AVG Secure Search Security Toolbar is malware, avoid it more than the plague

avg_secure_search

I’ve been reviewing software since dotTech was born back in October 2008. By now, over four years on, I have become very good at avoiding crapware that comes bundled with many programs, notably toolbars; I can only remember one time in the past few years when I have accidentally installed crapware.

A few weeks back I ran across avast Browser Cleanup, a program that claims to be able to remove browser toolbars and unnecessary add-ons. The features of avast Browser Cleanup looked interesting so I wanted to test the program to see if it was worth posting about on dotTech. As such, I needed to have some toolbars installed on my computer (because, after all, I can’t know if avast Browser Cleanup actually works if I have no toolbars to test it on). So I went out and installed AVG Secure Search Security Toolbar, Ask Toolbar, and Bing Bar (directly from their respective websites) and then tried to remove them with avast Browser Cleanup. To my delight, avast Browser Cleanup was able to remove all three toolbars from my browsers. Or so I thought.

I’m one of those people who like to keep an eye on Windows Task Manager to see what processes are running on my computer. If I ever see a process unknown to me, I investigate to ensure it is legitimate. A few days after removing AVG Secure Search Security Toolbar, Ask Toolbar, and Bing Bar from my computer with avast Browser Cleanup, I noticed a process ‘vprot.exe’ was running. Never having seen it before, I started looking into it; my first step was right-clicking on vprot.exe and opening the file’s location. To my surprise, vprot.exe lead me to C:\Program Files\AVG Secure Search which contained AVG Secure Search Security Toolbar, a toolbar I thought I had already removed.

At this point I was raging at avast Browser Cleanup, thinking the program didn’t properly remove AVG Secure Search Toolbar. What I didn’t know at the time is avast Browser Cleanup did its job just fine; the problem was (is) AVG Secure Search Toolbar keeps coming back after being uninstalled/removed/deleted.

When I discovered AVG Secure Search Toolbar was still installed on my computer, I went to Add/Remove Programs to uninstall it. The only problem? AVG Secure Search Toolbar’s uninstaller didn’t work. I even tried running ‘Uninstall.exe’ directly from C:\Program Files\AVG Secure Search, but still no luck. With a seemingly broken uninstaller, I decided to simply delete C:\Program Files\AVG Secure Search thinking that would be the end of it.

A few days passed and out of the blue I was prompted by Firefox that AVG Secure Search Toolbar wanted to install in my browser. I thought to myself: “WTF, didn’t I just delete this a few days ago?” I, of course, blocked AVG Secure Search Toolbar from installing in Firefox and then went to check C:\Program Files\AVG Secure Search to see what is up. To my surprise (and horror), AVG Secure Search Toolbar was back as if I never deleted it! At the same time, I noticed AVG Secure Search Toolbar was also residing in C:\ProgramData\AVG Secure Search, so I thought to myself: “Maybe that is why AVG Secure Search Toolbar came back — I didn’t delete the ProgramData folder last time and only deleted the Program Files folder“.

Upon seeing the return of AVG Secure Search Toolbar, I once again tried to uninstall it and once again ran into the same issue — broken uninstaller. So I decided to again manually delete AVG Secure Search Toolbar, except this time I made sure to delete both C:\ProgramData\AVG Secure Search and C:\Program Files\AVG Secure Search. I even used Eraser to securely erase them, just for the heck of it.

For the moment it appeared that AVG Secure Search Toolbar was gone. However, guess what happened the next day? I found AVG Secure Search Toolbar was back!

When seeing this piece of shit was back (again), I repeated the same procedures of trying to uninstall it but upon fail due to broken uninstaller, I decided to pull out the big guns. I used Comodo Programs Manager to force uninstall AVG Secure Search Toolbar and delete all related files, folders, and registry entries. Again, for the time being, it appeared that I got rid of AVG Secure Search Toolbar. But then a few hours later, I noticed it was back. Again.

Now, at this point, I was frustrated beyond belief. I decided I’d try to remove AVG Secure Search Toolbar one last time to see if I was successful. So I went to Google to see if anyone had tips on how to remove it. I found out that AVG Technologies provides an official uninstaller/remover for AVG Secure Search Toolbar. Upon seeing this uninstaller, I thought to myself: “Wow, this must be it. This must be how to remove this bloody crapware.” Oh how I wish I was right.

After downloading AVG Secure Search Toolbar’s official uninstaller, I ran it and it told me it had successfully removed AVG Secure Search Toolbar from my browsers and computer; it even reset my browser homepages to default. Cool. Or not — the next day AVG Secure Search Toolbar returned, yet again.

That, as I just mentioned, was my last attempt to try to remove AVG Secure Search Toolbar. My computer is due for a reformat anyway, so I figured I’ll get rid of AVG Secure Search Toolbar vis-a-vis the reformat I’m going to do; I wasn’t about to go waste more time trying to remove this crap. However, then I had an idea. What if the reason AVG Secure Search Toolbar keeps coming back is if its installation was (is) corrupted? That would also explain the broken uninstaller. Of course, this was a shaky theory (because a broken program doesn’t continually reinstall itself) but it was worth a shot. So I downloaded AVG Secure Search Toolbar’s installer from AVG’s website and reinstalled AVG Secure Search Toolbar. Then I reran the official AVG Secure Search Toolbar uninstaller. Anyone want to guess what happened next? Yep, AVG Secure Search Toolbar’s official uninstaller seemingly removed AVG Secure Search Toolbar… only for AVG Secure Search Toolbar to return after a few hours.

I am currently typing this article with AVG Secure Search Toolbar still on my computer (although I have it blocked from my browsers). I have tried everything I can think of to get rid of this crap but it keeps coming back, just like malware. What makes matters worse is the fact that AVG Secure Search Toolbar is not be some rogue developer; it is by AVG Technologies, a company that makes anti-virus and other security software (AVG AntiVirus Free, AVG AntiVirus, AVG Internet Security, AVG Premium Security, etc.) used by millions upon millions of people around the world. Yet their toolbar behaves nothing better than malware. In fact, I had an easier time removing Ask Toolbar — a toolbar infamous as the worst of the worst crapware — than AVG Secure Search Toolbar.

As luck may have it, I’ve never been an AVG user to protect my computer, data, and files; for one reason or another, I’ve always gone with AVG’s competitors, notably Avira and Avast. Now I’m glad I’ve never used AVG. If they have a malware-like toolbar, I can’t see how their anti-virus  — and releated programs — will be any better. And, based off my experience with AVG Secure Search Toolbar, I’d recommend everyone using AVG security software to switch as soon as possible. It just isn’t worth it.

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

116 comments

  1. Stu Van Tine

    I have been telling every stock adviser I run into that AVG stock (AVG – NYSE) is a dangerous stock to own and should be dumped immediately. They could be hit with a class action suit or federal criminal action at any time, and the stock selloff might render the stock worthless overnight. Every victim should post this warning and forward this warning on investment blogs, and to any and all stock brokers they know, with, of course, a request to spread the word. Yes, technically, it’d not a virus. But, whatever we call it (foistware, malware, adware, etc.) it is damaging software installed on our computers without our knowledge or consent by trickery and stealth. It is an intentional tort and therefore bankruptcy won’t discharge the liability. Involving fraudulent interstate communications, it consists, IMHO, of a number of criminal acts as well. That last sentence is an opinion based on facts posted on the internet, which I can’t verify but believe to be true. Perhaps someone with more free time than I have should start circulating petitions for investigation by the FBI and FCC.

  2. raffy

    i just bought and avg antivirus to install,and when i clck to open it says this exactly,” This file does not hav a program associated with it for performing this action.plesase install a program,or if one is already installed,create an association in the default program control panel…helpp!!!

  3. pilotart

    [@Art Johnson] posted it without registering and could not get back to edit. Just wanted to post links to the utilities I mentioned:

    http://www.shouldiremoveit.com/Advanced-Uninstaller-PRO-Version-11-10810-program.aspx

    Link above should also have details about AVG remover program I used as well as a download for the “Should I Remove it” utility.

    Advanced Uninstaller Pro is here:

    http://www.advanceduninstaller.com/

    They like to offer their downloads through CNET which was how I was infected by AVG, use caution or download from http://www.majorgeeks.com/ or http://filehippo.com/ .

    I just downloaded Avast Free and it started from CNET, stopped it and found a direct download link on http://www.wilderssecurity.com/

  4. Art Johnson

    [@AFPhy6] Thank you for posting about Startup Monitor. I had been using it for years on Win-9x and XP and just installed it on Win-7, will check Win-8.1 next.

    There are so many programs you want to use occasionally, but don’t want them loading on every boot…

    https://web.archive.org/web/20131105052937/http://www.mlin.net/StartupMonitor.shtml

    Link above opens to Mike Lin’s download site, Startup Monitor is on the left side and it is the best value of any program, considering its size and footprint.

  5. Art Johnson

    Mine was snuck on one of my systems by CNET (decline was not offered) and removing it was a bear…

    What finally worked for me was: Advanced Uninstaller PRO which was freeware and did a thorough job including all registry entries, so it never came back.

    I also like “Should I Remove It?” freeware which will scan your system for questionable programs and provide details about any program. It flagged AVG’s Malware at the top of its list, but could not remove it (all other programs, it can remove easily).

  6. Simon

    I am having exactly the same problem. I have even contacted malwarebytes and reported it as malware and they say it isn’t. I have used the AVG removal tool as well and it immediately comes back within hours. I hate these proprietary search engines and functions (I never use toolbars). I don’t know how AVG have the cheek to produce this piece of software. What a joke. I cannot uninstall it and I cannot get a spyware removal tool to recognise it. So, every time I open chrome I get three boxes, two of which are AVG secure search. I will never use AVG again.

  7. Jake Sullivan

    I would agree that it is very easy for Software houses to make installation a difficult procedure for lesser tech-savvy people — and in this way the User can be force-fed extra software and/or settings that their computer does not need.
    AVG is guilty of this methodology, but similarly are Flash & Java with drive-by installations of software you do not want.
    I am happy to carry on using AVG, but for those who have not the experience, using computers must be an unsure experience with the technical check-boxes that can & will ask for interaction.
    >>> My advice is to use AVG & Sandboxie together… and never ever use dubious software, once you’ve been bitten you’ll rue the hassle involved.

  8. dts

    this is what i sent to them today
    “wtf – you have invaded me with a self attaching toolbar even though i clicked NOT to install.

    i will start spreading the news that AVG promotes themselves by malware”

  9. stuvantine

    Would guerrilla warfare work? Search hijackers get paid for directing “traffic” to websites. Site owners must know they are paying AVG to cause us grief and aggravation, wasting our time and money. Write and tell them so, and that you regard them as spammers and possibly guilty of criminal conduct. Further you will never visit their site on purpose, and will warn your friends that they are in league with a notorious virus spreader. Finally, you will tell your friends that the merchants are so unscrupulous they might be capable of any depravity, from selling stolen goods to sex slavery or worse. If enough of us did it, we would have the satisfaction of pissing them off, at least. At best, we might cost them a few advertisers. Want to get the ho’s out of town? Threaten the Johns.

  10. Donna

    Instead of us all complaining which is accomplishing nothing (yes I complained here too!) why don’t we all use the link (which for some reason I can’t find here) or google and go to AVG and complain complain directly to AVG. And get everyone we know to complain. Maybe, just maybe if enough quit using there program and complain they will make a change. I know it is a wish upon a dream. But still a minute chance. )-:

  11. Me

    To anyone else who encounters this malware/foistware:

    I’ve just been infected with f…ing piece of malware.
    I didn’t ask for it to be installed, it was just there.
    I searched through my entire system and found traces of it everywhere under every account and throughout the registry. They are sneaky SOBs – they add a task to windows task scheduler to reinstall it every time any user logs on – once they get an administrator logging on they have free access.
    Remove it from the task scheduler first but take note of and delete the scheduled target file, then start searching for all references to their software and delete it. You need to remove it from the registry also – better get help if your not comfortable doing that yourself.
    You will have to boot into safe mode to remove some of the components.

    My fault in a way, I let my antiviral/malware expire while trying to decide which package I wanted to use going forward. Not sure if the big players check for this malware or not since it’s marketed as antiviral but I’m going to check that with them and recommend they do so.

    Note: I see a link to download AVG software at the top of your post – very surprising given the topic.

  12. James

    This malware will not leave either, it is not uninstalling it is one of the most frustrating things I have ever had to deal with. Every time I try to type anything into the chrome box it simply goes straight to AVG secure search.

  13. bb

    If AVG search pages are opening up each time you start up Chrome, check in Wrench > Settings > On Startup > next to the radio button for Open a specific page or set of pages, click on Set pages > remove any unwanted URLs by hovering over the URL until you see an “X” appear to the right side of the URL.
    If all searches that you perform in the omnibox is returning with results from AVG search instead of your preferred search engine, check in Wrench > Settings > Search > Manage search engines > check the list of Default search engines, Other search engines, and Search engines added by extensions, and remove suspicious entries that you are not familiar with. Depending on your extensions, you may not see the last section for Search engines added by extensions.
    If AVG search is currently selected as the default search engine, you will have to choose another search engine provider as your default first, and then remove the AVG entry. To select another search engine provider as your default search engine, hover over the search engine until you see “Make Default” appear on the right side. Once you have selected your preferred default search engine, you can remove other entries that you do not want by hovering over the entry until an “X” appears on the right side.
    If AVG is opening up when you click on the Home button, check in Wrench > Settings > Appearance > select the Show Home button checkbox > check if the URL that appears below it references AVG.
    Also check that there are no extensions installed that may be causing these changes. Go to Wrench > Settings > Extensions > if you see any unfamiliar extension that you do not remember installing, try disabling/removing the extension to see it was causing these changes. To disable, uncheck the “Enabled” checkbox next to the extension. To remove, hover over the extension until you see a trash can icon appear, and click on the icon.

  14. Donna

    [@Leia]
    I’m trying to figure out where you see an Ad for AVG Security. I checked every page and of this article with the comments and don’t see it. I do see a couple of other ads but not AVG. I do have ad blocker with Firefox so maybe that is why? But if there is one it certainly is understandable. Ashraf has to support the site. And I appreciate everything I have learned from here.

  15. Leia

    This is a problem for me as well, except i’ve had a computer with AVG toolbar stuck on it and have recently upgraded to a desktop computer that I, unfortunately share with family members much less tech savvy than myself and much less informed about malware programs and how to avoid them. So it wasn’t my fault, but somehow, for some reason, AVG is now stuck on my desktop as well.

    And it’s quit funny, how just below this article, right on top of the comments section as I’m typing this, there is an advertisement for AVG security software -_-

  16. Kjukowski

    [@Nicolas]
    This worked for me. Also note that the vprot.exe files were in C:\WINDOWS\Temp\Avg_##### or similar temporary folders (3 of them! Probably one for every uninstall attempt…) First attempted uninstalling using their uninstaller from a server (WS2003) which spawned an additional process, most likely to seed the reinstaller, that was blocked due to permissions.

  17. Nicolas

    On WXP:

    1) Delete all vprot.exe from registry.

    2) Kill process.

    3) Delete folder containing vprot.exe.

    4) Delete every folder of AVG.

    5) Delete every “AVG Secure” folder/value from registry.

    6) Disable vprot.exe from running owith msconfig.

    (May use Unloker 1.9.1) to delete files and see which process is unlocking the files)

    Worked like a charm.

  18. nexuswcl

    Thanks Ashraf and everyone else for sharing. I would offer a couple of more tricks when dealing with nasties that reinstall like this one.

    1) Track outbound ip activity (ethereal, etc) to find the web source for the install and block access using the hosts file. That should neuter the thing

    2) Replace the offending program (vprot.exe for example) with a null program (ie a program that does nothing) and mark it read only. This should prevent the reinstall attempt and at the same time leave enough tracks in the event log to find the installer.

    Both tips come from my experience debugging rootkits.

  19. MikeR

    Thought for today: what a small world this is. I’ve been fortunate enough never to have encountered AVG’s odious crapware / malware and I stay well clear of AVG as a company anyway. But this morning, I’ve just opened my email inbox and overnight have received a note from a friend who has downloaded the highly-regarded VSO Downloader from the equally highly-regarded video enthusiasts’ forum, Afterdawn . . and has lumbered himself with AVG’s malware.

    Clicking on the install screen produced this typical crapware / malware deceit:

    Standard Installation (Recommended) Install the AVG toolbar, set AVG Secure Search as my homepage, newly opened tabs, and default search provider.

    Grrrrrr!! I know dot techies are wise to this kind of stunt, it’s been going on for years after all, but there are ‘average’ computer users out there who believe that if a software arrives with a bold font option “Standard Installation” and the word ‘Recommended’ in parenthesis then that’s what the user should accept — to do otherwise would be to wind up with a non-standard installation that is definitely not recommended.

    AVG is no more contemptible than any other outfit which seeks to exploit the gullibility of computer users unfamiliar with the world of crapware / malware.

    But contemptible AVG most certainly is.

  20. bluemoon

    [@Ashraf] Hello. I had the same problem on my wifes notebook a while ago. I booted in safe mode on vista did the un install, went into the registry and deleated all the registries for AVG and re named the exe files that would not delete and when I re booted and wanted to delete the other files i was able to and when I checked back the files did not come back and not its been a few months.

  21. Ashraf
    Author/Mr. Boss

    [@stephan] This isn’t protection from malware behavior. It is malware behavior itself. The official uninstaller won’t remove the damn thing!

    [@gv888] Are you 100% sure it deleted AVG toolbar permanently?

    [@jack] Interesting. Thanks, I didn’t know that.[@mukhi] I haven’t used AVG on Android but I believe it should be unaffected.

    [@AFPhy6] Thanks!

  22. AFPhy6

    [@kburra1]
    I believe it possible that when FireFox sees “AVG Toolbar=Yes” in prefs.js, it will grab it from the web and reinstall it if it is not already present. If true, it doesn’t matter that it was manually removed from the registry because FireFox (and other browsers) bring it back again, and it comes back into registry again.

  23. jack

    @Ashraf

    I don’t know if anyone has mentioned this about the AVG Secure Search, but it also does the sneaky of adding itself into the browser search engines list plus also adding itself into the home page or open these pages lists.

    That means if you save your browser settings somewhere like Google in Google Chrome does it keeps being added back in to these settings and up it pops next time you refresh your browser settings.

    As you probably well know you have to delete from the search engines list and the homepage list etc through the browser settings and then immediately resync/save the new settings and “Hey Presto the bag of sh*te is flushed away”, hopefully forever

  24. weylin

    Most programs that come with .msi installers put a copy of that installer in a folder called C:/Windows/Installer.
    If a program gets damaged (like Office 2010), the installer from this folder re-installs the program.
    You can delete the program every which way but unless you remove the installer, it will just come back.
    A picture is worth a thousand words.

    http://i47.tinypic.com/nbps36.jpg

  25. AFPhy6

    [@MikeR]

    Yes, I know I’m not alone about the non-updates. Sounds like MS&Dell screwed you, though, so as to deny you a choice. That is miserable.

    IF someone is reasonably on top of things, and has a pretty good idea of what different things are supposed to do, the general setup (you and) I have will work. I would never suggest it to someone like my mom, or non-tech friend, or porn/pirate addict (the latter need sandbox or virtual systems).

    I mostly posted what I do to rid myself of the nasties buzzing around too much since I was in the process of a post that could be useful, especially since AVG was getting a bad rap here that the Anti-Virus part of the company really doesn’t deserve. That seemed to mean I ought to delineate the rest of my setup.

    I do want to reiterate the respect I have for StartupMonitor … really, it is the best little program I have ever installed. Even though it means I normally get a double warning when AnVir picks up the same things, StartupMonitor gets there first because it is a one-trick pony, and in a couple instances it flagged things long (many hours) before AnVir did. AnVir probably would have gotten there “in time”, but StartupMonitor already handled the situation.

  26. AFPhy6

    [@Midwest guy]
    Shucks: I thought I killed the erroneous instances above… I

    The great, tiny, program is StartupMonitor:
    http://www.mlin.net/StartupMonitor.shtml

    I don’t have a Win7 ‘puter (yet) but I would be very surprised if it would not work its magic on those machines, too. If you install put it on your machine, you’ll find out quickly whether it does or not. Simple to get rid of if not since there is nothing much to install or uninstall.

  27. JohnnyG

    mukh
    “all but the last one is made by MS only; therefore, OS is more or less at safe hand; well, probably better than a problematic, resource hogging, invading AV.”

    I had more or less the same setup as you. Until yesterday.

    After reading the comments here, I looked up the reports on MSSEssentials and it indeed has gone downhill. After reading the article (link posted here yesterday) about 20 free antivirus programs, I decided to give Avast a try. Except for asking me about a few of the programs I used when I started them the first time, it is working almost unnoticeably in the background. It is much less “visible” than the antivirus programs I’ve used in the past. You might want to give it a try.

  28. MikeR

    AfPhy6: Interesting post. . . Not wanting to go too much O/T here, but as regards your Windows XP experience:

    The computer I’m currently using here at home is a Dell Studio running Vista Home Premium. It was bought new in December 2009. There’s always an update lag between build and delivery so I wasn’t at all surprised that Windows Update found umpteen updates and patches that needed installing. Which I did. I changed Windows Update to notify me as and when, and allow me, rather than it, to decide what to install and at what time.

    Windows Update never did. After a couple of weeks, with Christmas in between, I decided to run a manual update check. Not possible. The computer wasn’t recognized by Microsoft. Not licensed. Etc etc. Two weeks of messing around with Microsoft Support, and going back through the error history, identified a major glitch that had occurred during the slew of updates / patches. Microsoft’s advice was to re-format the drive. Start again.

    I never did. For over three years now, this computer has run without a single security patch or update from Microsoft. It connects to the Internet intensively every day. It runs MBAM Pro (which actually isn’t as great as it’s cracked up to be, but let that pass: its file shield is a massive resource hog) and a variety of AVs over that period (currently, PC Tools.) It has WinPatrol PRO and Scotty barking when appropriate. It has Tinywall firewall. And yes, two or three virus infections have sneaked in under the hood but no rootkits and a Sophos or Kaspersky scan between ‘em have picked up on the problems and dealt with them. I keep an eye on security as a matter of course, so Adobe Flash is always unfailingly updated (Acrobat reader I long since junked) and, of course, I ditched Java recently when it hit major security problems.

    You’re not as alone as you might think in not subscribing to Windows Updates patches, re-updates of failed updates, re-patches for failed patches, updates of patches of failed patched updates, etc etc.

  29. mukhi

    [@Bill B.] i don’t really care. my win7 is equipped with MSE plus built-in windows defender and windows malicious software removal tool. in addition, i scan the computer by MBAM time to time. all but the last one is made by MS only; therefore, OS is more or less at safe hand; well, probably better than a problematic, resource hogging, invading AV.

  30. AFPhy6

    [@Ashraf]
    Ashraf: the posts above that mention the way AVG search bar links into browsers, and particularly prefs.js definitely is what is going on. The one that references http://support.mozilla.org/en-US/questions/927950 really nails down the problem and probable solution.

    All: Another thing about my system configuration is that I almost never update WindowsXP(if it ain’t broke, don’t fix it) and when I do, I am very careful about which “security” fixes I allow. Usually that is precipitated by an antivirus,etc. program telling me it needs some Windows Update. I would not recommend that behavior to most people, but I lock my system down and control it well enough that this works for me.

    Unlike others posting here, I have never had to reformat, or use “system restore”, by the way. Good thing, because the one time I did, the fool restore killed the whole operating system and I had to do heroics using Linux, MBR tomfoolery, and other shenanigans to recover and correct the minor problem in other ways.

  31. AFPhy6

    [@Susanne]
    #20 – Very good suggestions about “safety in installing” … there are other solutions but yours would be good for many to use. Thanks for posting.

    [@Tom]
    #30 – !!!!!!!!! – YES – That must be the answer! I thought that my getting rid of AVG Toolbar a couple years ago had something to do with my installing a new FireFox major version! You have confirmed that recollection of mine! I bet that plus my use of StartupMonitor were the route to my getting it out of my system. I transferred many things from my old FF profile(s), but not the prefs.js files.

    [@jack]
    #31 – Thanks for the reminder – in addition to my configuration written above, I scan once in awhile with IObit’s ASC, and use it exclusively for registry “repair”.

  32. AFPhy6

    Info for those interested: I have used for several years with very good results on a 1.6GHz Atom computer:

    Firewall: ZoneAlarm
    AntiVirus: AVG
    Malware: Spybot S&D (&”immunize”)
    Passive Malware: SpyBlaster (“run-once” weekly to set up hosts file, etc.)
    Program Startup control: AnVir
    Registry/Start control/notification: The wonderful – http://www.mlin.net/StartupMonitor.shtml
    Script Blocker: NoScript (FireFox)
    Java/Flash Control: QuickJava (FireFox)
    Ad Control: AdBlock Plus (FireFox)

    I download and install 5-10 programs a week and surfing for over 40hr/wk going to sites on occasion that are not “safe”, and sometimes (attempt to) install unvetted programs. Nevertheless, Spybot and AVG have had to remove or quarantine less than 5 programs/files a year. I have had to run malwarebytes only once. I KNOW when programs are trying to “phone home” due to the restrictive way I use ZoneAlarm.

    Of all of these, my HIGHEST RECOMMENDATION is that people grab and hold on to SystemMonitor … that gem is a miniscule 188kb memory, and under 5seconds of CPU time per day! Hmmm… come to think of it… that may be how I killed the AVG toolbar… that SystemMonitor killed its attempt to return…

  33. MikeR

    AVG has, through its own fault, become a sadly debased and discredited software provider. I, too, was once a fan, way back when, but subsequent experience of the company and its increasingly deperate marketing methods persuaded me to dump it — and definitely not recommend *any* AVG offering to anyone else.

    On which basis, I’d modify Ashraf’s advice about “avoiding the toolbar like the plague”; I’d advise avoiding, like the plague, AVG in its entirety. Considering the calibre of its competitors, AVG nowadays has no place on any computer owned by anyone with their own best interest at heart.

  34. AFPhy6

    Typing this before reading other comments so sorry if redundant:

    I use and loved AVG for years… keep considering changing but haven’t. That said,:

    I agree with Ashraf about this toolbar. I had it many years (4?) ago. When I tried to get rid of it, that was a royal pain in the neck. I believe that getting rid of it once and for all involved uninstall, registry clean and a complete reinstall of a major new version FireFox, after killing AVG.

    Whatever, I just checked to be sure that vprot had not returned… whew – ya had me goin’ there, Ashraf!

  35. stephan

    Ashraf, I often run across problems like that, and it isn’t always the fault of the program. When you uninstall a program using anything but the program’s intended uninstaller, you can get this problem. A program like AVG security toolbar uses code to make sure it isn’t uninstalled by malware, where a common attack is to disable / uninstall the security programs on the attacked computer.

  36. Donna

    [@Ashraf]

    i have tried everything everyone suggested here at some point in time and nothing worked! I am so hoping that you find a “cure” I think if anyone can it will be you Ashaf! See the confidence we have in you. (-;

  37. chump2010

    Just wondering when you uninstalled it using the inbuilt installer, whether you chose the first option or the second option? The first option leaves the AVG toolbar intact but invisible, but the second one removes it totally.

    http://postimg.org/image/jcsx3xw2t/

    Also clean out your temp folder aftwards.

    I tried installing it on an XP virtual machine and it uninstalled mostly fine. It did leave a driver unused in my device manager (You need to enable the devmgr_show_nonpresent_devices tweak), and you will see avgtp in non plug and play devices.

    I also wonder whether your security software stopped the proper uninstalling of said software. Sometimes it does uninstalling other security software, so I usually disable my security software for that.

    Hope something here helps.

  38. Bill B.

    [@mukhi] [@mukhi] I guess mukhi, you didn’t read about MSE in an article on c/net.com a few weeks ago? MSE ranked one of the lowest free AV programs on the Internet! The article was called something like, how MSE dropped the ball and scored the lowest rankings in their tests of free AV software!

  39. Shawn

    Got the link for that trashed avg toolbar… I’ll just install it in sandboxie and get you the total registry keys and file locations… heck I’ll even make a cleaner tool to get rid of the crap permanently…

    Let me know I love taking care of timebomb’s like theses… it’s my speciality xD

  40. vanierstein

    Sounds to me like the parasite from “Alien”.Is it possible that it could be re- insinuating /rewriting itself into the system every time at startup /browse? Re-downloading itself?Check with Autoruns…?

  41. AT

    [@Ashraf] As you said you were close to a reformat, a verification of the MBR can’t hurt. Compare the what it is currently and what it is after a wipe. I’m thinking of a low level format. That’s what it took for me to get rid of my rootkit infection. I’m hoping I’m wrong about AVG re-writing the MBR but we can’t be surprised if that is the case.

  42. AT

    One thing everyone forgets is AVG makes antivirus software. They do remove rootkits. With that knowledge to draw upon, I think they can write rootkits as well.

    [@Ashraf] I’m wondering about the MBR. Were any changes made? A re-write/re-direction perhaps?

  43. Ashraf
    Author/Mr. Boss

    @Everyone: I think I may have figured out how to remove this dumb toolbar. I’m currently waiting to see if it comes back. If not, then my method worked and I’ll post about it.

    [@Hoàng Tú] I hate System Restore.

    [@weylin] Interesting. Can you elaborate on this tip? Sounds worthy of a post itself but I’m not exactly sure what you are saying.

    [@AT] I am not surprised, anymore.

    [@kburra1] Interesting proposal, although I’m not sure how simply deleting registry files will do anything.

  44. mukhi

    [@NickK] i also monitor the same way (i have used win patrol to do that before, but the program itself is a resource hog). to control processes, i do not use anything other than windows task manager and msconfig anymore. MSE/MBAM combo takes less (or equivalent) memory than any other combo, so i am OK with that. given that firefox is taking ~245 MB and lotus notes takes huge memory as well, i can stay with MSE/MBAM.

  45. kburra1

    Can`t believe all the trouble you went to for NO result..easy :go the registry (backup first) type in the search AVG..delete whatever it finds..next,and so on and so on..always!!..works for me.

  46. weylin

    This is how you can remove broken installers manually.
    Windows 8.

    Windows Key + r
    Type in the word installer
    Right-click the area where it say Name, Date modified, Type, Size and select More
    Under More choose Comments

    Now look at your installers and see if you can find what you are looking for (AVG Installer)
    Remove it and say bye-bye

  47. Hoàng Tú

    I think you should look at System Restore for the last luck.
    I decided not to use AVG on my computer years ago and… I just installed it on my uncle’s computer last week. OMGGGG!!!!

  48. Ashraf
    Author/Mr. Boss

    @Everyone: Thank you for the support, kind words, and feedback! I’m semi-glad, semi-surprised I’m not the only one that is having these issues. People should shun AVG, ASAP. A security company that behaves like this?!

    [@Gioneo] True, I didn’t try it in Safe Mode but it wouldn’t of mattered. The uninstaller itself is broken and AVG’s official uninstaller couldn’t remove it.

    [@albert otojunk] It doesn’t work. I did essentially what you suggest, except with Comodo Programs Manager. The toolbar just comes back later.

  49. albert otojunk

    Ashraf – wonder if this would work:

    REINSTALL (yes, reinstall!) the toolbar using a program such as AShampoo uninstaller to monitor the installation. The monitor will make a record of all files installed, changed, or deleted. It does the same for all registry items.

    Then use the record to delete the added files and registry items.

    Crazy idea – but it would probably work.

  50. Godel

    [@Godel]

    Reply to self:

    I just went to the Kaspersky forum and after some to-ing and fro-ing by others on the form, the moderator blew them off saying it was an AVG problem, so no help there.

    Like everyone else here I regard this as malware, so negative points for Kaspersky.

  51. Godel

    On the other hand, this could be a perfect opportunity to test various anti-malware programs. if anyone has the time (and a monitored install or recent image backup).

    :)

    I’d have thought SuperAntispyware and Anti-malware Bytes would be in their element, this being a rogue BHO. Has anyone tried a full scan from their antivirus program?

    I’ve read that Ad-aware is nearly malware itself these days.

  52. jack

    I recently had to uninstall AVG Secure Search Toolbar from my partner’s and our son’s computers.

    They had both somehow had it sneakily installed and were having the same sort of problems as you getting rid of it.

    I eventually got rid of it by uninstalling it with Revo Uninstaller free version, then immediately, without restarting, running an Iobit Advanced System Care Pro scan and deleting the recommended items followed then by a restart.

    I have no real idea why it worked over all other attempts but it did, I can not however guarantee this will work for everyone. Their computers both run Windows Vista on HP Pavilion.

  53. Tom

    This POS was quite a PITA w/Firefox until I found in buried in my prefs.js file. None of the uninstallers touched that, so a quick notepad edit finally restored my Firefox homepage. The search bar intrusion is less onerous, but still quite ugly.

    Their arrogant responses to this app behavior didn’t strike me as professional. I will NEVER consider AVG for anything after that experience.

  54. Gioneo

    Good steps trying to remove it. But I did not see it mentioned that you were running the system in safe mode. There’s always a higher chance of removing pesky (rogue) programs under sdafe mode. Food for thought.

  55. ovl

    That problem with AVG Toolbar has a long history. About a year ago System Mechanic was reporting the following:

    “Critical Problems – The programs and files listed were detected as being unsafe,
    *C:\ program files (x86)\ AVG Secure Search\8.0.0.34 AVG Secure Search_Toolbar.dll
    Found in: HIKEY_LOCAL_MACHINE SOFTWARE\Microsoft Windows\Current Version\Explorer\Browser helper Objects. Description: “AVG Secure Search_toolbar.dll is a process associated with Malicious Software.”

    In response to that, Jeroným Bystrý (AVG official rep) suggested that everyone must contact System Mechanics support and report that is the false positive detection.

    AVG Secure Search_toolbar.dll is a virus or Trojan. Pls read the similar (as yours) story at http://wfredk.com/info/avg-secure-search-is-malware.php where the scared guy found this infamous “vprot.exe” process running on his PC.

    AVG Security Toolbar is “BHO”, it runs automatically every time you start your Internet browser and the AVG Secure Search configuration is kept by all browsers even after removing the AVG Security Toolbar.

    AVG Security Toolbar has the “Search_toolbar.dll” (unfortunately signed by Verisign, Inc.); BHO CLSID Reg Key: {95B7759C-8C7F-4BF1-B163-73684A933233}, and
    the LEGACY_VTOOLBARUPDATER* keys (don’t know if you removed all of this creeps from your PC).

    If it helps, use AVG forum suggesting how to remove their own critter:
    http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=196402#post_196402

  56. Strahd

    I had a similar problem uninstalling AVG Anti Virus a few years back. Darn thing just wouldn’t go away!

    Support emails weren’t helpful, as they just repeated steps, that I had already performed and stated in the original email, to do in order to unsintall avg.

    I just gave up and gave them a nasty email and vowed to never use their products again.

    I was in your boat in that it was time for a format of my drive, so that was the only way I got rid of it. Although in your case Ashraf, I wouldn’t be surprised if that darn AVG toolbar came back from the dead to plague you once again.

    By your article, it looks like you aren’t using Returnil. It is part of your Tier 3 security. I use it all the time when installing new software. Sure it’s another step, but it has saved me on a fe occassions.

  57. sci

    [@NickK]

    I’m waiting for some these guys to combine, such as Norton & Malwarebytes. Or Avast & SUPERantiSpyware. No I haven’t heard any rumors just upping “supposes”. That seems to be how they hang on. I use Norton, Malwarebytes & SUPERantiSpyware for a number of years. So far so good. Although I don’t frequent questionable sites. Usually.

  58. sci

    Thank you Ashraf! Now I don’t feel like such a noobie. I’ve had to reformat a few times, usually when it was time to start fresh. I just luv trying new programs especially if they are ‘free’. I usually go 6 months or so before the reformat. Sometimes 8.

  59. Susanne

    System restore if using Windows, people.

    After battling with this exact type of nonsense over the years, I never install a piece of software — large or small — without doing the following routine:
    (a) run a thorough anti-virus/malware/adware scan [I use Avast, MBAM & SuperAntiSpywar, all paid versions I keep scrupulously up to date]
    (b) run CCleaner
    (c) create a System Restore point
    (d) install new software & test
    (e) keep it or junk it using RevoUninstall
    (f) if that doesn’t work, I revert back to my SR point.
    This has saved me DAYS of frustration & has probably extended my life by years just by lowering my blood-pressure!

  60. NickK

    [@mukhi] [@RealBull]
    Thanks Mukhi and RedBull. Do you guys mind sharing how you find the memory usage with MSSE by brining up process explorer ? I’ve read varying reports of average figures between 45MB and 85MB. I believe the two processes are MSMPENG and MSSECES. I know that if I coupled MBAM Pro with MSSE, it might be a decent real-time AV/Malware solution, but it will also be a major memory resource hog running both at the same time. MBAM averages between 70-80MB (sometimes 105MB+ after reboot and it doesn’t seem very good with its memory gargage collection).

    I really do think its desperate times for many of the traditional AV vendor’s – they are obviously facing a shrinking market share, therefore they are forced to look at other revenue streams. However, in AVG’s case, they have really stepped over the line. It must be frustrating enough for its free users dealing with toolbar crap, however I think even more frustrating for those who pay for their software and they also have to put up with their crap, such as intrusive pop-up advertising, which borders on Ad-Ware and their inability to fix software bugs within a reasonable time frame (ie, 2-3 months, rather than 1-2 years). I am convinced that there is no point in paying many of these AV vendors (Note, I was with BitDefender previously and was not overly impressed with them either). I may as well join the millions, and growing, free AV users.

  61. Donna

    Wow, I had Avg on my XP and also could not get rid of it. I tried and tried. My PC kept running rough and it happened every time it came back. I finally got dismayed and bought a new PC with Windows 7 and NO AVG! I am now using Avast. Hope it does not go rough. It was time anyway. But the old PC with XP is still sitting under my desk and if I could fix it would be awesome I would then donate somewhere like a youth center or center for abused women to learn PC skills. So I am kind of hoping some fix will come along. I searched and searched weeks ago with no luck. But now that you have written this there is hope there will be a fix. Thanks!

  62. Mags

    This doesn’t surprise me Ashraf.

    Now maybe people will understand why I H8 AVG and will never use it again.

    I used the Free AVG about 10 yrs ago and somehow ended up getting a nasty virus, through what was supposed to be a highly praised and well known SW. Anyway, finally found that sucker and got rid of it using other Antivirus SW.

    Contacted AVG about it and the only response was that because I didn’t have their paid version that was why I got it and they provided no help whatsoever, and couldn’t care less about my problem.

    That was the first and last time I used AVG!

  63. RealBull

    [@AT]
    Actually Ad-Aware has anti-virus now in the free version. SUPERAntiSpyware doesn’t deal with true virus, mainly only malware types.

    BTW I had a similar problem when I used Vista with that stupid AVG toolbar. I also noticed vprot.exe was chewing up my resources. I also had unintentionally installed the stupid thing. At that time I only had Opera as my main browser and IE. Of course, as great as Opera is, it is toolbar-proof and it is one of the reasons I love Opera. But it installed itself on IE. I let it go because I figured IE is less secure and I don’t use it anyway, so I didn’t mind it, until it was chewing CPU power.
    Luckily I uninstalled it with Revo under administrator and never had a problem since then and it never appeared again.

  64. corno

    To be fair, security software MUST be difficult to remove, or else it isn’t worth a penny. My own use of AVG dates from 7 years ago, so I cannot comment on their toolbar, but it is difficult to understand why their own uninstaller tool does not do the job properly.

  65. JohnnyG

    [@AT]
    Up til now Microsoft Security Essentials has caught everything that Superantispyware hasn’t (and vice-versa). But maybe I should look into better anti-virus protection. I’m very happy with the Comodo firewall. Any opinions (or links to opinions) on their anti-virus program?

  66. AT

    [@Jeanjean] [@JohnnyG] Superantispyware and Ad-Aware handles spyware not viruses. At one point I had both these anti spyware as well as Malwarebytes and Spybot and I still got infected by a virus. Although I loathe AVG, it is a antivirus and does catch and remove the majority of infections including spyware. AVG, like other antivirus software (cough Norton) puts itself above any and every other antivirus software.

    Avast and Avira together on one system coexists very well together. Not recommended for a slower system.but does work.

  67. Jeanjean

    Whew … I narrow escape: I recently tried unsuccessfully to install AVG on XP (driver problem AVG) and opted finally for Ad-Aware from Lavasoft.
    Like you I watch regularly active processes, as well as the names of programs installed on the PC.
    I suppose a search in the registry or a desinstall in safe-mode did not give a result either ?

  68. JohnnyG

    Like anoop, I also felt like I was reading a horror story script as I went throught the article. I’m sooooo glad I dumped AVG a few years ago. I’ve been using Miscrosft Security Essentials and Superantispyware since then with no complaints.

  69. mukhi

    [@NickK] i am using MSE as my AV and so far it looks good. after all, i am using an AV from a company that is making the OS; therefore, it is highly unlikely they would do some fishy activities in their AV to jeopardize their own OS. well, it may not score well, but even the one that does is not 100% good anyway. i believe if you combine MBAM pro with MSE, it is really sound (i am using MBAM free with MSE).

  70. NickK

    I’ve just about had it with AVG. I use their paid product AVG 2013, which is good value to buy, however I have always avoided (opted-out) from installing their toolbar. Earlier this year, AVG ran a promotion by running a program on my PC, which they placed on my hard-drive without my consent – the file was called – ROC_JAN2013_AV.exe, which was placed in my user directory called “AVG January 2013 Campaign” (Luckily I was warned by Winpatrol that a new program was added to my start-up list, so I was able to decline it from running). This exe would produce an intrusive pop-up promoting some of their other services, including their crap toolbar. The other issue I have with them is that their software development team appears to take months to fix bugs – I raised issues with them about August of last year and they admitted it needed to be fixed (AVG cannot empty its virus vault contents and its “scan” exceptions for some files will not work). I was even told that I should expect the automated updated from early to mid Feb will resolve one of the issues. Nothing has been fixed. Recently I’ve noticed, that the program hasn’t automatically updated its build version for a while – guess what – must be another software bug, which is no longer a surprise. Although their tech support team reply to your queries and they seem polite, they do not produce solutions or fixes. I’ve given up on them – I’ll have better luck getting a response from the nearby brick wall.

    I’m thinking of going down the free AV path – however I’m not that fond of most of the free AV’s available. I’ve thought of coupling a free AV with MBAM Pro – my only concern is that MBAM Pro appears to be a memory hog, MSSE scores badly with AV-Tests, Avira free sounds OK, but it will provide web protection only if you install their crap toolbar. Avast sounds like its becoming bloated (according to many user reviews). I might have to run some testing on MSSE and AVAST and make a call from there.

    Ashraf – Have you thoughts about running an updated review on free AV protection ??

    Thanks,

  71. AT

    You are so lucky. I have yet to be able to remove AVG antivirus (this was over 2-3 years ago). Same problems you ran into. Broken installer. The computer I have it installed on is luckily an old netbook that I barely use. AVG software is a pain and I would avoid the company completely.

    I agree that Ask toolbar is a breeze compared to AVG.