Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • JohnB47
    • By JohnB47 12th May 18, 9:58 AM
    • 1,227Posts
    • 386Thanks
    JohnB47
    Anyone heard of Avast Remediation.exe?
    • #1
    • 12th May 18, 9:58 AM
    Anyone heard of Avast Remediation.exe? 12th May 18 at 9:58 AM
    EDIT: Just did a search and it turns out that it's not Remediation.exe, it is a process called Remediation exe and downloads a file called Wsc_proxy.exe This site has details:

    https://www.file.net/process/wsc_proxy.exe.html

    Original post:

    My laptop started up really slowly today so I suspected it was downloading something. Using task manager I see that Avast is taking up a lot of cpu/disk time. At one point I was asked if I would allow Avast Remediation.exe to download/run (can't remember which).

    I decided to go ahead and say yes.

    Avast is still chuntering away, after a good 15 minutes or so.

    Any advice?
    Last edited by JohnB47; 12-05-2018 at 10:13 AM.
Page 1
    • that
    • By that 12th May 18, 6:53 PM
    • 689 Posts
    • 381 Thanks
    that
    • #2
    • 12th May 18, 6:53 PM
    • #2
    • 12th May 18, 6:53 PM
    I'd start with these two, since no one is responding.

    1) google

    2)Go to MS, download the sysinternals suite. In there you will find PROCEXP and PROCEXP64, or Procexp which is like a task manager on steroids. Run this as admin.

    In the Options box make sure Verify Image Signatures is ticked, and directly below is Virus Total click this and tick Check VirusTotal.com, and tick Submit Unknown Executables.

    Under View tick Show Processes From All Users. Choose Select Columns, tick Virus total and User Name too

    At first glance the most important columns are: Virus Total, and Verified signer.

    the Virus Total should be all blue, but if any are red and the count is like 2/68 then in is still probably safe.

    For Verified Signer expect most to be ms, intel. Expect the verifier to be Avira - if you use avira, but you should be able to recognise the verified name with the product. The possible problem ones are '(No signature was present in the subject)', but these still could be good and valid software written by a small developer who did not have the time or resources to get it verified, but often they are rogue.

    You can also right click on an entry, choose properties, Image tab as this tells you the file location and startup comman. If unsure of the file, dont delete, just kill the job in Procmon and rename the extension form say 'file.exe' to 'file.exe.johnb47'


    I do have a vague recollection that an AV did offer 'secure browsing service/vpn', so it it was this one, it could be their proxy? you could always uninstall a/v, do another check? It has been a long time since I used Avast as it was getting too intrusive for me.
    Last edited by that; 12-05-2018 at 6:59 PM.
    • AndyPix
    • By AndyPix 12th May 18, 10:38 PM
    • 3,961 Posts
    • 3,337 Thanks
    AndyPix
    • #3
    • 12th May 18, 10:38 PM
    • #3
    • 12th May 18, 10:38 PM
    Immediately remove anything even remotely called avast from your computer.
    Next you need to run these 2 programs in order to rid yourself of the malware that you have ..


    They are both free


    https://www.malwarebytes.com/mwb-download/


    https://www.malwarebytes.com/adwcleaner/


    Let us know how many infections you had.


    Then, tell us which version of windows you are running so we can suggest a proper antivirus solution for you
    Running with scissors since 1978
    • JohnB47
    • By JohnB47 13th May 18, 9:51 AM
    • 1,227 Posts
    • 386 Thanks
    JohnB47
    • #4
    • 13th May 18, 9:51 AM
    • #4
    • 13th May 18, 9:51 AM
    I'd start with these two, since no one is responding.

    1) google

    2)Go to MS, download the sysinternals suite. In there you will find PROCEXP and PROCEXP64, or Procexp which is like a task manager on steroids. Run this as admin.

    In the Options box make sure Verify Image Signatures is ticked, and directly below is Virus Total click this and tick Check VirusTotal.com, and tick Submit Unknown Executables.

    Under View tick Show Processes From All Users. Choose Select Columns, tick Virus total and User Name too

    At first glance the most important columns are: Virus Total, and Verified signer.

    the Virus Total should be all blue, but if any are red and the count is like 2/68 then in is still probably safe.

    For Verified Signer expect most to be ms, intel. Expect the verifier to be Avira - if you use avira, but you should be able to recognise the verified name with the product. The possible problem ones are '(No signature was present in the subject)', but these still could be good and valid software written by a small developer who did not have the time or resources to get it verified, but often they are rogue.

    You can also right click on an entry, choose properties, Image tab as this tells you the file location and startup comman. If unsure of the file, dont delete, just kill the job in Procmon and rename the extension form say 'file.exe' to 'file.exe.johnb47'


    I do have a vague recollection that an AV did offer 'secure browsing service/vpn', so it it was this one, it could be their proxy? you could always uninstall a/v, do another check? It has been a long time since I used Avast as it was getting too intrusive for me.
    Originally posted by that
    Thanks for such a fulsome reply. It's unusual to get advice other than the usual 'run malwarebytes.....' etc. I'll have a look at what you've advised.
    • JohnB47
    • By JohnB47 13th May 18, 9:57 AM
    • 1,227 Posts
    • 386 Thanks
    JohnB47
    • #5
    • 13th May 18, 9:57 AM
    • #5
    • 13th May 18, 9:57 AM
    Immediately remove anything even remotely called avast from your computer.
    Next you need to run these 2 programs in order to rid yourself of the malware that you have ..


    They are both free


    https://www.malwarebytes.com/mwb-download/


    https://www.malwarebytes.com/adwcleaner/


    Let us know how many infections you had.


    Then, tell us which version of windows you are running so we can suggest a proper antivirus solution for you
    Originally posted by AndyPix
    Thanks Andy. You seem to be very certain that I have a problem, although my PC seems to be running perfectly now.

    Also, I jumped from AVG to Avast a while back and now it seems Avast isn't in favour. Is this a constant thing - jumping from one protection to the other after a year or so?

    I'm running Win 10 Home with the latest software upload (version 1803 OS build 17134.48).

    Thanks again.
    • unforeseen
    • By unforeseen 13th May 18, 10:24 AM
    • 3,092 Posts
    • 4,064 Thanks
    unforeseen
    • #6
    • 13th May 18, 10:24 AM
    • #6
    • 13th May 18, 10:24 AM
    If you are running Win10 then the inbuilt AV/malware applications are as good as any of the free ones
    • dogmaryxx
    • By dogmaryxx 13th May 18, 10:46 AM
    • 2,168 Posts
    • 2,575 Thanks
    dogmaryxx
    • #7
    • 13th May 18, 10:46 AM
    • #7
    • 13th May 18, 10:46 AM
    If you are running Win10 then the inbuilt AV/malware applications are as good as any of the free ones
    Originally posted by unforeseen

    Only if you use Internet Explorer/ Microsoft Edge as your browser.
    • JohnB47
    • By JohnB47 13th May 18, 10:47 AM
    • 1,227 Posts
    • 386 Thanks
    JohnB47
    • #8
    • 13th May 18, 10:47 AM
    • #8
    • 13th May 18, 10:47 AM
    Only if you use Internet Explorer/ Microsoft Edge as your browser.
    Originally posted by dogmaryxx
    Hmmmm. I use Chrome.
    • unforeseen
    • By unforeseen 13th May 18, 11:36 AM
    • 3,092 Posts
    • 4,064 Thanks
    unforeseen
    • #9
    • 13th May 18, 11:36 AM
    • #9
    • 13th May 18, 11:36 AM
    Only if you use Internet Explorer/ Microsoft Edge as your browser.
    Originally posted by dogmaryxx
    And why would that be?

    Chrome has its own built in and MS has released an updated Defender that covers Chrome as well.
    Last edited by unforeseen; 13-05-2018 at 11:42 AM.
    • dogmaryxx
    • By dogmaryxx 13th May 18, 1:20 PM
    • 2,168 Posts
    • 2,575 Thanks
    dogmaryxx
    And why would that be?

    Chrome has its own built in and MS has released an updated Defender that covers Chrome as well.
    Originally posted by unforeseen

    Chrome has its own built in

    If you mean the Chrome Cleanup Tool it's not a general purpose AV. Its sole purpose is to detect and remove unwanted software manipulating Chrome

    MS has released an updated Defender that covers Chrome as well.


    Why launch an extension for Chrome called Windows Defender Protection then?

    Also

    Defender will not scan files as they are downloaded in Chrome only once they are downloaded.
    • that
    • By that 13th May 18, 1:31 PM
    • 689 Posts
    • 381 Thanks
    that
    Thanks for such a fulsome reply. It's unusual to get advice other than the usual 'run malwarebytes.....' etc. I'll have a look at what you've advised.
    Originally posted by JohnB47
    The procedure is good, but definitely not perfect. It can't handle boot viruses, or things that may happens before windows runs. Also it does not detect browser hijacking, a remote proxy configuration, rogue dns, compromised flash, or hijacked web stuff.
    • AndyPix
    • By AndyPix 14th May 18, 9:18 AM
    • 3,961 Posts
    • 3,337 Thanks
    AndyPix
    Also, I jumped from AVG to Avast a while back and now it seems Avast isn't in favour. Is this a constant thing - jumping from one protection to the other after a year or so?
    .
    Originally posted by JohnB47
    I've never advocated installing AGV, Avast, avira or any of that other crap


    Built in windows defender works just as well - doesn't have all that flashy bloaty rubbish - doesn't slow down your machine . It just does its job .


    If you absolutely cant trust yourself not to click on anything untoward then I would say bitdefender is your best bet.


    And the reason people keep advising Malwarebytes and adw cleaner is because they work brilliantly and often rescue machines that are crippled with viruses and malware whilst having one of the above "AV solutions" installed regardless
    Running with scissors since 1978
    • dogmaryxx
    • By dogmaryxx 14th May 18, 10:41 AM
    • 2,168 Posts
    • 2,575 Thanks
    dogmaryxx
    [QUOTE=AndyPix;74283119]

    Built in windows defender works just as well - doesn't have all that flashy bloaty rubbish - doesn't slow down your machine . It just does its job .


    /QUOTE]


    According to AV-Comparatives that may depend on your computer specification.

    https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_per_201804_en.pdf
    • dipsomaniac
    • By dipsomaniac 14th May 18, 11:24 AM
    • 5,914 Posts
    • 2,353 Thanks
    dipsomaniac
    lol how did i know they would put microsoft at the bottom of the list before i even opened that pdf
    "The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson
    • AndyPix
    • By AndyPix 15th May 18, 9:19 AM
    • 3,961 Posts
    • 3,337 Thanks
    AndyPix
    [QUOTE=dogmaryxx;74283387]

    Built in windows defender works just as well - doesn't have all that flashy bloaty rubbish - doesn't slow down your machine . It just does its job .


    /QUOTE]


    According to AV-Comparatives that may depend on your computer specification.

    https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_per_201804_en.pdf
    Originally posted by AndyPix

    You are talking differences of tenths of a percantage point in overall score ..
    And Microsoft will be the only ones NOT putting money in the pockets of these "AV comparison" companies


    I can only go off real world personal experience (not clean lab machines) of seeing many many machines with various AVG etc processes taking over 80%CPU full time whilst doing nothing
    Last edited by AndyPix; 15-05-2018 at 9:21 AM.
    Running with scissors since 1978
    • dogmaryxx
    • By dogmaryxx 15th May 18, 11:09 AM
    • 2,168 Posts
    • 2,575 Thanks
    dogmaryxx
    And Microsoft will be the only ones NOT putting money in the pockets of these "AV comparison" companies
    Originally posted by AndyPix

    Not so.

    AV-Comparatives charge all manufacturers the same fee in order for their product to be tested, so none of them can be advantaged or disadvantaged.
    • AndyPix
    • By AndyPix 15th May 18, 11:53 AM
    • 3,961 Posts
    • 3,337 Thanks
    AndyPix
    Not so.

    AV-Comparatives charge all manufacturers the same fee in order for their product to be tested, so none of them can be advantaged or disadvantaged.
    Originally posted by dogmaryxx

    Wrong


    From their own website :
    " In several cases it happens that a vendor is tested even if it do not apply for it. In this case, the costs will be covered either by the magazines or by other independent parties, which requested the results."

    Look, you can believe this guff if you want to, and bicker about 0.1% detection rates.


    However i am not affiliated with any AV and can speak from long and full personal experience
    Running with scissors since 1978
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

1,050Posts Today

6,551Users online

Martin's Twitter
  • Today's FRI Twitter poll: As everyone knows, you're a creative genius with an huge range of highly honed skills.? https://t.co/KV5FHAqK6v

  • Watching Theresa May... seriously would anyone in their right mind truly want her job right now!

  • RT @thecheekypostie: @MartinSLewis Thanks to this, I have just skim read it. To those in Scotland - on page 548, Dounreay is mentioned by n?

  • Follow Martin