# AVG and Spyware Doctor



## Werewolff (May 30, 2008)

I have been using AVG Anti Virus Version 8.0 Free for quite some time now. But awhile back I had Spyware Doctor with Anti-Virus and had bought the full version which gave me a 1 year subscription to use the full version of Spyware Doctor. I just now decided to instill Spyware Doctor 6.0 with Anti Virus, While installing it, AVG popped up a window that said Trojan detected and threat removed. I checked the scanner in AVG and it shows me this...
Infection: Trojan Horse Backdoor.Hupigon4.ZSN 
Object C:\Program Files\Spyware Doctor\klg.dat.
Result: Moved to Virus Vault
Object Type: File
Process: C:\Program Files\Spyware Doctor\Update.exe

Any ideas all? I downloaded Spyware Doctor With Anti-Virus 6.0 from http://www.pctools.com/spyware-doctor-antivirus/ 
So I figured it would be safe. Any ideas of what may be going on?
By the way, after AVG detected that file and moved it to the virus vault, Spyware Doctor finished installing, updating, and is working fine. I have no Idea what is going on. Any help would be appreciated. Thanks.


----------



## blues_harp28 (Jan 9, 2005)

Hi very likely that Avg is recognizing the Trojan Horse Backdoor.Hupigon4.ZSN definition file that is contained in the Spyware Doctor program.

If you run two Anti-virus programs this will happen all the time.
If you are going to keep Spyware Doctor..Remove Avg.


----------



## Magua (Aug 12, 2008)

I too have had the same problem, but the Trojan horse Backdoor.Hupigon4.ZSN is also showing as being in C:\WINDOWS\system32\csrss.exe (660) 

What is this and is it a problem?


----------



## blues_harp28 (Jan 9, 2005)

Hi Magua and welcome to TSG.
Are you using an Anti-virus program and is it picking up this virus??


----------



## Lisa Z. (Dec 2, 2007)

I also run Spyware Doctor latest version and just installed AVG 8 free and the scan detected trojan horse BackDoor.Hupigon4.ZSN in C:\Program Files\Spyware Doctor\klg.dat. So are you saying that this may be a false positive? I also ran microsofts safety scanner and came up with a clean computer. AVG moved infection to the virus vault but the next day AVG ran another scan and detected the same infection. I have read the free forum but no mention of this infection. I am going to post there too. Thanks


----------



## blues_harp28 (Jan 9, 2005)

Hi Lisa Z.and welcome to TSG.
Werewolff the original poster said he installed "Spyware Doctor 6.0 with Anti Virus"
http://www.pctools.com/spyware-doctor-antivirus/

So it could be that Avg 8 is picking up on the Spyware Doctor definition files and reporting it as a threat.
You only need one Anti-virus progran running or they will conflict with each other and could report each others definition files as a threat.


----------



## Lisa Z. (Dec 2, 2007)

I only have AVG antivirus 8 Spyware Doctor 6.0 does not have the virus database enabled so I use it to detect spyware only. Let me see if I understand what you are saying. AVG is detecting a spyware doctor definition file only, not a trojan horse infection. So indeed it can be a false positive? Thanks for the quick response!


----------



## blues_harp28 (Jan 9, 2005)

Avg is saying it is finding this C:\Program Files\Spyware Doctor\klg.dat.
If it found the trojan else where then you would have a problem.
It not really a false positive as it exists in Spyware Doctor as a definition file.
And even though the Anti-virus section of Spyware Doctor is switched off Avg is seeing it.


----------



## Lisa Z. (Dec 2, 2007)

AVG has moved the infection to the virus vault and only in C:\Program Files\Spyware Doctor\klg.dat, no where else. So what is a definition file then. Is a def file a known malware file that spyware doctor can detect? Am I infected with trojan horse?


----------



## blues_harp28 (Jan 9, 2005)

How any Anti-virus program writers do their thing I do not know.
But built into Avg will be a way to recognize the Trojan Horse Backdoor.Hupigon4.ZSN 
A definition file will be written to be able to see if it is present on your system.
If you didn't have Spyware Doctor installed then..C:\Program Files\Spyware Doctor\klg.dat would not be picked up by Avg.

The Trojan Horse Backdoor.Hupigon4.ZSN definition file only exists in the Spyware Doctor program.
Plus of course in Avg.


----------



## Lisa Z. (Dec 2, 2007)

Well, I emptied the virus vault after making sure that spyware doctor was running right.


----------



## Lisa Z. (Dec 2, 2007)

I am going to run the AVG scan again to make sure that all is well now.


----------



## blues_harp28 (Jan 9, 2005)

Hi you may well find that Trojan Horse Backdoor.Hupigon4.ZSN in C:\Program Files\Spyware Doctor\klg.dat gets picked up again as a threat.
You may have to decide which to keep Spyware Doctor or Avg.
Is your Spyware Doctor a paid for program?
All recent reviews show it to be a good program but reviews can be misleading.
If you are happy with Spyware Doctor why did you feel the need to d/load Avg?

There are other good Spyware programs.
http://www.superantispyware.com
Is just one of them.


----------



## Lisa Z. (Dec 2, 2007)

I have done a clean install on my computer. I haven't connected it to the internet yet. I am using my XP PRO machine to post reply. The funny thing is that I am running AVG 8 and Spyware Doctor 6, the same 2 programs that I was using on my infected computer and there are not conflicts and the AVG scan doesn't detect Spyware Doctors definition file as being a threat. Anyway, thanks for your help and replies. I am going to reinstall AVG 8 free first and then try installing Spyware Doctor again on my Vista and see if everything is good. If any problems arise I will be sure to report them! Have a great day! Again thank you!


----------



## blues_harp28 (Jan 9, 2005)

Thanks for the update.
Let us know if it all works out.


----------



## Mimz (Aug 21, 2008)

Hey
I've also had a similar problem but as well as showing up with C:\Program Files\Spyware Doctor\klg.dat there is also C:\WINDOWS\system32\csrss.exe (752) in AVG (they both have that the infection is Trojan horse BackDoor.Hupigon4.ZNS) and on Spyware Doctor two hidden files on high risk level have been detected and on one of the admin accounts this was in the background: http://img.photobucket.com/albums/v292/Rob8oD/screenshot.jpg
(took that screen shot from someone else's thread, but its exactly the same, except I have XP)

What should I do?


----------



## blues_harp28 (Jan 9, 2005)

Hi Mimz.welcome to TSG.
C:\WINDOWS\system32\csrss.exe 
Is a legit windows system file.
Check.
http://www.answersthatwork.com/Tasklist_pages/tasklist_c.htm

What is Avg suggesting you do after it scans your Pc?
As said before running two Anti-virus programs will at times pick up the definition files from the other program.
Decide which program to use..remove the other.
Then run a scan and let us know what it finds.


----------



## Lisa Z. (Dec 2, 2007)

I did a clean install on my vista desktop and did all the Windows Udates etc. I then installed AVG 8.0.138 and ran the scan and it did not detect any infections. I restarted and installed Spyware Doctor 6 updated and ran it. Then I ran another AVG scan right after the spyware Doctor out of curiosity and it found the exact same program file and Trojan BackDoor.Hupigon4.ZSN. I went to the forum and found that someone had posted since then that it is a false positive a month ago and emailed it to AVG for analysis. In a month it should have been updated as being a false positive and corrected. The answer to the previouse question is yes Spyware Doctor 6 is the full version and paid for. I have another machine XP Pro SP3 and I am running AVG 8.0.138 and the free version of Spyware Doctor 6 and some of the components that are installed in the paid version are not activated in the free version, so I think the false positive program file is a definition file for the key logger component of Spyware Doctor 6 paid version.


----------



## Lisa Z. (Dec 2, 2007)

bluesharp, AVG is moves the file to the virus vault.


----------



## blues_harp28 (Jan 9, 2005)

Hi Lisa Z. thanks for the update and the added info.
So the next question is..If you are happy with Spyware Doctor 6 [are you?] why have Avg installed?
I have no knowledge about Spyware Doctor 6 so cannot comment on how well it does it's job.
If you run two Anti-virus programs apart from finding false positives, it may also stop each other from correctly protecting your Pc while online.
In other words it may leave you vulnerable to attack.


----------



## Kemlyn1 (Aug 23, 2008)

I am in the same situation. I use AVG free as virus checker and use Spyware Doctor an an extra to try and catch spyware (logically). About the beginning of August, I noted an automatic update for SD which was labeled 'Keylogger update' or similar (at 57k). It downloaded, and the following day AVG found the problem, (in the two locations mentioned above). AVG removed them and placed them in my virus vault. The following day, SD checks, and re-updates itself with the 'Keylogger update', and then AVG locates it and moves it to the virus vault (and so on) 

Although slightly irritating, it tells me that both programs are doing their jobs and also, making sure that they are uptodate. I live in hope that somewhere along the line, AVG or SD can fix the problem, but it isn't doing me a lot of harm in the meantime.

Martin


----------



## Kemlyn1 (Aug 23, 2008)

Kemlyn1 said:


> I am in the same situation. I use AVG free as virus checker and use Spyware Doctor an an extra to try and catch spyware (logically). About the beginning of August, I noted an automatic update for SD which was labeled 'Keylogger update' or similar (at 57k). It downloaded, and the following day AVG found the problem, (in the two locations mentioned above). AVG removed them and placed them in my virus vault. The following day, SD checks, and re-updates itself with the 'Keylogger update', and then AVG locates it and moves it to the virus vault (and so on)
> 
> Although slightly irritating, it tells me that both programs are doing their jobs and also, making sure that they are uptodate. I live in hope that somewhere along the line, AVG or SD can fix the problem, but it isn't doing me a lot of harm in the meantime.
> 
> Martin


As at Monday morning, this self-repeating loop seems to have ended. I noticed today (Tuesday) that my Spyware Doctor update did not contain the 'keylogger update'. So it appears one of the companies concerned has fixed the issue.

Martin


----------



## calvin-c (May 17, 2006)

I question why any sane anti-malware vendor would assign an apparently made-up name such as klg.dat to one of their files but who knows-maybe it means something to them or maybe they're stupid. I've seen Microsoft do dumber things.

That's a gratuitous comment, BTW. The real reason I replied is the thought that I can add an explanation of why AVG might detect an 'infection' in a def file.

Most anti-virus software works partly by recognizing 'signatures'. A signature is a bit of code that's present in a virus but not in any legitimate programs. Each virus has its own unique signature. (Except for some that aren't recognizable by signatures and anti-virus programs use a 'heuristics' engine to detect those, a fancy name for 'finding a skunk by smelling it'. Finding it by sight is faster, but the other way will work when it's hidden.)

So let's say virus A has the code snippet 'GHQRL' that identifies it. The anti-virus manufacturer therefore writes a file that says "code 'GHQRL' identifies virus A". Guess what? That file also contains the code snippet 'GHQRL' so a different anti-virus program might think it actually contains the virus. Which is apparently what happened here.

Why doesn't it happen more often? Basically because most malware contains multiple signatures. If virus A can also be identified by the snippet 'MRBIV' then maybe the other vendor used that signature in their file-so their file isn't identified by the first program as infected. Luck. Not something you can count on.


----------



## Lisa Z. (Dec 2, 2007)

This turned out to be a FP and was resolved by AVG 8 free. I am now running both AVG 8 antivirus and Spyware Doctor 6 spyware and all is well now.


----------



## Lisa Z. (Dec 2, 2007)

Why isn't the option to mark this thread as solved?


----------



## blues_harp28 (Jan 9, 2005)

Top of the page under Thread Tools.
Only the one who started the thread can mark it as solved.
And to them it may not be.


----------

