There are a growing number of reports that this is a false positive within AGV.
I’ll update you with more soon, but for now check out this excellent post on the topic (translated to English here). Complete with screen shots and search engine analysis.
Please leave a comment if you have any information to share. Unlike the AVG Forum, stupid questions will not be deleted nor the questioners abused. We were all stupid at some point so, chill-out folks.
Update: I have found AVG to do find this with multiple PCs in separate locations. It’s definitely a false positive (misreading from the AVG software). (A note to AVG users, don’t let this bother you, I’ve been using AVG for years and I think this is only the 2nd time Its found a false positive.)
Another Update: AVG will not quarantine Quickbooks files, but it will quarantine Quicken files automatically (in many cases). If you get a message that says the files were deleted you can get them out of AVG’s Virus Vault.
Update #3: I see that the folks at Quickbooks are aware of the issue and are working with AVG to repair it.
Popularity: 20% [?]
thanks for noticing this. i received an alert yesterday with avg… it’s still showing up on the scans. not sure what to do about it, but i’m a little less concerned.
You are welcome, Polly. I see that the folks at Quickbooks are aware of the issue and are working with AVG to repair it.
AVG caught SHeur.CKV just now embedded in AdobeRdr707_DLM_en_us.exe
Can a false positive move from Quickbooks to Adobe?
I am getting sheur.cqu in splitcam.exe …using avg.. i assume is also a false positive
Thanks for this post! Found this page while doing a search for the Quickbooks/AVG problem.
This is getting silly lol, my AVG is scanning now, so far it has found 10 different trojan horses and the scan hasn’t finnished yet, i think im going to try for a world record lol, i’m pretty sure i don’t even have 1 real virus, why is it doing this?
I’m getting Sheur.NFH with AVG, it started when I installed bitTorrent (avg initially said DNA.exe was the problem). I’ve uninstalled bitTorrent but now it’s reporting SHeur.NFH in system restore files.
Got a different version of this today, caught by AVG – SHeur.QSN
Still different here SHeur.THQ, maybe just another variant, infected file is c:\windows\system32\sptawl.exe or three[1].exe in Temporary Internet folder. Keeps coming back.
I’ve been getting SHeur.QZY detected in C:\windows\xpudate.exe and c:\system volume information\_restore{…..too long to type}\RP505\A0073680.exe file. I’m thinking that it isn’t a false positive. Symantec’s library doesn’t have any info on it either. If it is “real” does anybody have any idea of its payload?
Comment from Ian, (new to virus problems), 25 November 2007, using Windows XP Home.
I already had BITTORRENT installed, (with a view to downloading films if I can ever find out how it works), but had not got around to using it yet.
Then today I downloaded some widgets into iGoogle, (which I am using as homepage), and got Trojan warning on Avira antivirus which I thought Avira had deleted on reboot.
As it was coming to end of period I uninstalled this and downloaded and installed AVG Anti-Virus Free Edition and ran their scan. It found two objects which I assume were from one source since they were named the same, which was
Trojan Horse SHeur.QSN found in 2 places:-
C:\Downloads\BITTORRENT\dna-1.0-alpha-1637.exe
and
C:\Program Fiules\BitTorrent_DNA\dna.exe
AVG automatically “cured” both by moving them to “virus vault” which I presume means protects computer from damage by isolating the infected files.
After that I am a bit out of my depth, so I would like to hear from someone who knows how to complete the process referred to by AVG as
“use the Virus Vault to heal files at a later date and restore them to their original locations on your disk.”
How do I do this ?
Your responses would be appreciated. Thanks – Ian
Ian, you are asking for a virus downloading movies via bittorent. There are great and legal ways to download content and movies via bittorrent. Just be careful.
I’m a little relived at finding this, as AVG just found “SHeur.AIZM” in Sensors View Pro, which is definitely professional and shouldn’t include random viruses…
Well, today’s version is SHeur.ALQL and is in my Temporary Internet Files. Anyone got a lead on who exactly is doing this? What do they want (other than passwords)??
AVG scan turned up SHeur.AMTI in my windows system… I’m wondering if it is safe to delete the file… cos I heard some stories about people whose PCs went crazy after deleting the “false positive” files that turned out to be non-virus…
Bev, you should be able to quarantine your files and restore them if they break anything. what file specifically is infected?
On mine it’s not a false positive. I recieved a virus over MSN messenger. If anybody messages you with a weird saying and sends a file REJECT THE FILE
I came home to find out that the new pirates of the carribean online game was a trojan virus.avrj…. through avg free anti-virus… nothing to be worried about I believe..
Our pirates of the Caribbean game after running smoothly for a long time popped up with it tonight. It said it had a trojan horse SHeur.BHDX in the launcher. We uninstalled the launcher after quarantining the files to AVG and then tried to install the launcher again from the website but got the same message.
Just found one SHeur.BILB in ToontownLauncher.exe does anyone know exactly what is going on here???
Just found this on searching and would like to second the problem with the Pirates Online game. I’d guess the Toontown one might be related as it’s also a Disney game?
AVG just picked up a SHeur.BWOH within the btdna.exe. It also noted that 5 of my system32 files have been changed..
These fiels are:
kernel32
wsock32
user32
shell32
ntoskrnl32
Anyone know what’s going on here? i don’t really have an anti-virus software yet. Not sure which to get. My bro got the Kaspersky, or whatever, software, and it still won’t clean one of the viruses off of his computer. It won’t heal..
Kusko, I’m a little confused. You wrote “AVG picked up..” then wrote, “i don’t really have an anti-virus software yet. Not sure which to get.”
If you have AVG installed, then you do have anti-virus now. If you don’t AVG is excellent (and free for home use):
http://free.avg.com/ww.download-avg-anti-virus-free-edition
Another great Anti-Virus product is: Avast (also free for home users)
http://www.avast.com/eng/download-avast-home.html
Both will quarantine your infected files without requiring you get a paid solution.
Hi, I have a western digital memory with a syncronization programme that I run everyday on my computer to have access to my pc from work. Today while opening this program AVG told be that a Sheur.BZPU was detected on ‘F:WDSync_v6_3.130.exe’; and I am really hoping is a falce positive as I haven’t found anything about it yet.
What do you think guys? Can I restore the file and forget about it or not?
Let me know
THANKS
Gaby
Sounds like a false-positive. But I can’t tell from here, obviously. Turn off AVG’s Heuristic Analysis and scan it again. If it still finds it, then I’d be concerned.
I don’t recommend leaving Heuristic Analysis turned off. But it will let you know if this is a library match or if AVG just “thinks” it’s a virus.
How you turn off the Heuristic Analisis?
Here ya go. Full screen mode should help and make it a little easier to read.
But click on Tools > Advanced Settings > Click Scans > Scan whole computer > Un-check “Use Heuristics” > Click Ok and re-scan.
I just sent in a ticket to Western Digital about the Trojan horse SHeur.BZPU when it shows you related question it appears they have had a false positive before so more than likely this new detection is also a false positive.
Checkout microsoft security site, SHeur.bzpu is a backdoor trojan
http://www.microsoft.com/security/portal/SearchResults.aspx?query=SHeur.bzpu
Backdoor:Win32/Nuwar.gen!D
Aliases: SHeur.BCFX (AVG)
Description: Backdoor:Win32/Nuwar.gen!D is a generic detection for a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This trojan also contains advanced stealth…
Published Date: 06/16/2008
Severity Rating: Medium
Thanks Martyn! Way to Help!
[...] thought it might be an AVG false positive, but thanks to a helpful link from Martyn here. We know that’s not the [...]
I put those files in the vault then delete them. I am safe now from that trojan or should I perform other stuff!,
Thanks Martin and thans to Ron for the help. Sorry I didn’t reply before but I was away.
LEt me know
THANKS!
http://wdc.custhelp.com/cgi-bin/wdc.cfg/php/enduser/popup_adp.php?p_faqid=2528&p_created=1212692974
The following link describes this issue occuring with Western Digital Previously and it was a false positive. I still have not yet heard back from Western digital.
Btw for Gabriela who was using the western digital sync program. They have updated the program. If you register your drive on their website you can download the new version 7.0.328 is the newest version.
I just received word from Western Digital and YES AVG stating that the WD sync file is a trojan is a false positive.
“Thank you for contacting Western Digital Customer Service and Support.
Yes this is normal. What you need to do is configure your AVG anti virus, go to exceptions, and add the .exe file extension to be excluded.”
Evanita, that’s horrible advice from Western Digital’s CS. It may really be a false positive (if so, AVG should correct it). However for them to say ignore all exe’s is just plain stupid on their part.
That is not what they meant. They were referring to the WDsync file which you need in order to access the WDPassport sync program. AVG has accidentally identified this WDsync file as a virus previously and had corrected it. It happens from time to time. I just installed the new version of WDsync and it’s fine.
Ah Good to hear, Evanita. Thanks for taking the time to clarify.
Can we get a condensed summary for us that don’t understand all the pc lingo?
My AVG picked up 3 of the Sheur trojans so far today. Is it a virus or not? Is AVGs heal/virus vault going to handle it or do I need to do something else? I can’t follow what has been posted thus far…seems contradictory. And other sites the same.
Thanks in advance.
I should add…
The 3 it’s detected thus far were found in
It’s deductible7
Quick Books 04
TurboTax03
None of these programs have been used recently. Quick Books probably the most recent but last time was in Jan of this year.
Why would this start happening now?