We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Anyone heard of Avast Remediation.exe?
JohnB47
Posts: 2,663 Forumite
EDIT: Just did a search and it turns out that it's not Remediation.exe, it is a process called Remediation exe and downloads a file called Wsc_proxy.exe This site has details:
https://www.file.net/process/wsc_proxy.exe.html
Original post:
My laptop started up really slowly today so I suspected it was downloading something. Using task manager I see that Avast is taking up a lot of cpu/disk time. At one point I was asked if I would allow Avast Remediation.exe to download/run (can't remember which).
I decided to go ahead and say yes.
Avast is still chuntering away, after a good 15 minutes or so.
Any advice?
https://www.file.net/process/wsc_proxy.exe.html
Original post:
My laptop started up really slowly today so I suspected it was downloading something. Using task manager I see that Avast is taking up a lot of cpu/disk time. At one point I was asked if I would allow Avast Remediation.exe to download/run (can't remember which).
I decided to go ahead and say yes.
Avast is still chuntering away, after a good 15 minutes or so.
Any advice?
0
Comments
-
I'd start with these two, since no one is responding.
1) google
2)Go to MS, download the sysinternals suite. In there you will find PROCEXP and PROCEXP64, or Procexp which is like a task manager on steroids. Run this as admin.
In the Options box make sure Verify Image Signatures is ticked, and directly below is Virus Total click this and tick Check VirusTotal.com, and tick Submit Unknown Executables.
Under View tick Show Processes From All Users. Choose Select Columns, tick Virus total and User Name too
At first glance the most important columns are: Virus Total, and Verified signer.
the Virus Total should be all blue, but if any are red and the count is like 2/68 then in is still probably safe.
For Verified Signer expect most to be ms, intel. Expect the verifier to be Avira - if you use avira, but you should be able to recognise the verified name with the product. The possible problem ones are '(No signature was present in the subject)', but these still could be good and valid software written by a small developer who did not have the time or resources to get it verified, but often they are rogue.
You can also right click on an entry, choose properties, Image tab as this tells you the file location and startup comman. If unsure of the file, dont delete, just kill the job in Procmon and rename the extension form say 'file.exe' to 'file.exe.johnb47'
I do have a vague recollection that an AV did offer 'secure browsing service/vpn', so it it was this one, it could be their proxy? you could always uninstall a/v, do another check? It has been a long time since I used Avast as it was getting too intrusive for me.0 -
Immediately remove anything even remotely called avast from your computer.
Next you need to run these 2 programs in order to rid yourself of the malware that you have ..
They are both free
https://www.malwarebytes.com/mwb-download/
https://www.malwarebytes.com/adwcleaner/
Let us know how many infections you had.
Then, tell us which version of windows you are running so we can suggest a proper antivirus solution for you0 -
I'd start with these two, since no one is responding.
1) google
2)Go to MS, download the sysinternals suite. In there you will find PROCEXP and PROCEXP64, or Procexp which is like a task manager on steroids. Run this as admin.
In the Options box make sure Verify Image Signatures is ticked, and directly below is Virus Total click this and tick Check VirusTotal.com, and tick Submit Unknown Executables.
Under View tick Show Processes From All Users. Choose Select Columns, tick Virus total and User Name too
At first glance the most important columns are: Virus Total, and Verified signer.
the Virus Total should be all blue, but if any are red and the count is like 2/68 then in is still probably safe.
For Verified Signer expect most to be ms, intel. Expect the verifier to be Avira - if you use avira, but you should be able to recognise the verified name with the product. The possible problem ones are '(No signature was present in the subject)', but these still could be good and valid software written by a small developer who did not have the time or resources to get it verified, but often they are rogue.
You can also right click on an entry, choose properties, Image tab as this tells you the file location and startup comman. If unsure of the file, dont delete, just kill the job in Procmon and rename the extension form say 'file.exe' to 'file.exe.johnb47'
I do have a vague recollection that an AV did offer 'secure browsing service/vpn', so it it was this one, it could be their proxy? you could always uninstall a/v, do another check? It has been a long time since I used Avast as it was getting too intrusive for me.
Thanks for such a fulsome reply. It's unusual to get advice other than the usual 'run malwarebytes.....' etc. I'll have a look at what you've advised.0 -
Immediately remove anything even remotely called avast from your computer.
Next you need to run these 2 programs in order to rid yourself of the malware that you have ..
They are both free
https://www.malwarebytes.com/mwb-download/
https://www.malwarebytes.com/adwcleaner/
Let us know how many infections you had.
Then, tell us which version of windows you are running so we can suggest a proper antivirus solution for you
Thanks Andy. You seem to be very certain that I have a problem, although my PC seems to be running perfectly now.
Also, I jumped from AVG to Avast a while back and now it seems Avast isn't in favour. Is this a constant thing - jumping from one protection to the other after a year or so?
I'm running Win 10 Home with the latest software upload (version 1803 OS build 17134.48).
Thanks again.0 -
If you are running Win10 then the inbuilt AV/malware applications are as good as any of the free ones0
-
unforeseen wrote: »If you are running Win10 then the inbuilt AV/malware applications are as good as any of the free ones
Only if you use Internet Explorer/ Microsoft Edge as your browser.0 -
-
unforeseen wrote: »And why would that be?
Chrome has its own built in and MS has released an updated Defender that covers Chrome as well.
Chrome has its own built in
If you mean the Chrome Cleanup Tool it's not a general purpose AV. Its sole purpose is to detect and remove unwanted software manipulating Chrome
MS has released an updated Defender that covers Chrome as well.
Why launch an extension for Chrome called Windows Defender Protection then?
Also
Defender will not scan files as they are downloaded in Chrome only once they are downloaded.0 -
The procedure is good, but definitely not perfect. It can't handle boot viruses, or things that may happens before windows runs. Also it does not detect browser hijacking, a remote proxy configuration, rogue dns, compromised flash, or hijacked web stuff.Thanks for such a fulsome reply. It's unusual to get advice other than the usual 'run malwarebytes.....' etc. I'll have a look at what you've advised.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 619.9K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards