AVG is reporting a False Positive

[Sanitylost]

AVG is detecting C:\Program Files\Tall Emu\Online Armor\oaui.exe

as

Trojan Horse SHeur.BEKO

I re-installed OA (the latest version) after the detection and it is still reporting the false positive.

This occurred after the latest update to AVG 7.5 Pro.

I have the paid version so I get the updates a little faster than the free edition, but you can be sure the false positives will appear once the free version of AVG is updated.

Just thought I would let you know.

BTW I have also reported this to AVG Technical support.
Also if you heal or delete the file, users will have problems as this is an important file for OA. AVG users can exclude the folder "Online Armor" in the "Tall Emu" Program File folder from the "Resident Shield" scanner in AVG. Once this is done all will work fine, although this does leave the above mentioned folder vulnerable.

[alex_s]

Quote:

Originally Posted by Sanitylost

AVG users can exclude the folder "Online Armor" in the "Tall Emu" Program File folder from the "Resident Shield" scanner in AVG. Once this is done all will work fine, although this does leave the above mentioned folder vulnerable.

I think OA selfdefence system is good enough not to warry about additional protection. Even if you shutdown OA and remove some componets, they appear again in magic way To say nothing when OA is running. OA HIPS engine shows excellent results in all the available public tests. So this is a question, which one will protect other one better, either AVG OA or OA AVG

[hikaa]

The same thing just happened to me. I also reinstalled OA Free.

However I can't exclude the OA folders/files. That option is greyed out.
I presume it's because I'm using AVG Free?

Anyway, because of this I've resorted to disabling the AVG Resident Shield, which leaves me feeling insecure

What oh what am I supposed to do now?

[gus]

Quote:

Originally Posted by hikaa

The same thing just happened to me. I also reinstalled OA Free.

However I can't exclude the OA folders/files. That option is greyed out.
I presume it's because I'm using AVG Free?

Anyway, because of this I've resorted to disabling the AVG Resident Shield, which leaves me feeling insecure

What oh what am I supposed to do now?

get avira free. www.free-av.com

[Mr T.]

Same here, although I told AVG to ignore it knocked out OLA completely on next boot up. Was unable to start OLA manually at all even with AVG turned off.

Uninstalled OLA completely in safe mode, cleaned registry, turned off AVG and re-installed OLA free, all goes well until the very last installation step of "Start OLA" then get cant do "Access denied" message.

Will play around and see what happens.

[DickJ]

I'm having the same problem as of tonight. Anyone got any ideas?

[Mr T.]

I followed the above advice, put OLA's complete file in AVG's resident shield exceptions, reinstalled OLA. first time up there was no firewall, reinstalled again and all is well.

[stapp]

Good news that it works doing that Mr T. This should help other until AVG fix the false positive.

[jeroen]

Same problem here and also fixed with the previous given fix. Need to re-install Online Armor though.
Got scared by this because there is nothing to find about "trojan horse SHeur.BEKO" and i thought it was a new virus or something.
I just installed something and after i rebooted i got this on both my computers :/

I hope AVG will come with a fix because some virusses can also pretend like if they are aoui.exe and will sit in the online armor folder.

Thx.

Ps, i always knew this firewall was a virus (lol joke)

[XIII]

Quote:

Originally Posted by Sanitylost

AVG users can exclude the folder "Online Armor" in the "Tall Emu" Program File folder from the "Resident Shield" scanner in AVG.

Thanks!

This is indeed a working workaround on my parents laptop:
- AVG: Professional Edition 7.5.519 with virusbase 269.22.13/13/1375 (release date: 12-4-2008 11:32)
- OA: Free 2.1.0.119

Strange enough the "Ignore" button of AVG does not have the desired effect: OA still won't run without the above workaround...