FAQ

More information about this virus can be found in our Virus Encyclopedia.

Please use the Lop.AH virus removal tool for the removing of this trojan horse. This removal tool can be downloaded here.

If any problem persists, please contact our technical support.

When AVG 7.5 is installed with Anti-Spyware component on these operating systems: Windows XP SP2, Windows 2000 SP4+SRP1, Windows 2003 Server SP1 and 64-bit operating systems, it is possible that some viruses aren't detected by AVG Resident Shield on shared novell disks.

The solution is to install the latest version of Novell client and download the latest available patches from www.windowsupdate.com. (For example on WXP SP2 must be installed these versions of drivers: nwfs.sys 4.91.1.1, fltmgr.sys 5.1.2600.2978)

Windows Safe Mode is a way to boot up the Windows operating system in order to let you troubleshoot or run administrative and diagnostic tasks. When it is booted into Safe Mode the operating system only loads the minimum software that is required for the operating system to work. Only basic video drivers are loaded so your programs may look different than normal.

Operation:

• Restart your computer.
• Immediately after "Starting Windows..." information is displayed, press the F8 key on your keyboard.
• Select the Safe Mode option from the menu using the arrow keys.
• Then press Enter on your keyboard to boot into Safe Mode.
  

At this moment we know 3 programs which are using this rootkit technology provided by Sony DRM. All these trojan horses are detected by AVG as well as the Sony rootkit driver. However, if a trojan using any rootkit technology is successfully installed on a target computer, unfortunately antivirus programs (including AVG) are unable to find it because the API calls are filtered.

In a case where you have a root-kitted computer you can do following:

• reboot the computer into Safe mode (using the F8 key while restarting) and run the AVG Complete Test (sometimes it's enough)
• put the hard disk into another computer and scan it this way (this is probably the best method)
• run a dedicated anti-rootkit tool; we recommend using AVG Anti-Rootkit application available for free download here

With the release of AVG Anti-Virus 7.5, detection of Adware/Spyware (or Potentially Unwanted Programs) has been added to AVG.
"Potentially Unwanted Program" files are not be detected as a virus, even though they sometimes act very similarly. The reason is that the Potentially Unwanted Programs are usually installed legitimately as a part of another program (often designated as an "AD-Supported program" – in which the End User License Agreement typically prompts the user to accept that, in addition to the desired program, an additional program (Potentially Unwanted Program) will also be installed).
AVG 7.5 is able to detect some Potentially Unwanted Programs and remove the detected files. It is necessary to mention that AVG is NOT primarily designed to remove these unwanted programs, and all of their related components. For these Potentially Unwanted Programs, AVG is intended mainly as a source of valuable information that there is a potential threat on your PC which probably needs to be removed. Removal of the "Potentially Unwanted Program" can be done with the AVG Anti-Spyware 7.5. It is designed for searching and removing malware like this. You can download it here: http://www.avg.com/download-7.

NOTE: Removal of the Potentially Unwanted Programs can result in damage to the AD-Supported program which was installed with them.

If AVG has detected a "Potentially Unwanted Program" on your computer that is not detected by your anti-spyware program, please send us the Test result* as an email attachment. We will provide support on the appropriate actions to be taken to remove the suspicious file.

* Submitting a Test result to AVG Technologies (support@avg.com):

1. Start AVG 7.5 and select "Start complete test" from the Tests menu.
   The F4 key can also be used to start the test. 
2.  Once the test is finished, close the window and click on the Test Results button. 
3.  Scroll down do the bottom of the Test Results and double click on the latest Complete scan. 
4.  Expand the Program menu and select the "Export list to file" option. 
5.  Select the destination folder to save the results. 
6.  Send the saved *.cvs file as an attachment to your email.
   

• Please check the Virus Encyclopedia web page and search for the exact name of virus mentioned in the test result.
• If you are not successful, please contact the technical support at support@avg.com and also send us an export of the latest test result:
  

Please run AVG program (basic or advanced interface) and choose Test Results from Results menu (you can also use F6 key to get the same). Now you can see the list of finished tests, double click the latest one (by date) and you will get the full list of detected viruses (if there were any), including the path, the name and status of infected object. When it is opened, go back to main AVG program screen -> Program menu -> Export... item (or you can user Ctrl+S shortcut to get Save as... option). Please send us this file for further analysis.

Please try to update your AVG Anti-Virus system and run the AVG Complete Test again. If the file is not detected and you are still in doubt, please put the file into password protected archive (using WinZip, WinRar, PowerArchiver etc.), and send this archive to our e-mail address virus@avg.com. In the body of the message, please describe why are you sending the file and include the password for the archive.