Agent_r.CX trojan horse solution – AVG false positive
By Dave Parrack
If, like me, you experienced a scary few minutes when you thought your computer was under attack, you’ll be wondering what the hell Agent-r.CX is. This so-called trojan horse has “infected” every PC running ZoneAlarm and AVG anti-virus software. But don’t panic, all is not as bad as it first seems.
I woke up this morning and, as usual, the first thing I did was to turn on my computer. After the usual start-up procedures, something extra appeared on my screen: an AVG Resident Shield warning, informing me that I had been infected with multiple incidents of a trojan horse by the name Agent_r.CX.
It first appeared to be affecting five files, which after I attempted to remove the threats, turned in to 200 plus files allegedly affected. I clearly had a problem, and started racking my brain for any sites I could have visited the day before to cause this FUBAR. There was none, I’d stuck to my normal routes.
As the warning just kept popping up, I opened AVG and scanned the computer. It found multiple incidents of the trojan horse, all in System32 files under ZoneLabs: the company that offers ZoneAlarm, the free firewall. I attempted to heal the threats and then decided to uninstall ZoneAlarm altogether.
When the computer had restarted, I ventured online and Googled Agent_r.CX to see what kind of problem I was facing. What I found was a host of forums, from ZoneLabs, Yahoo, PC Advisor, and CNET. Lots of people were having the same problem, and some had found the solution.
It seems that this is a false positive result from AVG. Your computer isn’t actually infected with a virus or trojan horse, but that the latest AVG update made the software identify components of ZoneAlarm as a security threat. My girlfriend’s first thought was that this is AVG’s attempt at forcing its security suite (including firewall) on to users.
The solution to the problem seems to be to download the latest definitions from AVG and then scan your computer again. The files previously identified as a threat should now show up as clear. If this doesn’t work, then set the C:\WINDOWS\system32\zonelabs folder as an exception in the AVG Resident Shield.
If this doesn’t work then the only two options you have left to you are to uninstall either AVG or ZoneAlarm. If doing the latter, remember to turn Windows Firewall on instead, before you go back online.
Update: This issue has now been fixed by the latest AVG update. If you have ‘virus database’ of 270.8.0/1724 or later, you should be fine to reinstall ZoneAlarm. If you have any problems, do a fresh install of the software and that should prevent any problems.
Related:
Entry was posted
on Tuesday, October 14th, 2008 at 2:06 pm
under
Read more entries by Dave Parrack.
Stumble It!
October 14th, 2008
Thanks for explaining what’s going on. This helped me a lot.
October 14th, 2008
Thakyou, I had Avg send the affected files to virus fault , turned on windows firewall and scanned the computer with AVG. Nothing showed, but I rather have Zone alarm running than Windows, Look forward to your update
October 15th, 2008
Evidently Grisoft does not test with Zone Labs software. They have also added a check for zl* and flag the files as trojan horse agents.
Open the AVG User Interface, Select Resident Shield, Select Manage exceptions, and add the directory \windows\system32\ZoneLabs to the exception list. Don’t forget to select apply and then on the next page press save changes.
The scan should now ignore the Zone Labs files.
Have a good day!
October 15th, 2008
Hello,
Well when all this started I sent the files to AGT virus vault. Since then I have uninstalled Zonealarm Free from my computer and have tried to reinstall and it just won’t install. I really don’t trust windows firewall and want ZA back. HELP!!!!
Thanks, Jon
October 15th, 2008
Hey John – The “trojan” that AVG found was a FALSE POSITIVE. You need to do an update for your AVG virus database & everything should be fine. Get the update then run an AVG scan again. The reason that you cannot re-install ZA is because you have sent those particular files to the virus vault & AVG will not let the full install happen. As a practice, when installing anything, you should not have ANY applications running. To re-install ZA & have it function as it should, you need to “restore” the ZA files that you “quarantined.” They are not “trojan viruses” They are actually key files that ZA need to run properly & AVG improperly flagged as “trojan’s”. +
***IMPORTANT- By following this option – “Open the AVG User Interface, Select Resident Shield, Select Manage exceptions, and add the directory \windows\system32\ZoneLabs to the exception list,” you are asking for a problem in the future. It is just 1 solution, but a dangerous one at that, you are leaving a vunerable window open.
October 15th, 2008
avg was not at fault in my case! Had to uninstal zone alarm and reinstall before system was back to normal. only then was i able to delete agent r.cx from avg.
October 16th, 2008
Hi,woke up sunday moring and turned on my computer and the screen was wasted and blown up,Resulution on screen where gone from 1420X900 to 640X400 and there where not possible to bring it back to normal (1420X900) . + My Microsoft Word and Microsoft EXCEL where Hit and stoped working.
I got the message popping up on my screen from AVG that i was hit by the Trojan horse agent_r.cx.
I runned Avg to clean up , but this didnt work .
Then i tryed to bring back the computer to normal by run a RECOWERY.
Recowery started but when it was finished …i got told that ..Windows cant bring back the computer in this spesific
date….. so i chosed a new date (Like 30 days back in time) but same result…… Made Almost tear of my hear.
Here is what i Found out to solwe the problem on my computer:
Start up the computer while i pressed F6 to go to safe mode.
I Choosed “safe mode” and saw then my screen was back to normal….”"With 1420X900 resulution again”" WOLLA.
I shuted down the comp again.
Start up the computer again while i pressed F6 to go to safe mode .From there i started to bring back the computer to normal by run a RECOWERY….
THIS WORKED …………..But the recowery Used 3 Hours…..
Klas from Norway
October 18th, 2008
AVG has been deleted from my computer. AVG Sucks!!! Utterly wasted my time. Avast is back as trusted as usual…… bye bye AVG… I won’t touch ten foot barge pool