ZoneAlarm just deleted AVG’s avgcorex.dll in my laptop after it deemed it as a high risk virus.
I don’t know how ZoneAlarm turned itself on today. I’ve had both ZoneAlarm and AVG working in my notebook without a hitch for a couple of years. All of AVG’s features are on after I availed recently of its trial AVG 2012 Internet Security. ZoneAlarm on the other had all features except its Antivirus turned on as I don’t want AVG and ZA antivirus clashing with its each other. And everything went well until today.
I must have accidently clicked on ZA’s’Fix Now’ button thus turning on its Antivirus feature, as after turning on my notebook, ZoneAlarm screamed about a high risk virus found in the AVG2012 directory. It says my computer has a ‘HEUR:Virus.wIN32.Generic‘ infection and that avgcorex.dll is the culprit. Then it proceeded to treat it off. Aferwards, my AVG icon added an exclamation mark on its face with a warning that says’You are not protected!’. Then, as if that was not enough, all my shortcuts don’t work, until finally, windows crashed and re-started itself.
On the AVG interface, the Antivirus icon is red and there’s a ‘VDB check has failed’ notice underneath it. Funny thing is that when I clicked the ‘New scheduled task’ link, AVG was scanning normally like nothing happened. AFter it completed the scanning, it flashed the check sign and the ‘Scan finished’ note. I think VDB stands for Virus Database.
Now, as I have yet to find out how to fix AVG’s antivirus feature, I’m stuck with ZA’s. Besides, this full AVG version will expire in 8 days time. So, I think I’ll sit it out till then and see what comes up next. It’s kind of weird though to be relying on a new antivirus after having been used to an old one that I have learned to trust.
This is what I get for using 2 different softwares that do the same thing. They ultimately will clash (like the way ZA sees avgcorex.dll as a virus, and who knows what else) and I’d be in the middle of it all.
Other new discoveries by ZA:
- footer.php of WP’s Androida theme has Trojan.PHP.Pakes.e virus. If I remember right, the footer contains some base64 encrypted text which when decryted only contains the footer links for the androida author’s site.