FAQ

AVG Free Edition gives the following message: Warning: hidden extension .VBS

Some viruses hide themselves by doubling their file extension. For example, the VBS/Iloveyou virus attaches a file, ILOVEYOU.TXT.VBS, to e-mails. The default Windows setting is to hide known extensions, so the file looks like ILOVEYOU.TXT. When you open it you do not open a .TXT text file but instead execute a .VBS script file.

Because of the increased use of this technique we have added detection of the double file extension into AVG Free Edition. Of course there are cases of valid, harmless double extensions, e.g. uninstall.rar.bat, which is part of some installations of the RAR compression utility.

Some files cannot be opened for checking because they are being permanently used by the Windows operating system or some running application. It's not possible to infect them by a virus as well as to check them.

Files placed in the _RESTORE folder are source files for the system restore function that is available in Windows Millenium operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:

• Close all open programs. Then right-click My Computer on the Windows desktop
• Click on Properties
• Click on the Performance tab
• Click on File System
• Click on the Troubleshooting tab
• Check Disable System Restore
• Click on OK.

Files placed in the System volume information folder are source files for the system restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:

• Close all open programs. Then right-click My Computer on the Windows desktop
• Click on Properties
• Click on the System Restore tab
• Check Turn off System Restore on all drives
• Restart the system
• Go through the first four steps again and uncheck the item mentioned in step 4.

If a virus is found during an AVG Free Edition test and the status is Infected, Embedded it means that the virus file is part of an archive file (ZIP, RAR, CAB...) or part of a self-extractor archive (EXE). AVG Free Edition detects this file of course but is not able to remove this file automatically from an archive file and compress it again without this infected file or move it to the Virus Vault automatically because of data security.

We have chosen the user interaction method in this case of virus removal.

Please follow these steps to remove this kind of virus files:

1. Move it to the Virus Vault – if the size of the archive is less than 5 MB.Choose Test Results (run AVG Free Edition-> choose Results menu->click on the Test Results item) in the Test Result mark the line with the infection (click on the line with the red exclamation mark icon)->choose the Move to Vault button.

2. Delete the archive – if the size of the archive is more than 5 MB it’s not possible to move it to the Virus Vault.

!Please make sure if this archive doesn’t contain your important data!

Choose Test Results (run AVG Free Edition->choose Results menu->click on the Test Results item) in the Test Result mark the line with the infection (click on the line with the grey exclamation mark icon)->choose the Go to file button, you will be transferred to the archive file automatically (not in the Windows 95 operating system, you have to mark the archive file manually) and you can delete it by right-clicking on its name and left-clicking the Delete option from the menu.

Please note:

If you cannot see the line with the Infected, Embedded status, you have possibly deactivated the Hide viruses inside archives function in the context menu.

You can activate it this way:

• Open details of the positive test (run the AVG Free Edition->choose Results menu->click on the Test Results item->double-click on the test result with the detected virus, you can see a red icon there)
• Right-click on any object here (line with the detected virus)
• Choose Filter list by result type option
• Un-tick the Hide viruses inside archives option
• If you have deleted the archive file you also have to empty the Recycle Bin where the deleted archive file has been removed to.
• Double-click on the Recycle Bin icon on the desktop of your computer
• Choose File menu and the Empty Recycle Bin option

During last years, there have been many computer viruses, especially "worm" type of viruses, which are distributed mainly via e-mail. This has caused a panic for users, which is parasiting a special group of messages called HOAX, which are NOT based on truth.

These false-alarm messages are usually composed using the same scheme: Warning of some extremely dangerous, dramatically spreading virus and following a demand on some user action. In best case, they are asking the user to send this message to everyone in user's contact list (action is known from "chain" games), which causes the e-mail to collapse because of overload. In worse case, these messages ask to delete the suspicious virus, altough the file is actually a CORRECT system file. Deleting such files may lead to serious problems (some programs will not work, or the whole system may crash).

The the most known HOAX messages is:

Please check and verify if you have this virus. It was sent to me
(accidentally) and it is said that it is passed on to everyone on
my address list. It is very probable that you have it.
If you do have it, contact all the people in YOUR ADDRESS BOOK
because the
program AUTOMATICALLY sends everyone in your address book a message
with the virus.
The virus' name is jdbgmgr.exe and it is not detected with
McAfee nor Norton. It remains in your computer's system for 14 days
before it erases all you files.
To delete and eliminate it completely, please do the
following immediately:
1. Go to START -- FIND --FILES OR FOLDERS
2. Under NAMED, type jdbgmgr.exe and click FIND NOW.
Make sure you are looking under Drive (C)
******DO NOT CLICK ON IT IF IT APPEARS********
3. If the virus appears *(the icon next to it will be a
small teddy bear), the name will be jdbgmgr.exe
4. *****DO NOT OPEN IT************ Just right click on it
and DELETE it. it will be sent to the Recycle Bin.
5. After you see it disappear, go to the RECYCLE BIN and
DELETE it from there as well. If at all possible, EMPTY the Recycle
Bin under FILE.
If you find this virus in your system, please send this
message to everyone in your address list asap.

The best protection from the user's side is the users choice. If the message has such content, the user should check the anti-virus pages on the internet, such as: www.icsa.net, www.avg.com or http://en.wikipedia.org/wiki/Hoax. Or any pages that are dedicated to a Virus problems. The user can also send a query to the technical support of the anti-virus companies, where the user can consult with tech support personnel about the users problem.

If the user unknowingly distribute such as messages, it is exactly the effect the author of the HOAX wanted to have. Note that Alerts from the Anti- virus companies are more professionally composed , and are not usually sent from unknown addesses and without any demand for it!

The strange manners of the Internet Explorer on your PC (automatic pop up of the web pages with a suspicious commercial content) or automatic redirection of your home page to the another one (as described – erotics, warez, etc.) may not be caused by the presence of the virus but the other malware also known as ADWARE or SPYWARE.

These programs are being installed during the time you browse some Internet pages of the commercial content (mainly erotics, warez, music downloads). These programs are not viruses and thats why they even can't be detected as viruses (by antivirus program). If you are using the latest version of AVG Free Edition, it´s possible that the AVG Free Edition will detect some of these unwanted programs.

We recommend you to use the AVG Anti-Spyware 7.5 Free Edition. It is designed for searching and removing malware like this. You can download it here.

A Trojan Horse is a malicious application, which can not spread itself. Original Trojan Horses were programs which acted as a useful utility. Although, in fact, their start used to cause damage to disc content (or part of it).

At the present time the most spreading Trojan Horses are BackDoor Trojans. They enable remote access to infected computers and PSW (Password Stealers) - they are trying to gather as much private information from the infected computer as possible and to send the info through the Internet.

To remove the Trojan Horse, it is enough to delete the detected file.

Adware is not detected by AVG Free Edition as you know, because when you install different software, (for example DIVX5), you have to agree that this will install these types of applications and that you agree with what it does on your PC.

These programs are not viruses and thats why they even can't be detected as viruses (by antivirus program).

We recommend you to use the AVG Anti-Spyware 7.5 Free Edition. It is designed for searching and removing malware like this. You can download it here.

VCLEANER.EXE can be used for removing these viruses and variants:

I-Worm/Stration, Worm/Generic.FX, Agent.A-AN, BackDoor.Agent.A-Z, AA-BG, Downloader.Agent.AS, I-Worm/Atak.A-I, Bagle.DA-IU, I-Worm/Bagle.A-Z, AA-JD, I-Worm/Bugbear.D, I-Worm/Mytob.A-GC, I-Worm/Netsky.A-Z, AA-AD, I-Worm/Sasser.A-F, I-Worm/Zafi.A-E, PSW.Bispy.A-E, Win32/Gaelicum, Win32/Hidrag

Download the vcleaner.exe from the page with specialized utilities for virus removal and run it on the infected computer.

Note: Some viruses can stop the action during the removing process. In this case rename the vcleaner.exe to some different exe file (e.g. something.exe). Restart your computer in Safe mode (recommended) and run the remover on the infected computer.

Please try to update your AVG Free Edition and run the AVG Free Edition Complete Test again. When the file is not detected and you are still in doubt, put the file into password protected archive (WinZip, WinRar, PowerArchiver etc.), attach this archive to the email to virus@avg.com. Describe why you send the file and write password for the archive into email. And send the email.

Most of today's viruses (Trojan horses, I-Worms, Worms, Backdoors, etc) create infected files. In such cases the only way to remove the infection is to delete the infected file. When you moved the file to the AVG Virus Vault it was deleted from its original location, coded, and then saved in a non-executable file in a hidden folder. Your PC is no longer infected.

If you are not missing any data file and your applications are running, then you can delete these vaulted files from the AVG Virus Vault. You can do it selectively: from AVG Virus Vault program-> select files -> right click on the selection -> Delete file(s).

Or you can delete all AVG Virus Vault contents in one go: Open the AVG Control Center program -> right click on AVG Virus Vault component -> choose"Empty vault".

Note that files removed from your e-mails are also moved to AVG Virus Vault. If you do not have a content filter set, then these files are infected and can be removed, as shown above. If you have set a content filter, then you should decide what to do with the vaulted files.

If you want, you can set automatic actions in the AVG Virus Vault. Please open the AVG Virus Vault -> Servicemenu -> Program settings. Here you can set any required automatic actions.