they want free, so they install Avast Free. I always had a problem with Avast/AVG, but now I feel like they exhibit malware-like behavior. So then I ran the AVG removal tool from AVG themselves, and guess what - the file still remains and creates persistence with itself. Then uninstalled it with Revo+Advanced, sure enough this program created persistence with itself. To test this, I setup a test machine, installed AVG PAID. Task: - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies CZ, s.r.o.) It also reaches out to the Internet fairly regularly and traverses traffic.
Investigating further, I found this program creates a persistence of itself, even after uninstalling via a Scheduled Task pointing to a file hidden in a non-AVG directory. The person I was helping said they not only uninstalled AVG nearly 4 months prior, but they also followed up a normal uninstall with the AVG removal tool. Assuming it was malware I started to investigate and much to my surprise, I found this was a remnant of Avast/AVG. To my surprise, I found a program running called 'OVERSEER', but it was running as a hidden process. I created a remote session and logged in. A friend of mine called and was having some CPU spiking issues.
