Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG-Secure-Search-Update_0814av.exe anyone else seen this?


  • This topic is locked This topic is locked
31 replies to this topic

#1 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 30 August 2014 - 06:47 PM

A few days ago AVG-Secure-Search-Update_0814av.exe appeared in task manager, two of them were running one from

C:\ProgramData\AVG_Update_0814av\AVG-Secure-Search-Update_0814av.exe

and one from

C:\Users\(my name)\AppData\Roaming\AVG_Update_0814av\AVG-Secure-Search-Update_0814av.exe

both folders named "AVG_Update_0814av" were only a few days old. Both of the exe files named

"AVG-Secure-Search-Update_0814av.exe" were signed by "AVG Technologies" and sized at 2.64 megabytes. Any idea what the process is, i run AVG free antivirus on a windows 8 machine but have never deliberately installed the secure search toolbar. Nor has that toolbar appeared since this process appeared in my task manager process list.

 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 30 August 2014 - 07:22 PM

It's AVG adware...usually Ask Search.

You may be able to uninstall from the Add/ Remove program list.

You should run some adware removal programs, anyway. Seems there is always more than just the AVG adware.

 

EDIT: AVG stung as search revenue from freebie scanners dries up • The Register  (Ad revenue shrunk in

one year from 40 million to 20 million bucks.)

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to cleanup temporary files, logs, ad/ tracking cookies, etc. Use the default settings. No need to use the Registry Cleaning Tool and its

use may cause other problems. Pay close attention while installing and UNcheck the offers of toolbars such as Yahoo.

CCleaner - PC Optimization and Cleaning - Free Download


Edited by buddy215, 30 August 2014 - 07:40 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 30 August 2014 - 10:11 PM

The toolbar is not visible in any of my browsers (chrome,FF or IE). And the only avg product on the "control panel" list of installed programs is my antivirus. I am running Adwcleaner now, and jrt. eset will have to wait for tomorrow as it takes a few hours to scan. I already have CCleaner, i will run it after adwcleaner and jrt. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 30 August 2014 - 10:36 PM

Adw cleaner found something and removed a string from the registry, plus it's usual clearing of "preference" data for browsers. Jrt found nothing. ccleaner did it's usual helpful work and got rid of 267 megabytes of rubbish. The exe file i discussed is still in my list of running tasks, is it something to be concerned about or just a waste of a small proportion of my cpu.

 

i guess that profits drop means avg is planning to cancel it's free antivirus altogether soon. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 31 August 2014 - 06:04 AM

You should check your browsers add-ons....extensions and plugins and either disable or remove the ones you did not

intentionally install. Check the list of Search Engines in your browsers and delete Ask if it is listed.

 

Hey, $22,000,000 is a lot of moola....in my book, they should be paying you for installing the free version. :)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 31 August 2014 - 09:44 AM

this is the log from adwcleaner
 
# AdwCleaner v3.308 - Report created 31/08/2014 at 04:15:42
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : personal info removed
# Running from : D:\Users\personal info removed\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17054
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.102
 
[ File : C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [953 octets] - [28/05/2014 18:52:53]
AdwCleaner[R10].txt - [1559 octets] - [31/08/2014 00:33:58]
AdwCleaner[R11].txt - [1720 octets] - [31/08/2014 04:14:10]
AdwCleaner[R1].txt - [1012 octets] - [30/05/2014 16:03:44]
AdwCleaner[R2].txt - [1074 octets] - [03/06/2014 23:30:40]
AdwCleaner[R3].txt - [1135 octets] - [05/06/2014 23:02:52]
AdwCleaner[R4].txt - [1196 octets] - [12/06/2014 22:37:47]
AdwCleaner[R5].txt - [1254 octets] - [19/06/2014 00:33:17]
AdwCleaner[R6].txt - [1314 octets] - [19/06/2014 21:32:37]
AdwCleaner[R7].txt - [1374 octets] - [20/06/2014 14:56:25]
AdwCleaner[R8].txt - [1434 octets] - [22/06/2014 22:00:23]
AdwCleaner[R9].txt - [1498 octets] - [04/08/2014 22:52:24]
AdwCleaner[S0].txt - [1642 octets] - [31/08/2014 04:15:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1702 octets] ##########
 
It removed that one registry key and did nothing else, i have no clue what that registry key was. I will run adwcleaner again now, to see if anything has come back and then run eset. I ought to mention that the weird process i spotted (it's still there by the way) does respond to "end task" in the task manager but i'm not sure if that is safe to do, as in stopping that process might affect my antivirus program. I also tried deleting the folder in which the weird exe file was stored. the folder in appdata\roaming went away without trouble but the one in c:\programdata returned when i updated avg.  
 
 
 
 
re-run of adwcleaner shows that the registry string has been deleted successfully and has not regenerated.

Edited by quietman7, 08 November 2014 - 10:28 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 31 August 2014 - 10:16 AM

A search for that item tells me it is a BHO.....Description: Superfish, "Window Shopper" or "SpecialSavings" price comparison addon


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 31 August 2014 - 12:44 PM

Eset found only 1 thing, "Win32/Bundled.Toolbar.Google.D potentially unsafe application" in "D:\Users\personal info removed\Downloads\various exe files\spsetup126.exe ". that is the installer for 2 "speccy" which i installed a few days back. I assume this is safe to leave as i believe what the detection means is that the installer exe file spsetup126.exe tries to add a spam toolbar upon installation of speccy, but i think i must have unchecked that box.
 
I have not been seeing any "superfish", "window shopper" or "special savings" spam or pop-ups. Does the fact the registry key was deleted mean whatever that rubbish was it is gone for good?
 
does any of this suggest anything about the AVG process i saw (it is still there) in task manager? also you mentioned earlier "in my book, they should be paying you for installing the free version", this means you think AVG free is terrible, what is wrong with it, should i install avast or one of the other free antiviruses instead?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 PM

Posted 31 August 2014 - 01:11 PM

AVG Security Toolbar and AVG Secure Search are also commonly bundled as an option with other free software users may download and install. Many folks overlook that option since it is pre-checked by default and they unknowingly install it. For example, the toolbar is bundled with PDFCreator.

So even if you decline the option to use these add-ons when installing AVG anti-virus, you may still end up finding them on your system some point after an AVG update or by unknowingly downloading and installing another program where they have been bundled. This also explains how those who never used AVG anti-virus also sometimes find AVG Secure Search and the Security Toolbar installed. Be careful what you download and read everything during the installation.

* How To Disable AVG Secure Search Provider In Browsers
* How to uninstall AVG Secure Search in Firefox, Internet Explorer and Chrome
* How To Disable AVG Search From New Tab
* How to remove AVG Toolbar, Homepage and Secure Search from your browser with AVG Browser Configuration Tool
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 31 August 2014 - 01:25 PM

No, I meant AVG should be sharing the profits with you...:) I have no suggestion as to which antivirus program to use.

If you've installed Speccy...not just a stand alone program...then you can safely remove the install files without any problem.

 

You didn't mention checking your add-ons and search engines. If you have done that in all browsers and you don't see anything referring to Ask or

Security Toolbar or Secure Search then the AVG crapware is not active.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 31 August 2014 - 06:25 PM

I can't see any toolbars in any of my browsers but cannot remember where to look in each of them to check things like default search engines and full details of add-ons, plugins,etc. The instructions quietman7 gave for uninstalling "avg secure search toolbar" seem to make it clear that if the toolbar, or the cr*p that goes with it were installed i would see something. Another look at control panel confirms there is no AVG software on my machine except the main antivirus. As for this new and weird AVG process in task manager I haven't downloaded any programs, except speccy, for several months, I make a habit of not risking installing anything when I don't need to. 

 

As one other point, when looking at the properties of the weird avg process i can find that it has an "original fie name" of ReOfferCampaign.exe  . It has the following "permissions for SYSTEM"  all set to "allow": "full control", "modify", "read and execute", "read", "write". the icon for it is lower resolution than the icon for all the other avg processes on my system. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 31 August 2014 - 07:12 PM

Find what Search Engines are available by clicking on the dropdown arrow in the Search engine address bar. To add or remove a search engine

click on manage search engines

 

See if you can follow this path and delete the file. You may need to kill the process first.

C:\Program Files\avg safeguard toolbar\avg-secure-search-update_1013b.exe

 

Since the process starts at boot it may be listed in Startup and/or Scheduled Tasks. CCleaner will show you

those lists by opening CCleaner and clicking on tools, click on Startup. Scheduled Tasks can be viewed after clicking on the

Scheduled Tasks tab.

 

More info on the process here: Malware scan of avg-secure-search-update_1013b.exe 0947373c6cf31e636aaaf0010238fba566636b32 - herdProtect


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 01 September 2014 - 05:37 AM

I cannot see avg or anything related to secure search under my list of search engines.

The file path you give me does not exist on my machine, also i worry that deleting the exe file ( it is at  C:\ProgramData\AVG_Update_0814av\AVG-Secure-Search-Update_0814av.exe ) will affect my main anti-virus software.

the herd protect link seems to be for a different file, although probably one doing a similar job, maybe the previous version of this weird thing.

I have tried disabling it's startup in CCleaner, i'll restart in a minute to see if that works but once again i don't know if that will affect my antivirus program. In CCleaner there are two items running on startup, 

AVG-Secure-Search-Update_0814av.exe  and  AVG-Secure-Search-Update_0214c.exe


Edited by rp88, 01 September 2014 - 05:47 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 PM

Posted 01 September 2014 - 05:54 AM

Anything you choose to disable using CCleaner can be Enabled if needed.

While in the Tools > Startup  click on all the tabs for browsers, Scheduled Tasks, Content Menu


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 01 September 2014 - 06:14 AM

I found a way to get rid of the weird process, i tried the disabling of the process in CCleaner but it did not work, the process returned when i restarted. I think the process listed under CCleaner was the one in appdata\roaming (which i deleted a few days back). the one in c:\programdata was still runing. but CCleaner showed me something else, under scheduled tasks were two tasks, one which said "run this weird exe on startup" and one which said "delete this weird exe on 28/09/2014". i went in windows task scheduler and changed the date for that "delete it" task to 12:01 01/09/2014  at 12:01 it ran and when i logged back on the weird exe was no longer running. telling that task to run early had also deleted the "C:\ProgramData\AVG_Update_0814av\" folder. I know need to find a way to check whether removal of the weird exe has somehow compromised my antivirus.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users