Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uninstalled Avast but "avast! antivirus\backup.exe" accessed network


  • Please log in to reply
9 replies to this topic

#1 drgoodie

drgoodie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 02 January 2016 - 04:46 PM

Yesterday I used the Avast uninstaller - avastclear or such name -  to uninstall Avast trial software.  I then installed BitDefender Total Security trial yesterday.

 

This morning in my BitDefender Event Log, I see this entry:

 
  The application C:\program files\common files\av\avast! antivirus\backup.exe attempted to connect to the Internet using TCP protocol on port 49etc.  Bitdefender Firewall has granted access for this application.
 
The next entry, about 24 minutes later was:
 
Firewall module status changed
Firewall has been enabled
 
I did nothing to disable the Firewall and have a question for BitDefender, but I am miffed that Avast is still slinking around on my computer after I uninstalled it.
 
Is that legal for them to do that?  How can I get ALL Avast off my computer?
 
Thanks for help in understanding this.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 02 January 2016 - 05:12 PM

Backup.exe is distributed by emergency update to all avast versions...read the explanation by petr_matrix, Avast team in this avast topic. Did you use Windows Explorer to physically search for and confirm that backup.exe is still in that location?

Yesterday I used the Avast uninstaller - avastclear or such name - to uninstall Avast trial software.

Did you run avastclear in safe mode...per these instructions? If not, that may explain why it was not removed.


BitDefender Total Security includes a Firewall. Anti-virus vendors which offer suites with a Firewall allow their programs to manage Windows Security Center & Firewall by default so it has complete control in order to prevent conflicts and duplicate warnings. This management action is normally taken during installation and many users are unaware of this fact. Windows 8/10 Defender and Microsoft Security Essentials are also typically disabled when installing third-party anti-virus software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 drgoodie

drgoodie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 04 January 2016 - 02:45 PM

Quietman7, thank you for your help.  I did confirm the Backup.exe file was in that location.  I did not run avastclear in safe mode and will look into that.  I used Glary Pro to disable Backup.exe in the Startup Menu and nothing labeled "avast" has attempted to access the Internet since.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 04 January 2016 - 05:13 PM

Good luck.

BTW...while Glary is safe and useful for many things, I do not, recommend using the built-in registry cleaning feature unless you have a good understanding of the registry. In fact, Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
 

Why you should not use Registry Cleaners and Optimization Tools


Be sure to read Microsoft's support policy for the use of registry cleaning utilities in that topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 drgoodie

drgoodie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 09 January 2016 - 09:47 PM

Thanks Quietman7.  I unclicked the registry cleaner.  I am very frustrated.  I upgraded to Windows 10 from 7.  I had Windows Defender on and Malwarebytes Premium on.  I trusted a geek forum comment that gave a link to a site where I could pick any one of numerous download tools to get back MahJong Titan.  23 malware sites downloaded their junk into my computer.  Something turned off Windows Defender.  Malwarebytes didn't blink.  Something started running, supposedly "scanning" my computer and I could not stop it.  I uninstalled all the 23 pieces of garbage - FunFeedr, FlashBeat, Gaster Web, DeskBar, System Healer, SmartWeg, The Browser, TV Time, Save Serp Now, Search Protect, Search Module, Shopperz, PC Optimizer, KCNTR.  I ran Malwarebytes scan and it listed 911 "threats".  Most of them were PUPS, some had the word "Trojan" in the filename, some were listed as Adware.  Then I rebooted.  System Healer started "scanning" again.  I tried System Restore and received the message I could not run it until I ran ChkDsk.  I ran ChkDsk and many hours later the screen was still black.   I powered off.  When I restarted, Windows would not start.  I ran all the system checks and everything was fine.  I tried restore from there, and it said I had no restore point.  I finally was able to back up all my files and revert to Windows 7 factory condition.  Many, many days later......

 

I want something that would not have let all the garbage download.  Most of those are KNOWN MALWARE. My concept of  "Malware Protection ENABLED" and "Malicious Website Protection ENABLED"  was sadly wrong I guess.  The rep said some people want those PUPS.  

 

Now the current frustration:

 

I downloaded a 30 day trial of Avast - Total Security I think it was - the best version offered.  I had a lot of problems with it - it used between 57 and 99% of CPU.  When I searched around I saw other people were discussing this problem.  A LOT of discussion and no Avast contributions made to the discussion.   One person suggested reinstalling Avast.  I did.  Back to normal until the next day when it started again using up to 99% of CPU.  I requested customer support and was issued a Case No.    Over a week later and after a couple of emails begging for help, there was no further response from Avast.

 

I researched and discovered BitDefender is ranked No 1 and Avast No 11, so I uninstalled Avast and installed BitDefender.  I have questions and concerns and requested customer support.  I was immediately issued a Ticket No.  That was nine days ago.  

Question:  Is there a highly ranked antivirus; antimalware; antimaliciouswebsite software that responds to requests for customer support?

 

Question:  Is there software available that would have blocked all those malicious downloads?  At least WARNED the download site was not to be trusted?

 

Forgive the long rant, but this saga started 12/23 and is ongoing.  Quietman7, I hope you "here?"



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 09 January 2016 - 10:12 PM

Sorry to hear about all the problems you had to deal with.

I generally recommend ESET NOD32 Anti-Virus or Emsisoft Anti-Malware as they leave a small footprint...meaning they are not intrusive and do not utilize a lot of system resources.

Emsisofts Behavior Blocker continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity...it is able to detect unknown zero-day attacks, file-less malware that resides only in memory, zombies (the hijacking of host processes to load malicious code which execute via script parser programs), and file-encrypting malware (ransomware) attacks. Emsisoft Internet Security combines the best of both worlds...it is a complete security suite which combines Emsisoft Anti-Malware with an efficient powerful firewall created using the same core previously found in Emsisoft Online Armor.

ESET Antivirus and Smart Security uses a Host-based Intrusion Prevention System (HIPS) to monitor system activity with a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, HIPS stops the offending program from carrying out potentially harmful activity. ESET Antivirus (and Smart Security) includes Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components. This feature monitors the behavior of processes, looks for and blocks suspicious activities that are typical for exploits including zero-day attacks. ESET's Java Exploit Blocker looks for and blocks attempts to exploit vulnerabilities in Java.

ESET and Emsisoft Anti-Malware also have the added advantage of blocking the installation of most Potentially Unwanted Programs (PUPs) (such as adware, spyware, unwanted toolbars, browser hijackers) if you enable that feature.

eam_pup_728x574_en.png

One additional advantage with Emsioft...some of the employees involved with their product development, research and technical support are well known security experts who have volunteered their personal time to assist victims of malware infection long before their program was created. They still stay personally involved with helping victims on Internet forum boards as well as provide individual support services to users of their products. This means they are personally tuned into the day to day analysis of active malware and any reported issues with their software so they are able to respond quickly to them.

At least three of the Emsisoft Team provide assistance to members here at Bleeping Computer. Fabian Wosar is a Security Developer, GT500 is a Security Colleague and Elise is our Malware Study Hall Admin who oversees the Bleeping Computer Training Program.

No amount of money can buy such dedication and support.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 drgoodie

drgoodie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 09 January 2016 - 10:22 PM

Thank you SO much.  I am about to look up Emsisoft now.  I am so very glad you are here QuietMan7.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 09 January 2016 - 11:01 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 drgoodie

drgoodie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 18 January 2016 - 10:37 PM

quietman7  -   EMSISOFT response is incredible.  Within a few hours or less.  havredave, was my first responder.  He has helped me twice - talk about the extra mile!  (Like you.)  He said mention his name to you, so Hi from havredave.  I am so very happy to have found EMSISOFT.  It is defintely a keeper.  Thanks again for taking the time to give me so much information.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 19 January 2016 - 07:47 AM

As I said no amount of money can buy such dedication and support.

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users