies (and other very useful spyware/malware blockers as well) It's free..
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)