# Fake spyware scanner Malware Bytes cant take out.



## TRIPTEX_CAN (Apr 7, 2009)

I'm dealing with a PC that a user's husband manage to infect in his search for "Gundam fan stuff"

This looks like the standard "your PC is infected click here to fix it" popup. I've seen these before a usually never took more than 3h to remove. This one is really persistent and I'm almost leaning towards just reinstalling Windows. 

These popups are even happening in Safemode. 

So far I've trued the following

Disabled system restore and purged all restore data. 

I removed the AV that was installed and installed the new AVG and manually updated it. Scanned and found objects, removed them. rescanning finds nothing

Installed MalwareBytes and updated to latest version. Scanning in safemode always locates stuff, I remove it and reboot but it always comes back after a few minutes. 

Installed Windows Defender (getting desperate) scanned and located objects, removed them and restarted. still comes back. 

Any suggestions?


----------



## JoshBrunelle (Apr 7, 2009)

Try booting off a live cd and running some a/v that way infected system files can be properly cleaned. I know UBCD4win can build boot disks with a/v built in. Just make sure you build the disk on a clean system.


----------



## BroBQ (Apr 7, 2009)

I would use:

1. Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix
2. Super antispyware http://www.superantispyware.com/

and if its at all possablie, I would remove the HDD from the computer and install as a slave onto a different PC and scan it that way.


----------



## TRIPTEX_CAN (Apr 7, 2009)

JoshBrunelle said:


> Try booting off a live cd and running some a/v that way infected system files can be properly cleaned. I know UBCD4win can build boot disks with a/v built in. Just make sure you build the disk on a clean system.



I'll try that after I try what morrison wrote.



Morrison5891 said:


> I would use:
> 
> 1. Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix
> 2. Super antispyware http://www.superantispyware.com/
> ...



I'll try those. 

I would have already scanned the HDD in another system if I had the adapter.... I asked for one but they said it "wasn't necessary". 

Anyway I have a hijackthis log incase anyone sees anything glaringly obvious. 



			
				Logfile of HijackThis v1.99.1 said:
			
		

> Scan saved at 11:18:03 AM, on 07/04/2009
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> 
> ...


----------



## BroBQ (Apr 7, 2009)

i'm gonna go through your hijack this log right now...


----------



## TRIPTEX_CAN (Apr 7, 2009)

Would it be useful to see my combofix log?


----------



## Lillebror (Apr 7, 2009)

> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> 
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> 
> O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)



You can Remove those - other than that your log is clean from hijackthis - but your Explore.exe looks suspecious, cause normaly its not written .EXE and not with a big E in explore.

If you got other scanning logs, please post em.


----------



## TRIPTEX_CAN (Apr 7, 2009)

Combofix log



> combofix log]ComboFix 09-04-04.01 - Administrator 2009-04-07 11:53:44.2 - NTFSx86
> Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1579 [GMT -4:00]
> Running from: E:\ComboFix.exe
> AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
> ...


----------



## BroBQ (Apr 7, 2009)

I don't see anything  suspicious


----------



## TRIPTEX_CAN (Apr 7, 2009)

Lillebror said:


> You can Remove those - other than that your log is clean from hijackthis - but your Explore.exe looks suspecious, cause normaly its not written .EXE and not with a big E in explore.
> 
> If you got other scanning logs, please post em.



I've removed the entries you mentioned. I noticed the .EXE extension on Explorer also but I'm not sure what to do about it.


----------



## TheMailMan78 (Apr 7, 2009)

That thing is a sum-bitch man. We had the rip into our networks at my job. Nothing at first could get rid of it. However we did find something. Download the Microsoft Onecare demo. It was the only thing that fixed it. Fast too.


----------



## Lillebror (Apr 7, 2009)

Try download Spybot - search and destroy, update it and immunize and scan.
After that, reboot, scan with it again, and when thats done, scan with avg - post a log if it makes one.


----------



## TheMailMan78 (Apr 7, 2009)

Lillebror said:


> Try download Spybot - search and destroy, update it and immunize and scan.
> After that, reboot, scan with it again, and when thats done, scan with avg - post a log if it makes one.



That wont work with this one.


----------



## newtekie1 (Apr 7, 2009)

Try running AutoRuns and see what is attached to Explorer, Processes Explorer is nice to have too.


----------



## TRIPTEX_CAN (Apr 7, 2009)

newtekie1 said:


> Try running AutoRuns and see what is attached to Explorer, Processes Explorer is nice to have too.



AutoRuns? 

@ Mailman.. ill try MS onecare now.


----------



## TheMailMan78 (Apr 7, 2009)

TRIPTEX_MTL said:


> AutoRuns?
> 
> @ Mailman.. ill try MS onecare now.



I just PMed you a link. That thing is NASTY what you got. Nice job


----------



## newtekie1 (Apr 7, 2009)

TRIPTEX_MTL said:


> AutoRuns?
> 
> @ Mailman.. ill try MS onecare now.



Yes, you can read about it here:  http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Great little tool put out by SysInternals, it will tell you every dll and extension that is attached to the critical processes of Windows, and a whole lot more.  You can then disable them, without deleting them, to see what is causing your problem.  When you narrow it down, you can then just delete it.



TheMailMan78 said:


> I just PMed you a link. That thing is NASTY what you got. Nice job



Definitely, I've seen it way to much on customer machines.  I real pain in the ass to get rid of, especially if you get one of the varients that blocks most cleaning tools from even running...


----------



## TheMailMan78 (Apr 7, 2009)

FYI if you're running VIsta you will have to download the demo. The web based scanner kinda sucks for Onecare.


----------



## TRIPTEX_CAN (Apr 7, 2009)

Its an XP machine.




newtekie1 said:


> Definitely, I've seen it way to much on customer machines.  I real pain in the ass to get rid of, especially if you get one of the varients that blocks most cleaning tools from even running...



This one hasnt blocked anything from running.. usually they do. This one lets everything run and if it gets caught it just doesnt get removed.. nothing has removed it and almost all scanners find something in the system.


----------



## TheMailMan78 (Apr 7, 2009)

TRIPTEX_MTL said:


> Its an XP machine.



Its up to you then. Personally I like the demo more than the browser scan. You can always uninstall it ya know 



TRIPTEX_MTL said:


> This one hasnt blocked anything from running.. usually they do. This one lets everything run and if it gets caught it just doesnt get removed.. nothing has removed it and almost all scanners find something in the system.



Yeah this thing is a work of art. No doubt.


----------



## TRIPTEX_CAN (Apr 7, 2009)

Im about 99% sure the issue was resolved with running SuperAntiSpyware and Microsoft One Care. I didnt try Spybot so I dont know if it would have worked.

This virus was impervious to AVG, MalwareBytes, ComboFix, Vundo fix, and a host of other things I tried. 


I hate Malware.. but it keeps me busy.


----------



## troyrae360 (Apr 8, 2009)

yea, avg dosnt really help alot, other than slowing down your computer i

If i were you id use NOD32 its the best av around has been for years, it has no notisable inpact on your system preformance eather. 

Use Superantispy free edition with NOD32, you wont regret it


----------



## Psychoholic (Apr 8, 2009)

If malwarebytes cant remove it, good luck.. lol


----------



## TRIPTEX_CAN (Apr 8, 2009)

troyrae360 said:


> yea, avg dosnt really help alot, other than slowing down your computer i
> 
> If i were you id use NOD32 its the best av around has been for years, it has no notisable inpact on your system preformance eather.
> 
> Use Superantispy free edition with NOD32, you wont regret it



I've had only good experiences wtih AVG. If AVG had been the main AV installed before the Virus came along I'm confident it would have prevented the infection. 

It's not the best as a pure removal tool, but it works for prevention.


----------



## troyrae360 (Apr 8, 2009)

TRIPTEX_MTL said:


> I've had only good experiences wtih AVG. If AVG had been the main AV installed before the Virus came along I'm confident it would have prevented the infection.
> 
> It's not the best as a pure removal tool, but it works for prevention.



I wouldnt trust it, After Working in the IT industry as a technician i can tell you with full  
confordence that its crap, the amount of people that come in with fully infested computers that have AVG is alot more than any other av.
also when avg8 came out the amount of calls we got saying my computers broke or my computers going very slow, the first thing id do was to check to make sure they wernt using AVG 8, if they were id uninstall it and at least 90% of the time it would be running good again.

All in All avg is bad, it lets way to many viruses through and criples some computers, its overheads are too high, 
If you want a good AV download the demo of Nod32 and give it a go, trust me, im not just writing this for fun im trying to help you. At least read the reviews on nod32

Remember you pay penuts, youll get monkeys


----------



## TRIPTEX_CAN (Apr 8, 2009)

Ill give it a shot... wont hurt to try.


----------



## Lillebror (Apr 8, 2009)

Nod32 is a great av program, but if your after a free av, you can grab avast.

http://www.eset.com/images/VB-tests-passed.jpg

http://www.eset.com/images/Missed-In-the-Wild-Viruses.jpg

But always install spybot - search and destroy. Just to use the imunizer, and then you can uninstall it again - it helps LOADS by blocking alot of bad sites and stuff.


----------



## newtekie1 (Apr 8, 2009)

Lillebror said:


> Nod32 is a great av program, but if your after a free av, you can grab avast.
> 
> http://www.eset.com/images/VB-tests-passed.jpg
> 
> ...



McAfee better than AVG...

Those are some BS marketing graphs...

I feel sorry for anyone that believes McAfee is better than AVG.:shadedshu


----------



## TRIPTEX_CAN (Apr 8, 2009)

newtekie1 said:


> McAfee better than AVG...
> 
> Those are some BS marketing graphs...
> 
> I feel sorry for anyone that believes McAfee is better than AVG.:shadedshu



McAfee was the AV installed when the infection took place.


----------



## iStink (Apr 8, 2009)

If mcAfee is no good, what's the best? I run the free version of McAfee comcast gave me, and i've never had an issue.  Its found things, deleted them just fine. vundo was a pain in the ass, but malwarebytes seems to have removed it.


----------



## techbuzz (Apr 8, 2009)

I would first take the hard drive out of the machine it is in and hook it up to another machine and run an AV scan that way...if you haven't done it already.

I have also had success with renaming the hijackthis executable to something else. I have run across some spyware/viruses that can detect the hijackthis executable and hide itself.


----------



## Chryonn (Apr 8, 2009)

after reading every post in this thread i decided to download Hijackthis and to install it. lol it won't install. what did you rename it to? 



EDIT: it's ok i found out how


----------



## newtekie1 (Apr 8, 2009)

iStink said:


> If mcAfee is no good, what's the best? I run the free version of McAfee comcast gave me, and i've never had an issue.  Its found things, deleted them just fine. vundo was a pain in the ass, but malwarebytes seems to have removed it.



The majority of machines I see come in to my shop infected with viruses and spyware have McAfee on them.  I would avoid McAfee at all costs, and uninstalling it is usally a real pain in the ass.  I almost always have to run the McAfee product removal tool to get it to uninstall.

I don't believe a fully updated McAfee is really that bad at protection from Viruses and other threats.  However, usually the update service breaks without the user knowing, and it quickly becomes useless due to not being updated.

There are several good alternatives to McAfee, some of them even free.  Personally, I use AVG on my machines, and the shop I work for recommend it.  It is free for personal use, and gets the job done.  There is also Avast!, however when I used that, it broke my 16-bit sub-system on Windows XP upon uninstall.  Since, at the time, I was still using some 16-bit programs, this made the machine useless once Avast! was uninstalled, worse than a malware infection, and the only way to fix it was to re-install Avast!, or reformat. Nod32 is also good, but not free, and with the alternatives being just as good it isn't worth paying for, IMO.


----------



## TheMailMan78 (Apr 8, 2009)

newtekie1 said:


> The majority of machines I see come in to my shop infected with viruses and spyware have McAfee on them.  I would avoid McAfee at all costs, and uninstalling it is usally a real pain in the ass.  I almost always have to run the McAfee product removal tool to get it to uninstall.
> 
> I don't believe a fully updated McAfee is really that bad at protection from Viruses and other threats.  However, usually the update server breaks without the user knowing, and it quickly becomes useless due to not being updated.
> 
> There are several good alternatives to McAfee, some of them even free.  Personally, I use AVG on my machines, and the shop I work for recommend it.  It is free for personal use, and gets the job done.  There is also Avast!, however when I used that, it broke my 16-bit sub-system on Windows XP upon uninstall.  Since, at the time, I was still using some 16-bit programs, this made the machine useless once Avast! was uninstalled, worse than a malware infection, and the only way to fix it was to re-install Avast!, or reformat. Nod32 is also good, but not free, and with the alternatives being just as good it isn't worth paying for, IMO.



Watch out! I agree with newtekie1 on this. Personally I pay for my protection (Onecare) but its only because I enjoy the backup it provides and its seamless integration into Vista. Other than that I would use AVG.


----------



## iStink (Apr 8, 2009)

newtekie1 said:


> The majority of machines I see come in to my shop infected with viruses and spyware have McAfee on them.  I would avoid McAfee at all costs, and uninstalling it is usally a real pain in the ass.  I almost always have to run the McAfee product removal tool to get it to uninstall.
> 
> I don't believe a fully updated McAfee is really that bad at protection from Viruses and other threats.  However, usually the update server breaks without the user knowing, and it quickly becomes useless due to not being updated.
> 
> There are several good alternatives to McAfee, some of them even free.  Personally, I use AVG on my machines, and the shop I work for recommend it.  It is free for personal use, and gets the job done.  There is also Avast!, however when I used that, it broke my 16-bit sub-system on Windows XP upon uninstall.  Since, at the time, I was still using some 16-bit programs, this made the machine useless once Avast! was uninstalled, worse than a malware infection, and the only way to fix it was to re-install Avast!, or reformat. Nod32 is also good, but not free, and with the alternatives being just as good it isn't worth paying for, IMO.


I noticed you didn't mention Norton.  No good?

Lets say I had all the money in the world or at least I didn't mind paying for my av.  What would you recommend then?


----------



## TRIPTEX_CAN (Apr 8, 2009)

iStink said:


> I noticed you didn't mention Norton.  No good?
> 
> Lets say I had all the money in the world or at least I didn't mind paying for my av.  What would you recommend then?



Nod32 most likely.. or with all the money in the world you can pay MS to write a patch for all DX versions to run in Linux.


----------



## newtekie1 (Apr 8, 2009)

iStink said:


> I noticed you didn't mention Norton.  No good?
> 
> Lets say I had all the money in the world or at least I didn't mind paying for my av.  What would you recommend then?



Norton's personal products are just about as bad as McAfee, I would avoid them also.

Nod32 is probably the best pay AV, but like I have said the free alternatives are good enough.  If _I_ really had to pay for something, it would probably be AVG, but that is only because that is the AV I am most comfortable using.

The main thing to worry about is making sure you know how your AV works.  So you know how to make sure the AV is staying up to date, and doing the proper system scans on a daily basis.


----------



## BazookaJoe (Apr 8, 2009)

My experience : Installing Norton / AVG / McAfee  is worse than GETTING a virus.

The amount of system resource they destroy and the number of problems they create for me are simply unbelievable.

*I use Nod32 - Its pretty good*, I have a friend who likes Kaspersky, and also gets reasonable results there.

NO ANTI-VIRUS / ANTI-SPYWARE TOOL IS PERFECT, or ever will be, but Norton / AVG / McAfee  are worse than having a virus...

I would even go so far as to say that for anyone without a Quad-Core CPU, and MINIMUM 2 Gigs of ram - Norton *IS* Malware - It will absolutely destroy the usability of your common generic single core "office" type pc. 

I only make a point because it wasn't so long ago (2003) that I considered Norton Anti-Virus to be one of the best on the market - But now (Like many other titles) It's SO BUSY trying to do every other retarded thing OTHER than look for viruses, it can single handedly destroy a smaller PC alltogether.


----------



## newtekie1 (Apr 8, 2009)

I don't know why you include AVG in there, it uses next to no system resources.  In fact AVG is using all of 3.5MB of memory on my current work machine, and uses under 50MB during a full system scan, neither cause any slowdown with the Celeron+512MB I'm running.

I'll agree with Norton and McAfee, but I have had no issue with AVG.  What problems have you had with AVG?


----------



## suraswami (Apr 8, 2009)

AVG is ok for being free.  Its like cheap condom.

I trust PCCillin Internet Security Pro/Regular version.  Also recommend Norton Internet Security (later version than 360 is good) for my friends and clients.

And oh $20 + free shipping for a 3 user license PCCillin Internet Security - you can't beat that.  Don't understand when we can afford to buy a damn $1500 PC but cannot spend that extra $20 for peace of mind (per year ofcourse).


----------



## troyrae360 (Apr 8, 2009)

BazookaJoe said:


> My experience : Installing Norton / AVG / McAfee  is worse than GETTING a virus.
> 
> The amount of system resource they destroy and the number of problems they create for me are simply unbelievable.
> 
> ...



Im with you on this matter.
 While working as a Tech, most computers that came in with virus or other problems had one of those products on there system.
first thing to do is uninstall AVG norton or Macafee, and what ever other crap was on there and run NOD32 and it would always pull off a few virus that AVG or Norton had missed.

My recomendation if you've been on the same windows install for longer than 6months is to uninstall your current AV and at least just try NOD32, it has a one month demo, then you can go back to your old AV after NOD32 has cleaned your system. 
I am almost certin that if you've been running AVG or Norton or Macafee for the last 6month+ that NOD32 will find at least 1 or more virus's, id almost put money on it.


----------



## DRDNA (Apr 8, 2009)

Did you slave the darn drive yet and get it cleaned??????????..run a root kit detection on it as well(probably why it reinstalls after reboot)


----------



## driver66 (Apr 8, 2009)

iStink said:


> I noticed you didn't mention Norton.  No good?
> 
> Lets say I had all the money in the world or at least I didn't mind paying for my av.  What would you recommend then?



KASPERSKY :}


----------



## Lillebror (Apr 9, 2009)

some of you guys should really read this: http://www.av-comparatives.org/images/stories/test/ondret/avc_report21.pdf

Even FSecure does a better job than avg - and onecare is even worse! And avast is better than Nod32.

http://www.av-comparatives.org/comparativesreviews just keep up todte with this site - it makes the best comparisons with av's ever!


----------



## iStink (Apr 9, 2009)

newtekie1 said:


> Norton's personal products are just about as bad as McAfee, I would avoid them also.
> 
> Nod32 is probably the best pay AV, but like I have said the free alternatives are good enough.  If _I_ really had to pay for something, it would probably be AVG, but that is only because that is the AV I am most comfortable using.
> 
> The main thing to worry about is making sure you know how your AV works.  So you know how to make sure the AV is staying up to date, and doing the proper system scans on a daily basis.



Well McAfee does update every single day, and I have scans that go Monday Wednesday and Friday at 1AM (I'm usually out on the weekends.) 

I really do hope it's enough.  I'll check out Nod32 if  I ever run into a problem with it.  Thanks for your replies.


----------



## newtekie1 (Apr 9, 2009)

Lillebror said:


> some of you guys should really read this: http://www.av-comparatives.org/images/stories/test/ondret/avc_report21.pdf
> 
> Even FSecure does a better job than avg - and onecare is even worse! And avast is better than Nod32.
> 
> http://www.av-comparatives.org/comparativesreviews just keep up todte with this site - it makes the best comparisons with av's ever!



If McAfee was 99.1% effective, better than all but 2 of the other AV's tested, I wouldn't see 5+ machines a week come in with McAfee installed and being virtually unuseable due to malware infection.

Anyone that deals with this stuff in the real world on a daily basis will tell you McAfee is shit.

One of the major flaws in tests like this, and one of the many reasons they are essentially useless, is that they don't deal with the actual product "durability" for lack of a better word.  A fully updated McAfee _might_ catch more malware, however the program itself is a piece of crap.  The auto-updater breaks with a drop of a hat, and the program often never informs the user that updates are not being installed.  The scanning engine is just as broken, and daily auto-scans can very quickly stop working, as can manual scans.  This usually happens without the user being aware in any way.  On top of this, once McAfee is broken, it usually becomes virtually impossible for the normal user to fix the problem.  It usually can't be uninstalled fully, and will not re-install either.  Without the McAfee removal tool, which most average users do not know about, removal or even basic protection becomes impossible.

So, yes, a fresh install of McAfee on a fresh install of Windows _might_ give you more protection.  But 2-3 years down the road, it is likely not to be working at all anymore.  Compared to some of the others which are far more reliable.


----------



## fart_plume (Apr 9, 2009)

Have you tried running MS malicious software removal tool in safemode? It got rid of a similar virus my wife had on hers.( It plants itself in the restore point files where you can't get access to it, even most AV can't get in there) if you go in to safemode turn off system restore and then run the MS malious software tool then scan it with AVG you should be able to clean it out.


----------



## BazookaJoe (Apr 9, 2009)

newtekie1 said:


> I don't know why you include AVG in there, it uses next to no system resources.  In fact AVG is using all of 3.5MB of memory on my current work machine, and uses under 50MB during a full system scan, neither cause any slowdown with the Celeron+512MB I'm running.
> 
> I'll agree with Norton and McAfee, but I have had no issue with AVG.  What problems have you had with AVG?



Hi , Yeah - AVG Isn't really the prime offender in my rant - but Since version 8 It's real-time scanner is ABSOLUTELY APPALLING in its CPU time usage, and rendered a NUMBER of smaller machines (that I was asked to look at because they seemed broken) virtually useless.

Clients where literally calling me up saying - "I think my PC is broken..." only to find they had upgraded to v8+ when I arrived.

Its hard to not notice 1 of 4 cores running 100% all day on a quad, but in a single core platform your day is over.

Beyond that however - AVG's virus database is very very poor - regularly I find PC's running AVG with latest version, and all updates done that are infected with multiple actual viruses, as well as spyware, and some of the viruses are more than a year old in Nod32 / Kaspersky / heck even Symmantec databases.

I don't mean to be TOO hard on a free product - but a Nod32 / Kaspersky 1 year license is SOOO cheap... Whats the point in taking the risk?


----------



## techbuzz (Apr 9, 2009)

BazookaJoe said:


> Hi , Yeah - AVG Isn't really the prime offender in my rant - but Since version 8 It's real-time scanner is ABSOLUTELY APPALLING in its CPU time usage, and rendered a NUMBER of smaller machines (that I was asked to look at because they seemed broken) virtually useless.
> 
> Clients where literally calling me up saying - "I think my PC is broken..." only to find they had upgraded to v8+ when I arrived.
> 
> ...



I recently tested out the new version of Norton Internet Security and was very impressed. Symantec did a good job listening to customer complaints and concerns and ended up releasing a quality product. I have started recommending it to all my customers. 

I personally get a free license of an AV program called Sophos. Unfortunately it is not managed well and it tends to slow computers down dramatically on occasion.

My experiences with AVG Free used to be very positive, but recently, with the newer versions, it just seems to take over the machine making it impossible for the computer to even be used at times.

The problem with products like Nod32 and Kaspersky is that they are not well known brands to most users. I have problems convincing my customers that they are safe AV applications and that they are worth the money.

If I had the money I would spend it on Norton Internet Security. They seem to have all their ducks in a row. Their virus definitions are always up to date with current threats and they leave a very small footprint on machines.

Oh! Most people that come to my shop with virus issues usually have McAfee installed.


----------



## TRIPTEX_CAN (Apr 9, 2009)

I've been installing AVG's latest version on several PCs from laptops to high-end desktops and I've never seen CPU usage idle anything over 0%. When the on demand scanner is running there are resources being used obviously, but I wouldnt say it made the PC useless. 

@ bazookajoe there must have been something wrong with your PC or AVG install for it to run @ 100% all day. You should just scan overnight.


----------



## newtekie1 (Apr 9, 2009)

TRIPTEX_MTL said:


> I've been installing AVG's latest version on several PCs from laptops to high-end desktops and I've never seen CPU usage idle anything over 0%. When the on demand scanner is running there are resources being used obviously, but I wouldnt say it made the PC useless.
> 
> @ bazookajoe there must have been something wrong with your PC or AVG install for it to run @ 100% all day. You should just scan overnight.



Correct, like I said, I have it installed on many machines ranging from my quad-core gaming machine, to single core celerons.  Never notice it, even when the on-demand scan is running.  When the on-demand scan is running, it will use 100% of the CPU.  However, that is where actually understanding how your AV works comes into play.  The little slider on the on-demand scanning screen will adjust the priority of the scan.  When set to "Slow Scan" the priority will be at it's lowest, so any program you run will take priority over AVG.  This setting will make and on-demand scan virtually invisiable to the user, even if it is saying the CPU is at 100%.  And yes, you can change an option in AVG so that every on-demand scan defaults to this setting, I do it on all the single core machines I install AVG on.


----------



## iStink (Apr 9, 2009)

One of my professors in college was absolutely convinced mcafee and apple both wrote the majority of viruses out there today lol

Anyways, if I were to remove mcafee now, would it disrupt my system?


----------



## newtekie1 (Apr 9, 2009)

No, you shouldn't have a problem.  Just make sure you have another AV downloaded and read to install after you get McAfee uninstalled.

And after you uninstall McAfee, run the McAfee Consumer Product Removal Tool found here:  

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

This makes sure all the pieces of McAfee have been uninstalled.


----------



## BazookaJoe (Apr 9, 2009)

TRIPTEX_MTL said:


> I've been installing AVG's latest version on several PCs from laptops to high-end desktops and I've never seen CPU usage idle anything over 0%. When the on demand scanner is running there are resources being used obviously, but I wouldnt say it made the PC useless.
> 
> @ bazookajoe there must have been something wrong with your PC or AVG install for it to run @ 100% all day. You should just scan overnight.



Over 20 pc's both AMD and Intel (Not all belonging to the same people), ALL older single core "office" machines (win XP / 2000). All Rendered Useless by AVG CPU Usage - none of them Mine.

This was very soon after V8 was launched - but all of those people no longer use AVG  because of this - So *it may well have been fixed in more recent versions*, I'm really not too sure, as none of my customers use it any more, and I Use Nod32.

See : "My experiences with AVG Free used to be very positive, but recently, with the newer versions, it just seems to take over the machine making it impossible for the computer to even be used at times." By : *pcgolfer85*

I have seen a lot of other people complaining about the same fault online - Just Google - I know many PPl are not affected, but many are - and whatever causes it makes the pc completely unusable.

I still wont Use or recommend AVG due to its very poor virus detection track record - I suppose it IS better than nothing if you have a newer PC, but I still rate it poorly - even when its NOT flattening your CPU, as I have seen so many infections walk straight through it as it was made of wet toilet paper - That's just my personal experience with the product :\

And to be fair - at the time when I Abandoned AVG (Witch Admit I have done and I have *not* tested newer versions since the initial releases of V8) I did SIGNIFICANT amounts of testing with VM's infecting them with viruses I had found at customers, and AVG routinely ignored viruses that where sometimes as much as more than a year old according to other AV virus databases.


----------

