Last night I received an AVG Resident Shield warning that Astroplanner.exe contained a trojan (this has never happened before and there had been no updates as I was not connected to the internet). Astroplanner was not running. Selecting the heal option the message came back, Heal successful (or some such thing).

Then about half an hour ago I noticed my Astroplanner Icons had changed to the boring windows generic "I don't know what this is so I'll put this icon to it". When I clicked on the icon to open Astroplanner nothing happened. So I went and check the program folder and there was no Astroplanner.exe there :mad2: Damn. So I thought I'd reinstall it. Up pops the AVG Resident Shield warning that D:/windowsintall.exe has the Trojan horse Dropper.Agent.FCB. In fact the installer icon on the CD is the same boring windows standard one as well. When I click ignore I get "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item." Even if I turn AVG off I still can't access it.

Not only can I not install it again, I can't even find the program under control panel "Add Remove Programs" to completely remove it and start again.

Can anyone give me any ideas how to fix this problem

Thanks

Try , doing a restore till just before all this stuff happened, then run a virus check...Not too invasive...

S

Thanks Shawn, I'll give it a try.

I have had AVG do this to a couple of my apps as well, all of a sudden it decides there's a virus in an exe file. I know it wasn't an infection as AVG deleted the same file on 2 different machines, one of which the app hadn't been used on for over 2 years. I suspect it is a bug in the AVG software. I intend changing back to Nod32, despite the fact that I will have to pay for Nod.

Nope, no go Shawn. Thanks anyway :(

How can I get my application back again Phil? Any ideas?

Np....:)

The astroplanner.exe file should be quarantined, you should be able to get it back, the executable will be in the virus vault. Whether or not AVG will delete it again I'm not sure. In my case the app was an old version so I just upgraded to a later version. I just looked at my vault and the files it thought were infected were ACDsee32.exe and a heap of flash animations that I have had for years and that I know have no problems. All in all the damn thing took 11 executables, none of which were really infected.

Tried that and while it returned the exe file to the directory it still wouldn't work. I'll go and look for an updated version, though I've only just recently received the disk.

did a restore piont not work, ??

S

No it didn't Shawn. :(

Wow, Restore has allways been my first option and never failed, so I am at odds as to any other help I can give, Ill watch this post with interst as to your outcome...

Good Luck...

S

Phil, I have the same trojan in my PC from time to time. where it comes from, I have no idea! it has infected various files on the C drive including some file or other to do with restore. Today it was reported as being in the 'F' drive, my second HDD, also in a directory supposedly connected with restore. (Restore on a second drive????) F:\System Volume Information\_restore{.......} A large string of hex values were inside the parenthesis. Anyway, according to AVG, it has been there in times past and the infected file was healed. However on rebooting the PC the trojan was back!! So before running any program I hit the main power switch (no subtlety here) that got rid of it, and it remained gotten rid of for days/weeks before returning. The only effect I nave noticed is a slowing up of the PC, or last night and on one previous occasion, Windows simply would not shut down, neither by way of the start menu, nor the task manager. I don't like just pulling the plug on the PC, but so far that has been the only remedy I have.
I suspect that the trojan is actually coming in with the AVG updates; I do not use astroplanner. I'm no computer whizz kid, but I think Trojans live in memory but write themselves to disc on normal power down and wake up on a subsequent reboot. That is why I pull the plug on my PC; to deny the virus time to protect itself.
HTH,
Doug

Its most likely a false positive. The new pattern detection methods used in modern AV's often do that.

See thread on same issue reported on CN
http://www.cloudynights.com/ubbthreads/showflat.php/Cat/0/Number/1827086/page/0/view/collapsed/sb/5/o/all/fpart/1

Apparently a update from AVG should fix it.

Regards
Fahim

But will it give me back my Astroplanner Fahim?

An online update to have fixed it for others. Paul who is the author seems to have indicated that other AV software are also doing this with recent updates and he is contacting them for similar updates. I think the application has been blacklisted by AVG on your system and it will not let it run until its not on its list of threats. I am a user of AP but I dont use AVG so I cant offer first hand advise.

Regards
Fahim

Thanks Fahim, I'll see how it goes.

Fahim, my AVG is current and updated daily.

Paul, the attached file shows the prevalence of this nuisance. Re4member, it can attach to any program. Sorry, the print is small you'll need to magnify screen to 150%

The strange thing is Doug that this has picked up the problem on a CD with the program direct from the supplier, in an freshly unzipped copy of the program downloaded from the site in zip form as well as the existing program.

It is very frustrating.

Doug, you may have the real trojan not a false postiive and though you have removed it from the live system its still there in saved restore point. I would celar the restore point and renable it on your F drive. Right click on my computer icon and select properties from the drop down menu. Then goto the System restore tab. You should see a list of drives on your system and you can disable and enable system restore points. This is a very common step mentioned in most malware removal instructions I have stepped through. Often removing the virus is not sufficient you must clear old restore points incase the malware has created its own or infected existing ones.

Regards
Fahim

It certainly is a mystery Paul. Google only lists the Cloudy nights reference to this particular virus. Even the AVG library does not list it!! Nevertheless, after AVG cleans infected files, an abrupt power down seems to get rid of it. I think the memory write thing is why Windows NT and XP professional require the Ctl-Alt-Del key sequence on boot up to remove trojans. So far, AVG seems to be the only common factor. But it is strange you are finding it on a CD. I used to have a CD of Star trek games that Nortens said had an infected file, it never transported to the main PC though. Well good luck, I have nothing else to offer on this thing,
cheers,
Doug

Thanks Fahim, I'll give it a try.

I had the same problem. To resolve it:

1. Download the latest AVG version
2. Disconnect from the net
3. Uninstall AVG (completely - including preferences and Virus vault)
4. Re-install or replace your copy of Astroplanner.exe
5. Re-install AVG
6. Connect to the net and update AVG as normal

AVG falsely identifies some applications. The Uninstall of AVG and a re-install seemed to fix the problem for me. I accidentally hit the heal button and whilst AVG was installed I could not put the file Astroplanner.exe back on my computer (windows threw up 'insufficient disk space' errors)

Hope this helps.

Cheers

That sounds like the ticket David. Thanks.

Guys, it was definitely a false positive. Paul's website has been inundated by the issue. I also had it. I decided that if AVG was going to do this to AP (and also Dark Adapted - also a Mac developed app), it would get the boot. Went back to NAV, downloaded the latest AP beta and away I go again!

Well I've done as David H has suggested and so far so good. I've been able to reinstall the application files for Astroplanner and AVG seems to be behaving itself. So far ;)

Thanks David and everyone else for you suggestions.

Nearly 2 weeks on and both Astroplanner and AVG are behaving themselves. Thanks again David, your plan worked :thumbsup:

That is good news Paul. Actually I discovered that I had a version of Astroplanner installed. I'd forgotten about it cos I don't use it!

Fahim, I deleted Astroplanner, deleted restore points and set a new one as per your advice.
Like Paul, sofar so good.
Was Astroplanner involved here? I do not know, but since it is a program that I found no comfort in using, I don't care much; just as long as that trojan goes back to Troy and stays there where it belongs (in the past).
cheers,
Doug