After serious thinking Mark Warner wrote :
> On 7/16/2014 1:17 PM, Dustin wrote:
>> Mark Warner  wrote:
>>> 
>>> I've had numerous machines described as acting exactly as the OP's, and in 
>>> every case what they were calling their anti-virus was actually the rogue.
>> 
>> I've seen those instances as well, but like I said, I didn't have enough 
>> information from the OP to make that determination. I've seen AV and AM 
>> ####up and mistake good files for bad ones...it happens.
>
> No argument here. I just tend to go with what I think is the more likely 
> occurrence. Yes, I know an AV false positive from a bad update can wreak 
> havoc, but I also know they are rare and usually are reported almost 
> immediately. This report is the only one I've seen of Avast supposedly 
> causing problems.
>
> Based on the information provided I thought it *much* more likely that the 
> sister had been "rogued". What was described is familiar, and in my 
> experience has always been the result of an infection, not the AV gone amok.
>
> JME. YMMV.

Some of these rogue's have enlisted traffic diverters (redirecting 
services) that send to landing pages which load JS that detects which 
OS and which AV one is using so that the 'come on' looks right to the 
user.

Some don't, and you end up with an unfamiliar AV/AM program pop-up  
dialog framed in XP looking windows on Windows 7. Not convincing to the 
discerning eye, but surprisingly effective anyway.

This particular scenario sounded to me like one of those "fluff" extra 
features going awry, but I am unfamiliar with Avast!'s extra stuff.


--- NewsGate v1.0 gamma 2