ZoneAlarm Deemed AVG’s avgcorex.dll a High-Risk Virus

ZoneAlarm just deleted AVG’s avgcorex.dll in my laptop after it deemed it as a high risk virus.

avgcorexdll.exe a virus?

I don’t know how ZoneAlarm turned itself on today. I’ve had both ZoneAlarm and AVG working in my notebook without a hitch for a couple of years. All of AVG’s features are on after I availed recently of its trial AVG 2012 Internet Security. ZoneAlarm on the other had all features except its Antivirus turned on as I don’t want AVG and ZA antivirus clashing with its each other. And everything went well until today.

zone alarm antivirus

I must have accidently clicked on ZA’s’Fix Now’ button thus turning on its Antivirus feature, as after turning on my notebook, ZoneAlarm screamed about a high risk virus found in the AVG2012 directory. It says my computer has a ‘HEUR:Virus.wIN32.Generic‘ infection and that avgcorex.dll is the culprit. Then it proceeded to treat it off. Aferwards, my AVG icon added an exclamation mark on its face with a warning that says’You are not protected!’. Then, as if that was not enough, all my shortcuts don’t work, until finally, windows crashed and re-started itself.


On the AVG interface, the Antivirus icon is red and there’s a ‘VDB check has failed’ notice underneath it. Funny thing is that when I clicked the ‘New scheduled task’ link, AVG was scanning normally like nothing happened. AFter it completed the scanning, it flashed the check sign and the ‘Scan finished’ note. I think VDB stands for Virus Database.

Now, as I have yet to find out how to fix AVG’s antivirus feature, I’m stuck with ZA’s. Besides, this full AVG version will expire in 8 days time. So, I think I’ll sit it out till then and see what comes up next. It’s kind of weird though to be relying on a new antivirus after having been used to an old one that I have learned to trust.

This is what I get for using 2 different softwares that do the same thing. They ultimately will clash (like the way ZA sees avgcorex.dll as a virus, and who knows what else) and I’d be in the middle of it all.

Other new discoveries by ZA:

  • footer.php of WP’s Androida theme has Trojan.PHP.Pakes.e virus. If I remember right, the footer contains some base64 encrypted text which when decryted only contains the footer links for the androida author’s site.


3 Important Points You Should Know About Internet Security

Internet security has, since the founding of the internet, been a very crucial subject to experts and regular online users. If you are browsing the internet today, either from your personal home computer or a public computer like in the café, you would want to be very certain that your transaction is protected to a reasonable degree. It’s just normal that we crave every opportunity to see ourselves secure online. But the unfortunate side of it is that many online users know very little when it comes to internet security.

In my blog post today, I’ll be sharing some very important points you and I should know about internet security. These tips will go a long way to help us stay safe when we browse the internet.

Clearing Your Cache is Different from Erasing Online History

Sometimes, it saddens me when I see people substitute removal of browser cache for erasing online history. Online history might be stored in any format and on anywhere, it might be in the computer you used to access the internet, or on the website you visited last.

Generally, what clearing your cache does for you is help you erase all the web pages that are stored on your computer, thus make browsing faster and also help your browser load any new features of the webpage you’re visiting with ease.


Since you’ve now understood that clearing your cache might not remove all the history of what you’ve done online (like posting your password on forums, posts of yourself on social media etc.), you can do the following to avoid fooling yourself:

Don’t post what you are not certain of on the internet (even if you succeed in removing it from that webpage, Google bots might have captured it and make it remain permanent on the web.)

Firewall is not a Substitute for Antivirus

Many computer users can quickly come of the opinion that once they’ve enabled their firewall, their system is completely safe from viruses. Your firewall only prevents eavesdropping, by not making it possible for other computers on the same network as yours to see your online transactions, and so can’t possibly prevent viruses from getting into your computer.

If your computer does not yet have an antivirus program, you should install one on it now and perform a full system scan so that the viruses on it can be detected and removed.

While it’s important to have your system firewall enabled, you should not neglect installing an antivirus program on your computer.

Also, to strengthen the security measures you use on your personal computer, using a monitoring program on it would be a sure bet. Norton 360 and Norton Antivirus premium versions will work well along side each other.

While the two programs might not be free, looking up “Norton 360 coupon” or “Norton Antivirus Discount” will help you arrive at a cheaper offer by applying discount and coupons where applicable.

Keeping your password secret is safer than using a stronger one

While this might sound confusing to some people, it’s quite simple and straight forward. If you can’t keep your password a secret, there is no use in using a very strong one. If your password is the strongest one the computing era has ever known of, if you can’t keep it a secret, it will only take a simple task to hijack your account from you.


If you are going to use a strong password, to make the effort you invested in getting a strong password worthwhile, make sure you don’t share that password with anybody.

Author Bio[note]
Steve is a review writer for Norton Antivirus Discount Coupon and Norton 360 Premier Coupon blog. With this Norton Antivirus Discount Coupon and Norton 360 Premier Coupon, you can save money by investing in internet security.[/note]

AVG 2011 Update Crashes Windows 7?

I received an email from James about the AVG 2011 Update glitch that causes Windows 7 – 64 bit machines to crash. The glitch supposedly renders the windows 7 operating system unbootable. This warning made all kinds of hair in my whole body threaten to stand on end as I realized that I have just updated my AVG some 3 or 4 days ago. Whatever fun I had today (the whole family went mall-hopping and we just bought a Lenovo netbook for the wifey) almost fizzled out into thin air. But of course, no crash or OS disability has occurred so far. Is my Win 7 exempt from the crash-threat then?

Just the same, there’s no harm in heeding a warning. I read the advised quick fix and found out about the AVG Rescue CD which is supposed to get you out of trouble should a crash happen and blocks your OS from functioning properly. The trick, should your OS finds difficulty in starting your computer and you’re sure it has never happened before until you updated your AVG protection, is to firstly disable AVG. And you do this via the AVG Rescue CD. You can find the procedures for this here. The link, an AVG forum page, enumerates the following steps:


  1. Use AVG Rescue CD to boot your computer.
  2. When the AVG Rescue CD is launched, select the Utilities -> File Manager menu item.
  3. Navigate to the mounted system drive. This will be /mnt/sda1/ in most cases
  4. Within this drive, navigate to the /Windows/system32/drivers/ folder.
    – Rename (using the F6 key) all files starting with avg (e.g. avgldx86.sys, avgtdix.sys, etc.) to back them up. You can change their extension from .sys to .bak, for example.
  5. Press CTRL+ALT+DELETE and reboot the system (make sure to remove the AVG Rescue CD from your optical drive before doing so).
    – Your system will boot without AVG being involved in the process.


The AVG Rescue CD can be downloaded here. The cool thing is you can create the AVG Rescue using a CD or a USB.

Almost a week into the updated version, I still have not met any crashing or funny behavior of my OS. Hopefully, it’ll never happen. But should it, I know what to do.

December 4, 2010 is my brother Neil‘s birthday. Happy birthday bro!

One more thing: Just want to show some cool numbers which I found around 11 pm today.


ZeuS.Zbot.aoaq: Your PC May Be In Danger Trickery

“The Zeus.Zbot.aoaq is a new Trojan virus that steals banking passwords and financial account data. Your ZoneAlarm Free Firewall provides basic protection, but his new threat requires additional security”


I turned on my notebook and what do I see as soon as windows opened? A High risk threat called Zeus.Zbot.aoaq. I mean, a Zone Alarm pop up took center screen and scared me enough to raise my pulse by a few beats for a few minutes with a “Global Virus Alert Your PC may be in danger” warning. It was not too long ago that I had a bout at the office computer with the Security tool virus, and now this. Honestly, I really took a few serious moments and contemplated on buying Zone Alarm as they say they’re the only ones who can detect Zeus.Zbot.aoaq. But of course, I recalled that the pop up is so reminiscent of Security Tool.


So, after initiating a full scan with AVG, I did a quick search and sure enough, I found that I was not the only one who got scared for a while. Several Zone Alarm users (of the free version) got it too and many were not fooled by the Zeus.Zbot.aoaq trickery. Having dealt with the security tool virus a few weeks ago, I realized that Zone Alarm is using the same cheap trick of scaring people into buying their software in a hurry. For such a company (that I admit I admire for their efficient software), isn’t this sort of going too low?


Of course, you can’t blame Zone Alarm for using a tactic that may have perhaps worked for many scareware application makers. It’s just making use of a working business maneouver, I suppose. It’s just like the use of the ‘in-your-face popups’ that ask you to signup for a blog’s newsletter or list. You know it’s sort of a ‘turn off’, but since many list builders say it works, then you may want to use it too inspite of your feelings about it.

Thing is, I’ve never seen this one being used by other anti-virus makers, e.g., AVG, Trend Micro, Avast, BitDefender, Kaspersky, etc. I wonder if there’s some kind of forum that these anti-virus software makers meet. Say, they meet and Zone Alarm says “Man, it works. We scared 30,000 free version user into becoming paying subscribers in just 3 days!”. In this scenario, it wouldn’t be long before the other reputable anti-virus software makers follow suit and use scarewares to make better business returns too.

Oh, ok, so it was just a scare tactic. No need to continue acting panicky. But, this does not mean that the Zeus.Zbot.aoaq trojan is non-existent, inspite of the deafening silence that all other anti-virus makers are ‘mumming’ about the issue. Ok, not all of them. Somebody actually said that ESET has issued a remark about it.

A few folks said they’ll uninstall ZoneAlarm as they have lost faith and trust in them. Well, I too might do that too, but that is only if I can find a suitable replacement to it. I like ZA’s feature of allowing us to take control as to which application we allow to get access online. If I find another anti-virus software which gives me this control, I’m sure to give it a try.

Wait, AVG is done with the full scan. It says it didn’t find any threat. How about MalwareBytes? Nothing either. Whew! If I gave Zone Alarm a 9 (10 being perfect) rating before, it now slips to 5. How about you?

So, What’s the Best Free Firewall?

Free Antivirus Download For Windows XP List

Internet Virus Protection

I’ve compiled hereunder a list of resources where you can get free antivirus download for Windows XP. Despite Microsoft’s idea of cutting off any more

support for Windows XP, a lot of people were not swayed into upgrading to later Windows operating systems. I know, our office computers still use xp. Except the obvious graphical changes of the latest incarnations, I myself don’t necessarily see any very relevant reason to upgrade either. But that’s because I’m not that into keeping up with the Joneses, or should I say the Gates. Besides, for the average user, XP still conveniently serves my purposes. The only reason that my other computer, the laptop which I purchased a few months earlier, now runs under Windows 7 is because it came bundled with the laptop purchase.

Free Antivirus Download For Windows XP

Microsoft Security Essentials

Microsof Security Essentials provides real-time protection for your home PC against viruses, spyware, and malware (or malicious software). Runs in the background quietly giving you freedom to use your computer knowing that someone is watching your back at all times.

You can get a free download from Microsoft with a user-friendly easy installation. Kept up to date. “It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Download here.

Avira AntiVir Personal – Free Antivirus

Avira provides protection against viruses, worms and Trojans; AntiRootkit protection against hidden rootkits; Faster Scanning up to 20% faster; AntiPhishing protection against phishing; AntiSpyware protection against spyware and adware NetbookSupport for laptops with low resolution; QuickRemoval eliminates viruses at the push of a button.

Download here.

AVG Anti-Virus Free Edition

This (AVG) is what I used in my laptop after its bundled trial version of Micro Trend Internet Security expired. So far, everything’s cool. Of course, I’ll be upgrading to a licensed version Anti virus application pretty soon. AVG Anti-Virus Free Edition has email scanner, virus vault, on-demand scanner, resident protection, the works. It features real-time protection and other basic scanning functions using the scanning engine of its commercial version.

Download here.

Avast Free Anti Virus

This one (Avast) I used on my desktop at home. Avast offers it Home Edition free of charge for personal/non-commercial use. The minimum protection a PC needs is antivirus with anti-spyware and Avast provides such, free. ‘Small footprint’ is a term I often encounter when it comes to Avast reviews. It doesn’t hug resources while it works in the background.

Download here.

BitDefender Free Edition

BitDefender is recognized by a lot of experts to be one of the best, if not the best, Internet Security and Anti Virus application presently. This is why, this is going to be my very first licensed internet and virus protection application I’ll buy. All I’m waiting for before I hit the buy button is a fix to a minor glitch where it interferes with a browser plugin (and makes it not work anymore). The free edition offers on-demand Virus scan, online update, scheduler, quarantine and reporting. It scans selected files, folders, drives, archives, mail database and boot sector.

Download here.

Trend Micro (30-day Trial)

This is the virus protection app bundled with my Asus laptop when I bought it. I haven’t really explored it when it was still in my laptop’s system but I know it works because it did protect me throughout the trial period. It has real time protection. I remember being surprised every now and then by a pop up that tells me about possible dangers both within my files or while I surf the net.

Download here.

Kaspersky (30-day Trial)

My sister uses a licensed version of Kaspersky and she vouches for it like her life depended on it. The trial version is a full working version of the real thing. According to some experts, Kaspersky comes as a close second to BitDefender among the best internet security and anti virus applications today.

Download here.

Other Free Antivirus Download For Windows XP

There are a lot more of these free antivirus download for windows xp out there. But the choices above should be enough if what you’re looking for are free versions. Free versions, more often than not, are limited to a few relevant features of the licensed versions. Thus, sometimes, in order to acquire a sense of assurance, one may have to utilize more than one of these applications. I, for one, pairs AVG with Malwarebytes’ Anti-Malware application. Malwarebytes is of the ‘on-demand’ type of scanner. It doesn’t load up and run at startup. Whenever I feel like wanting that extra assurance, I run it. Of course, there are no substitutes to the licensed versions of whatever protection app you use.

As far as I know, these listed free antivirus download for windows xp also works for the later versions of windows. They should.


Remove Security Tool Virus

Security Tool Fakery

Tuesday morning, I was hurrying to search for some data at the office computer when I found that this Security Tool virus had claimed the computer and disabled a lot of functionalities including:

  • Task Manager – Security Tool kills it as soon as it starts.
  • MS Word – can’t start.
  • MS Wordpad and Notepad – can’t start.

And those were only the few ones I tried. Who knows what other applications have been rendered useless by this virus. The urgency of how to remove security tool virus flashed up and I immediately did a quick prayer and hoped that the security tool virus did not disable any internet browser. Thankfully, it didn’t. Firefox opened up. I saw why the sloths and sluts who created this virus did not disable any of the browsers. How else could they scam hapless victims into clicking their links that lead to their lame website and typing in their credit card numbers into their database?

Several pages suggested some procedures to remove this security tool virus. Some didn’t work, while some worked to a point only but not completely. First, I tried this set of procedures:

  1. Re-start to Safe Mode. To go to safe mode, Click this link.
  2. Run MalwareBytes Anti-Malware. After running MalwareBytes Anti malware, it reported 2 items that I promptly removed. The purpose of having to go to safe mode is because security tool disabled Malwarebytes too in normal windows mode.
  3. Restart to normal windows. Apparently, this simple solution is not enough because Security Tool was still there, yawning sarcastically at me as if it had just awakened from a nap.

Experts and those who have been through this ordeal tell us that the security tool virus lays an egg – an exe file with a random name usually made up of numbers. If you can find this and have it successfully removed, you have removed the security tool virus. (?)

Anyways, after going through the various suggested procedures, I did a few little tweaks and found myself free of the pest. Here is how I did mine:

  1. Find the spawn. One could either search for “*.exe” files created/modified very recently, or try going to the “C:\Documents and Settings\New\Local Settings\Application Data” folder. That’s where I found the exe file which in our case was ‘512298992.exe’. They say it doesn’t stick with the same file name. So, expect yours to be different.
  2. Rename the exe file and move it to another (adjacent) folder. I found that I could not just delete the exe file. However, it doesn’t complain when I renamed it (from ‘512298992.exe’ to ‘cowdung.rar’) and moved it away from its perch. Uh oh, now that I’ve said it, some of the sloths at the security tool dung factory might read this and update their manure accordingly. Anyway, from “C:\Documents and Settings\New\Local Settings\Application Data”, I dragged it to “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!”. No, I don’t have any grudge with Yahoo. That folder just happened to be the first folder I saw within easy dragging distance. The thing by the way doesn’t allow you to drag it to another drive, e.g. from C to D.
  3. I rebooted the machine. Surprise, Security Tool no longer showed its ugly head. It’s gone! I peeked back at the “C:\Documents and Settings\New\Local Settings\Application Data\Yahoo!” folder where I last put it. It was no longer there.
  4. Run MalwareBytes. Knowing that these things don’t just give up that easily, I ran Malwarebytes, which now got freed from its bonds and now went searching for the culprit that bound and gagged it earlier. Whatever it found I deleted instantly without second thought.
  5. I then searched for the 512298992.exe file. I found “512298992.exe –” in the C:\Windows\Prefetch folder. Again, I hit the delete button without even caring to find out what ‘prefetch’ means.
  6. Empty Recycle Bin.
  7. Some experts suggested about possible Registry entries that required looking into. So far, I found none in the identified locations. Some suggested locations are “HKEY_CURRENT_USER\Software\Security Tool” and “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”.

I still am not sure if I have totally rooted out and removed the security tool virus from the office computer. It’s been almost a week and no one among our users ever reported anything out of the ordinary so far. I think, it would be favorable for my peace of mind to assume for now that it’s indeed gone.


  • One website reported that they just used the System Restore and everything went back to normal. Maybe I should have tried that first. 🙂
  • Since it allows Internet Explorer and Firefox to run, I may have tried renaming temporarily the Malwarebytes scanner from “mbam.exe” to “firefox.exe” and run it.

Anyone had an encounter with security tool virus and removed it successfully? Maybe you could share your experiences below.

Prevalence Reporter Is Trying To Access The Internet

A pop up box just above the tray corner of my screen says ‘Prevalence Reporter Is Trying To Access The Internet‘. This is the action of Zone Alarm (free version) giving me personal control of what application I allow to connect to the internet. The pop-up box, especially when a lot of them successively vies for my attention, gets to be annoying sometimes. But, of course, the knowledge that I’m in full control of which of them I allow to work on is comforting.

What is Prevalence Reporter?

The presence of Prevalence Reporter means your anti-virus application is AVG. This is evidenced by its actual name, ‘avgcmgr.exe’, which you’ll find as part of Prevalence Reporter’s description displayed in the same pop up box. What does it do? Prevalence Reporter gives you an idea of how safe or dangerous a site is before you visit it. You will find that your google search results are peppered with a ‘check mark inside a green star’ graphic on the rightmost side of an entry. If the graphic displays a gray one (not green), this means that the site is either dangerous or to be treated with caution. You can hover your mouse over these green or gray graphics to display a box of information like ‘This page contains no active threat’ or ‘It is safe to proceed to this page’, etc.

So far, everytime this pop up box pops up, I always allow it through and nothing bad or, say, a slowing down, has happened. Some people say that they have tried not allowing it to connect to the internet, and nothing bad happened either. AVG still works as it should, even without it. However, those green and gray graphics won’t be there in your search results.

Prevalence Reporter un-related Video

Unable To Start the File System Shield. Shield Unreachable

My home computer uses Avast as its anti-virus software. Just today its icon on the tray sported a red X on its right bottom side indicating that it is not running. When I tried to run it, it showed the following message:

Unable to start the file system shield. Shield unreachable

Clicking on Start Scan kicks up another message:

Unable to start scan. There are no endpoints available from the endpoint mapper.”

Is this another trojan attack outcome? (Or, should I ask instead, am I getting paranoid?) My google search returned some results but I was never really given any answer as to how this happened – whether it’s caused by some freaking trojan or probably an unintended mistake my son committed in one of his computer adventures. Some of my research sources gave suggestions on how to correct the problem like the following:

  • Go to Control Panel and click on the Avast Entry in the Add/Remove Programs Window. Click ‘Change/Remove’ then choose ‘Repair’. Then reboot afterwards.

    While this may have worked for some, it didn’t in mine.

  • There’s also this solution in an avast forum that requires the use of some Norton tool. The procedure is rather complicated and the succeeding conversation between the problem solver and the user with the problem gets even more geeky and complex it gave me a headache. I am either not that tech savvy or just too lazy to do long procedures. Needless to say, I didn’t even try it.
  • The Avast Help Center. I clicked on its link on the upper right corner of the avast interface and a help app window appeared. Searching for the term “Shield Unreachable” returned a blaring ‘No topics found’ answer. I wasn’t surprised at all, because I knew how un-helpful most, if not all, Help apps actually are, especially (cough) Microsoft’s.

I however found an answer quite by accident. When I explored the Avast Interface (about 2.5 seconds before I would have thrown in the towel to give up), there was this sub menu under ‘Scan Computer’ that consists of ‘Scan Now’, ‘Boot-Time Scan’ and ‘Scan Logs’. The ‘Boot-Time Scan’ feature actually solved the “Unable to start the file system shield. Shield unreachable” problem. I believe this is not the perfect solution for this. There ought to be a better one out there and I might just have the motivation to find it should this problem arise again. But for now, this will have to do. After all, it worked.

The procedure is shown in the image below. My main purpose for doing this post is actually to serve as a reference for myself so that I wouldn’t have to search far should the problem present itself again in the future. I have posted a few articles of this sort here for the same purpose. If this helps others, good.

Possible Facebook Trojan Effect: Probable Free Trojan Removal Solution?

I just came from Mathdelane’s SoftwareCriticsInfo site where he was discussing about a Virus Alert: Facebook Password Reset Confirmation which one can contract from an email that tries to pass itself as coming from Facebook Support. Unfortunately, Mathdelane only promised to show how he removed the trojan infection on his next post. And I can’t wait because I believed my laptop and my computer at home has been compromised.

So, like always, I went to Big Bro Google for some possible answers. Firstly, I am not sure if whatever is lurking around my computers is the trojan from facebook. What I remember is that I recently received an email from facebook support. I opened the email but never clicked on the attachment. But soon after, I began to see a blazing red popup that says AVG has blocked an unsafe site. This happens once everytime I open firefox after booting up. Thing is, it pops up even on sites I’m sure I can trust. What is more alarming however is that on both computers, I no longer see the svchost.exe entries in the task manager. The task manager says there are 35 processes running but the processes tab displays only 17! Also, my home computer seems to run at an average of 89% cpu usage. Are these some of the yet undiscovered effects of the new facebook trojan? Again, I’m no expert on this matter. Probably, my computers are indeed infected with the facebook trojan, or probably also infected with some other freaking trojan, etc. What matters is that these trojans must be removed at once. How did these pests pass through AVG or Avast anyway?

How to Get Rid of Trojan Virus

My search from google only showed a lot of posts describing the latest facebook fake email and its possible effects and no solutions (or perhaps I did not search long enough). So I have to generalize my search in the trojan removal terms e.g. ‘how to get rid of trojan virus’, ‘free trojan removal’, ‘trojan horse remover’, etc. I stumbled on an old youtube video that doesn’t even mention facebook. It just described and pointed to me a (trial) trojan remover software called ‘Trojan Remover‘ from Simply Super Soft.

Long story short, I downloaded and run it. Lo and behold, on checking afterwards, the task manager at my home computer repopulated the process list with all the usual svchost exes and all other previously hidden processes. It also lowered down its cpu usage to believable levels. It however did not find anything wrong with my laptop. The svchost exes are still not visible in the laptop’s task manager.

I still am waiting for Math’s update on the facebook trojan removal technique he employed. The move I did above were born out of my haste to take counter-action on a menace that is threatening to wreck havoc on my computers. I didn’t even do any further research. I just pounced on the first possible solution I met (and hoping I won’t be regretting this later). And like I said, the facebook trojan may or may not have something to do with it. I’d still be closely monitoring things again to check for any other signs of infection.

How to Remove Trojan Virus

The link he meant is: Trojan Remover

Update: There’s also this a-squared free software that I tried at the office computer which was also supposed to be protected by AVG. It found 9 ‘high risk’ files that got through AVG’s fingers(!) like Trojan-Clicker.HTML.IFrame!IK and the Virus.Win32.De4lf.FTK!IK.