Repeatedly sandboxing AVG files that don't exist ???

My Defense+ settings find a file called avgdiagex.exe which it says is part of AVG9 (avgtray.exe) and I SANDBOX it. But the file does not show up on a search of my HD. I then put the file in my BLOCKED files but next boot its gone and now says its in SANDBOX (but it doesn’t show up). What’s going on with this file ?

Hello,

When you chose to run the file avgtray.exe in Sandbox, you will find them in c:\sandbox<application name>. This application seems to be part of the AVG, therefore it muss be runed not in Sandbox (in Sandbox, this application run with restricted rigths).

Ovidiu

You may have uninstalled AVG, but left an active autorun link. This may be in Control Panel ~ Scheduled tasks.

If not look for it using Microsoft Autoruns after making a restore point. When you find the entry disable it.

Best wishes

Mouse

[quote author=mouse1 link=topic=58206.msg408032#msg408032 date=1277107146]
You may have uninstalled AVG, but left an active autorun link. This may be in Control Panel ~ Scheduled tasks.
If not look for it using Microsoft Autoruns after making a restore point. When you find the entry disable it.

I still have AVG9 installed. The file (avgdiagex.exe) does not exist on my HD, does not show up in Autoruns BUT shows up with a COMODO pop-up when I boot. Asks if I want to keep it in SANDBOX if I say no it goes to My Safe Files (see screen shot).

[attachment deleted by admin]

Please clarify what you mean but the bit in bold. Did you get an alert, if so what alert? Next time it occurs please hover the mouse over the alert (hovering over ‘comodo’ will do) and note the exact path.

But the file does not show up on a search of my HD.
Did you search using windows explorer search and did you explicitly include hidden files? If not please do this and report back, giving the exact path if you find it.
I then put the file in my BLOCKED files but next boot its gone and now says its in SANDBOX (but it doesn't show up). What's going on with this file ?
Please reboot then post a screenshot of your defense plus event logs to help work this out.

Many thanks

Mouse

Hi There,
I do not want to hack your threat, but I think I have a similair problem (if not, I will create a new problem).
I also checked my HD and the file Avgdiagex.exe is not present.

Comodo comes up with the popup where it says that Avgdiagexe.exe runs in the Sandbox (and you can choose if you want to have it outside the sandbox)

When I press the link on Avgdiagex.exe (in the sandbox pop up) I get the following message:

Windows cannot find’C:\Program Files\AVG\AVG9\avgdiagex.exe’. Make sure you typed the name correctly, and then try again
Apparently there is somewhere a command which wants to run avgdiagex.exe and Comodo reacts to this.

Big problem still remains: how to get rid of this?

Have you checked Windows Scheduler? It may be listed there. Simply remove it.
Also, use AutoRuns to check your system.

[attachment deleted by admin]

Is it now in ‘My Safe Files’?

If this recurs on reboot then the next step as John notes is to search task scheduler/scheduled tasks then autoruns for it.

Also hover over the alert and note the exact path it reports. Just to check it is the same as in the log.

[Edit: this is a checker program for AVG, so is quite likely to be found in scheduled tasks. If so just disable it.]

Best wishes

Mouse

Thanks

Is there any AVG related file in autoruns (one file can call another) or scheduled tasks? You can check in autoruns via the vendor field, and by a search on the AVG string.

You answered a question about My Safe Files with reference to other lists. Please could you check My Safe files? Thanks. Also is there any reference in the Computer Security Policy or ‘My Blocked Files’

Please also try purging ‘Pending Files’, ‘My Safe Files’, and ‘My Blocked Files’

Best wishes

Mouse

I checked if the file was scheduled anywhere, but it is not.

I uninstalled AVG and reinstalled again (hoping the file avgdiagexe.exe would be installed) however it is not.

This file is also not visible in “blocked”, “pending” or"safe files".

Basically the file does not exist on the system, both AVG and Comodo seems to work fine, the sandbox “pop up” comes up each time I the system. No matter which option I choose (in or out sandbox) it will pop up each time you start up the system.

Path is: C:\Program Files\AVG\AVG9\avgdiagex.exe

check here for the file

%ProgramFiles%\AVG\AVG8
%ProgramFiles%\Security\AVG8
%CustomPath%
%ProgramFiles%\bugbusters
%ProgramFiles%\Bugbusters\AVG Antivirus 8
%ProgramFiles%\Grisoft\AVG8
%SystemDrive%\Sicherheit\AVG8
%Program Files%\avg\avg8
%ProgramFiles%\AVG8\

also make sure it is not listed under msconfig → services.

also try the avg remover http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

BEFORE YOU TRY THE REMOVER, would you be kind enough to disable all the autoruns and see if that solves the problem?

Would really like to know what mechanism is responsible for this issue, so we can fix the bug (if such it is)

Purging just deletes entries that are no longer on the disk - using the purge button. Try purging separately from autoruns if you would.

Best wishes

Mouse

I uninstalled AVG. No more avgdiagex.exe warning in Comodo.
Reinstalled AVG. Warning is back again.
AVG did not install the avgdiagex.exe file.

I also removed avgtray.exe from starting up and restarted. No more warning (and AVG did not start. So avgtray.exe must be the start exe for AVG).
When I manually started avgtray.exe, the warning pops up again (and avg starts).

So it must be AVG related (no virus or something like that) and AVG is calling an exe which does not exist (strange). How does Comodo picks up this message?

Ps: I also posted the question at AVG, but no answer yet.

Thanks for checking all this really helpful. Think we may be finally bottoming these phantom alerts.

The answer is that CIS intercepts requests for loading of .exe’s before the enter memory, to prevent damage before it can intervene.

I’d be interested to know if there is a .pf (pre-fetch) file with the same name on your disk ie avgdiagex.exe. Again need to include hidden and system folders in a Windows Search. Or any other file starting avgdiagex (maybe a cache file).

If you have time :slight_smile:

Best wishes

Mouse

I checked but there is no file containing avgdiag*.* on my system (also no hidden or system file)

Avg informed me that the file avgdiagex.exe is a file for the tech team to check the system of the user. It is not a file which should be on the system. I asked if they could send me the file or have an option to prevent avgdiagex.exe to be “called”. I still have my question open at AVG also.

Message for MOUSE …
Attached are three images (1) screenshot of actual pop-up and error message (2) screenshot of Defense+ history showing when the problem began and (3) screenshot of prefetch showing no file … hope all this helps.

[attachment deleted by admin]