There are a growing number of reports that this is a false positive within AGV.
I’ll update you with more soon, but for now check out this excellent post on the topic (translated to English here). Complete with screen shots and search engine analysis.
Please leave a comment if you have any information to share. Unlike the AVG Forum, stupid questions will not be deleted nor the questioners abused. We were all stupid at some point so, chill-out folks.
Update: I have found AVG to do find this with multiple PCs in separate locations. It’s definitely a false positive (misreading from the AVG software). (A note to AVG users, don’t let this bother you, I’ve been using AVG for years and I think this is only the 2nd time Its found a false positive.)
Another Update: AVG will not quarantine Quickbooks files, but it will quarantine Quicken files automatically (in many cases). If you get a message that says the files were deleted you can get them out of AVG’s Virus Vault.
Update #3: I see that the folks at Quickbooks are aware of the issue and are working with AVG to repair it.
July 14th, 2007 at 9:20 pm
thanks for noticing this. i received an alert yesterday with avg… it’s still showing up on the scans. not sure what to do about it, but i’m a little less concerned.
July 15th, 2007 at 11:59 am
You are welcome, Polly. I see that the folks at Quickbooks are aware of the issue and are working with AVG to repair it.
July 24th, 2007 at 9:28 pm
AVG caught SHeur.CKV just now embedded in AdobeRdr707_DLM_en_us.exe
Can a false positive move from Quickbooks to Adobe?
July 25th, 2007 at 11:01 am
I am getting sheur.cqu in splitcam.exe …using avg.. i assume is also a false positive
July 27th, 2007 at 11:17 am
Thanks for this post! Found this page while doing a search for the Quickbooks/AVG problem.
August 5th, 2007 at 4:22 am
This is getting silly lol, my AVG is scanning now, so far it has found 10 different trojan horses and the scan hasn’t finnished yet, i think im going to try for a world record lol, i’m pretty sure i don’t even have 1 real virus, why is it doing this?
September 25th, 2007 at 11:52 am
I’m getting Sheur.NFH with AVG, it started when I installed bitTorrent (avg initially said DNA.exe was the problem). I’ve uninstalled bitTorrent but now it’s reporting SHeur.NFH in system restore files.
October 10th, 2007 at 4:10 pm
Got a different version of this today, caught by AVG - SHeur.QSN
October 18th, 2007 at 6:12 pm
Still different here SHeur.THQ, maybe just another variant, infected file is c:\windows\system32\sptawl.exe or three[1].exe in Temporary Internet folder. Keeps coming back.
November 5th, 2007 at 8:48 pm
I’ve been getting SHeur.QZY detected in C:\windows\xpudate.exe and c:\system volume information\_restore{…..too long to type}\RP505\A0073680.exe file. I’m thinking that it isn’t a false positive. Symantec’s library doesn’t have any info on it either. If it is “real” does anybody have any idea of its payload?
November 25th, 2007 at 4:25 pm
Comment from Ian, (new to virus problems), 25 November 2007, using Windows XP Home.
I already had BITTORRENT installed, (with a view to downloading films if I can ever find out how it works), but had not got around to using it yet.
Then today I downloaded some widgets into iGoogle, (which I am using as homepage), and got Trojan warning on Avira antivirus which I thought Avira had deleted on reboot.
As it was coming to end of period I uninstalled this and downloaded and installed AVG Anti-Virus Free Edition and ran their scan. It found two objects which I assume were from one source since they were named the same, which was
Trojan Horse SHeur.QSN found in 2 places:-
C:\Downloads\BITTORRENT\dna-1.0-alpha-1637.exe
and
C:\Program Fiules\BitTorrent_DNA\dna.exe
AVG automatically “cured” both by moving them to “virus vault” which I presume means protects computer from damage by isolating the infected files.
After that I am a bit out of my depth, so I would like to hear from someone who knows how to complete the process referred to by AVG as
“use the Virus Vault to heal files at a later date and restore them to their original locations on your disk.”
How do I do this ?
Your responses would be appreciated. Thanks - Ian
November 28th, 2007 at 7:58 am
Ian, you are asking for a virus downloading movies via bittorent. There are great and legal ways to download content and movies via bittorrent. Just be careful.
December 25th, 2007 at 2:35 pm
I’m a little relived at finding this, as AVG just found “SHeur.AIZM” in Sensors View Pro, which is definitely professional and shouldn’t include random viruses…
January 18th, 2008 at 9:06 am
Well, today’s version is SHeur.ALQL and is in my Temporary Internet Files. Anyone got a lead on who exactly is doing this? What do they want (other than passwords)??
February 11th, 2008 at 12:33 am
AVG scan turned up SHeur.AMTI in my windows system… I’m wondering if it is safe to delete the file… cos I heard some stories about people whose PCs went crazy after deleting the “false positive” files that turned out to be non-virus…
February 11th, 2008 at 10:15 am
Bev, you should be able to quarantine your files and restore them if they break anything. what file specifically is infected?
February 21st, 2008 at 9:05 am
On mine it’s not a false positive. I recieved a virus over MSN messenger. If anybody messages you with a weird saying and sends a file REJECT THE FILE
February 29th, 2008 at 8:33 am
I came home to find out that the new pirates of the carribean online game was a trojan virus.avrj…. through avg free anti-virus… nothing to be worried about I believe..
April 25th, 2008 at 10:17 pm
Our pirates of the Caribbean game after running smoothly for a long time popped up with it tonight. It said it had a trojan horse SHeur.BHDX in the launcher. We uninstalled the launcher after quarantining the files to AVG and then tried to install the launcher again from the website but got the same message.
May 3rd, 2008 at 3:49 pm
Just found one SHeur.BILB in ToontownLauncher.exe does anyone know exactly what is going on here???
May 10th, 2008 at 2:19 pm
Just found this on searching and would like to second the problem with the Pirates Online game. I’d guess the Toontown one might be related as it’s also a Disney game?