There may be occasions where AVG will identify a file during a scan as being infected with a virus or some kind of Trojan. This may or may not be a false detection. This is when you package up the suspect file and submit it to them so their analysts can check it out to determine if it is ‘Real’ or a ‘False Positive’.

Prepare to work with the suspect file(s):

1) First we need to create a folder to store the suspect file(s) in. It’s most convenient to create the folder in the ‘root’ of your C: drive. I generally just create a folder named C:\SuspectFile.

2) Next we need to get the suspect file(s) out of the AVG Virus Vault. The AVG virus vault is located in a hidden folder in the ‘root’ of the C drive and is named C:\$VAULT$.AVG.
Open up AVG’s Control Panel (double click on the multi-colored tray icon), highlight the Virus Vault and click on the Open Button. An alternate method to open the Vault is via the Start Menu. Navigate to the AVG Program Group and select the Virus Vault off the menu.

3) Click on the virus you wish to submit and select ‘Restore’. AVG will prompt you for the folder you wish to restore to. Select the folder you created in Step 1.

4) You will now get an alert from the AVG Resident Shield since it is still monitoring your system. Just select ‘Continue’.

5) Next we want to temporarily disable AVG’s Resident Shield until we’ve completed the submission. Double click the tray icon and highlight the Resident Shield. Click on ‘Properties’ and then remove the check from ‘Turn on AVG Resident Shield protection‘. Click on ‘Apply’ and then ‘OK’.
IMPORTANT: Remember to enable this once the submission is completed.

6) Next we want to package up the suspect file(s) into a Password protected ZIP file using your favorite archive application (WinZip, WinRar, PowerArchiver etc.). Navigate to the folder where you restored the suspect file(s) and create the ZIP file (C:\SuspectFile in this example from Step 1). If you need help with creating the ZIP, consult your application’s help documentation.

I create the ZIP with the name ‘Suspect.zip’ (without the quotes) but you can use any name you want.

I use ‘infected’ for the Password. ‘infected’ is generally the accepted standard used by anti-virus and malware vendors.

7) If you use AVG to scan your outgoing mail then lets temporarily disable this before attempting to send the mail. Double click the tray icon and then double click on ‘Email Scanner’. Click on the ‘Configure’ button and remove the check from ‘Check Outgoing Mail’. Finish by clicking on OK.

8) Now we’re ready to send it to Grisoft. Open your favorite mail client and address the mail to ‘virus@grisoft.com‘ (without the quotes). Construct a brief email describing what you are sending (i.e. attached is a ZIP file (password = infected) containing a file that AVG reported as being infected by W32.TrojanDownloader). Of course, you would enter the scan results you received. Also, include the definition set that was used with the results. ex: This result was produced from Program 7.1.380 AVI 268.1.0/ 270, dated January 7, 2006. Finally, attach the Password Protected ZIP file to the message and send it off.

9) Re-Enable the Scanning of Outgoing Mail from Step 7.

10) Re-Enable the Resident Shield from Step 5.

That’s all there is to it.