Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ghost File?


  • Please log in to reply
3 replies to this topic

#1 Charlie_S

Charlie_S

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 04 August 2016 - 12:31 PM

Issue #1

On a home/office network consisting of XP pro pc's as well as one W7 pro 64 bit pc, and like others have run free AVG for some time.

Upon startup/reboot on all pc's, opening task manager processes shows a process (once on the W7) (twice in the XP processes list) AVG-Secure-Search-Update_0816av.exe in the XP boxes, additionally shows a following *32 on the W7 64 bit box, which i presume references it as a 32 bit file. I can kill the process(s) and they do not return until reboot/restart,

The last couple of times i've restarted the "server" XP pro pc i connect online with,( which by the way due to location i'm limited to dialup) I get more connection usage than i should see close to +/- 50% until i kill the above mentioned processes, and twice now AVG has quarantined the above named file as corrupt, found in Windows/temp. 

Checking the referenced directory Windows/temp the file was found still shows a file name of 0816av_Avg_Update_Config.json along with avginfo.id and toolbar_log.txt files, although the AVG toolbar has never been installed.

Other than the afore mentioned corrupt file quarantine, I can find no other reference searching any of the 3 pc's  for "AVG-Secure-Search-Update_0816av.exe" .

Doing a file search comes up empty, as does a search in the registry, and the only AVG reference in add/remove programs is to the AV software with no other AVG entries.

AV scans other than mentioned, have all come up empty as does a scan with Malwarebytes and Adaware.

I've found a lot of references to "AVG-Secure-Search-Update_0814av.exe" but very little to what i presume is a later version 0816,

additionally this installation of xp was a clean install about 30 days ago. 

Thus far i'm at a loss on how to get rid of it. Suggestions?

 

issue #2

These issues may not be related but this seemed to start on the W7 box causing high connection usage and eventually narrowed down to constant connection with akamai technologies on port 80 causing around 100% use. (which led to investigating the xp boxes and finding the same file as per above) Searching for information led to the suggestions this was apple quicktime and apple updater related, which were both installed on that pc. Both were uninstalled, ran ccleaner registry check and cleaned up the invalid registry entries, searched for and manually removed reg. entries relating to apple and quicktime also.

All seemed well for about a week with no illicit connection use and it suddenly reappeared, again netstat showing akamai technologies as the source of connection use, this time on port 443.

Currently i have the 7 box disconnected and isolated, I've uninstalled free AVG, and as much as possible removed all traces via ccleaner, file and registry search.

 

 


Edited by Charlie_S, 04 August 2016 - 12:34 PM.


BC AdBot (Login to Remove)

 


#2 Will5200

Will5200

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:11:04 PM

Posted 04 August 2016 - 12:35 PM

Something from awhile back:

 

http://www.bleepingcomputer.com/forums/t/546341/avg-secure-search-update-0814avexe-anyone-else-seen-this/


Edited by Will5200, 04 August 2016 - 12:38 PM.


#3 Charlie_S

Charlie_S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 04 August 2016 - 12:56 PM

Thanks, Google has also come up with similar information without a real solution in my case. I don't have the toolbar installed anywhere and find no reference to it. There are no browser extensions either toolbar or the safe search update listed. As per my origional post, the only reference i'm finding now is via task manager.



#4 Charlie_S

Charlie_S
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 04 August 2016 - 02:18 PM

To provide a little update:

after doing searches for variations on the filename AVG-Secure-Search-Update_0816av.exe, it seems, AVG sets a task in task scheduler (Windows/tasks)and those tasks were moved to a temp storage folder, just to be safe.

So far after reboots the tasks have not re-appeared. the secure search file named above, was found in avg update found in documents and settings/application data/avg_update_0816av. time will tell if it solves some of the other problems. If anyone has alternate suggestions i'd like to see them.


Edited by Charlie_S, 04 August 2016 - 02:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users