AVG TOP 5 weekly issues - June 1, 2012

by JiriF_AVG AVG staff - 6/1/12 11:21 AM

** Exploit JavaScript obfuscation type 1494 **

In the past few days, we received several reports of a trusted web page detected by AVG LinkScanner. Users and web administrators reported the detection appears to be incorrect, as other security application is not detecting a problem and the web page themselves appear to be clean. Deep analysis revealed there is indeed a malicious script present on these web sites, but it is served once per IP. That generally means the malicious content is delivered only once for each visitor and the page is again clean for the consequent visits. Such tactics is in fact quite usual for web threads. The malware creators make the analysis difficult this way while the malicious payload is delivered for each unprotected system visiting the website.
If you notice an infection is detected while browsing your website, heads up! Your server is likely infected and is serving the infection to your visitors. We recommend deep checking of your source codes as well as thorough scanning the whole server. Basic recommendations on how to remove an infection from your web pages can be found in this FAQ article.
After the infection is removed, we strongly recommend performing a security audit of all the servers to patch all security holes.


** AVG LiveKive login on mobile devices fixed! **

A few AVG users noticed it is not possible to log in using the AVG LiveKive for mobile devices (both the supported iOS and Android platforms). We are happy to inform you the issue has been fixed on the server side; there is no need to update your client software. The login procedure is working correctly now.
Should you experience any difficulties while using AVG LiveKive on your mobile device, please do not hesitate contacting our friendly customer care experts or describe the issue in AVG Forums.


** AVG requesting system restart repeatedly **

AVG Forums users reported AVG requesting restart repeatedly after completing the AVG update process. This issue is likely caused by certain update files could not been renamed for some reason.
Please proceed as follows to rectify the situation:
1. Navigate to the following folder (some files and folders are hidden by default operating system configuration):
C:\ProgramData\avg2012\cfg\
...or (if using Windows XP):
C:\Documents and Settings\All Users\Application Data\avg2012\cfg\
2. Verify that the updatecomps.cfg.prepare file is present in this folder.
3. Delete the updatecomps.cfg file.
4. Rename the updatecomps.cfg.prepare to updatecomps.cfg.
If the issue is not rectified or if the updatecomps.cfg.prepare file is not present, please run AVG repair installation using the most recent installation package. More information on repairing the AVG installation using a newly downloaded installation package can be found in one of the following FAQ articles, procedure variant 2:
AVG Free Edition
AVG paid for versions
Please contact AVG customer care experts should you need further assistance.


** Strange rootkit detected? **

Recently, a few AVG users reported unknown rootkit infection detected. Although rootkit techniques could be used by legitimate applications for various purposes (e.g. copy protection), we recommend thorough checking the system if unsure, whether there could be a malicious rootkit present. More information about rootkits and how to remove them can be found in the following FAQ articles:
What is rootkit?
How to deal with rootkits?
If you believe a rootkit is detected while in fact there is no rootkit technique employed, please provide us with more details as described in this AVG Forums post (the Anti-Rootkit False Positives part). Please contact AVG customer care experts or describe the situation in AVG Forums directly.


** Disabling AVG Secure Search after removing the AVG Security Toolbar **

A few AVG users mentioned that the AVG Secure Search configuration remains present after removing the AVG Security Toolbar (more information on removing the AVG Security Toolbar can be found in this FAQ article). Please refer to this AVG Forums thread, if you wish to change the default search provider in your browser(s).
Alternatively, you could find detailed instructions in one of the following FAQ articles:
AVG Free Edition
AVG paid for versions


Find more interesting articles at AVG Blogs.
Subscribe to this RSS feed if you want to be notified about new Weekly Overviews.