Professional Geek
RSS icon Email icon Bullet (black)
  • Trend Micro – Can’t Uninstall AVG

    What’s this? A technical post?

    Quick and easy one.

    I was trying to install the Trend Micro Worry Free Business Advanced client on a PC and I got the following message

    Unable to Remove Incompatible Software

    Installation unsuccessful. The installer could not uninstall AVG 2012 x64 automatically

    Manually uninstall this product and retry.

    Trend Remove

    Now a message like this isn’t massively uncommon. If you already have an anti-virus product the Trend installer will try to remove it. If it’s unsuccessful that’s the message you’ll see

    However, I’d already removed the existing anti-virus which in this case had been Avast (who own AVG?). So something must have been left behind after that.

    AVG do have a removal tool on their utilities page. Unfortunately this didn’t do make any difference

    Luckily the fix was pretty easy

    * The usual “I’m not responsible for breaking your registry” warnings apply here *

    Open Regedit

    Locate the following key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG

    Delete it

    That’s it.
    Once I’d done that the program installed fine.

    This will highly likely work for other programs. Just be sure said program is definitely removed before you do it.

  • McAfee False Positive

    You may or may not of heard about the massive mistake McAfee made last week.

    On Wednesday 25th April they released a virus definition file (5958 – April 21st) that incorrectly identified svchost.exe as a threat and deleted it on systems running Windows XP SP3.

    Svchost is used for launching services (full description here) and any individual instance can run a group of services. This means its a pretty critical process!

    Unfortunately for us a large chunk of our client base is running McAfee anti-virus software, the others run Trend Micro.

    We knew something wasn’t quite right when we received several calls all around the same time with similar symptoms. However, while the symptoms were similar they weren’t identical so initially we didn’t quite know what was going on. Unfortunately the one thing they did have in common was a loss of network connectivity which meant we couldn’t fully diagnose the issue.

    Later that day McAfee issued a notice, an updated definition file and details of how to fix the issue.

    Basically we had to,

    Boot into safe mode

    Add an EXTRA.dat to the c:\program files\commonfiles\mcafee\engine folder (or just run the 5959 Super DAT which is quicker)

    Recover a copy of svchost from the service pack cache c:\windows\ServicePackFiles\i386\ or if not present, C:\WINDOWS\system32\dllcache\

    Restart the computer

     

    McAfee released an automated tool for this the following day (It’s in this KB article)

    A simple enough fix to but as I said earlier every PC we’d seen with this issue had no network connectivity.

    This meant we potentially had to physically visit ever single PC we look after.

    I say potentially because this only impacts running Windows XP SP3, we do have some clients running Vista or Windows 7. But most of our clients still currently run Windows XP. Also VirusScan 8.7 systems were harder hit. Some of the PCs were still running 8.5.

    Still, for some people it would be every PC they own

    Now regardless of the size of your company ask yourself some questions.

    How long would it take you to spend 5-10 minutes on every PC you look after?

    Did you factor travel time into that?

    Who do you make a priority when everyone is offline?

    Fortunately we got a little lucky

    We configure the McAfee products to fetch updates from the global McAfee update site every hour. Any servers on site will then check for and get updated every hour

    PCs check every 2-3 hours but we also put a random delay on this. The main reason is so that on larger sites we don’t want lots of PCs all generating network traffic at the same time. By putting in the random offset it’s staggered through the day. So this is in combination with the fact McAfee actually got the DAT update out the same day meant that lots of PCs never actually received the faulty update.

    That said. We still had a LOT of work to do.

    We visited as many sites as we physically could over a two day period and some other sites that had some tech savvy people on site we managed to go through it on the phone with them.

    I also had to cancel other appointments which I hate doing and some other promises I made were a little strained.

    I’m sure we’ll still be dealing with issues at the start of next week

    Obviously for our contract customers this was all at our expense.

    I can’t even begin to think what this will cost McAfee as customers start to move away at their next renewal period.

    McAfee have an FAQ here as well as a couple of blog post apologies.

    As you can imagine there has been a lot of commentary on this and other vendors are jumping in to take advantage. 

    http://www.pcmag.com/article2/0,2817,2363018,00.asp

    http://www.betanews.com/article/One-very-false-positive-McAfee-in-full-damage-control-mode/1272040662

    http://blogs.zdnet.com/Bott/?p=2031

    Especially since it turned out this down to poor quality testing.

    As the IT world always seems to throw odd coincidences, on Friday i got an email inviting me to the McAfee stand at the InfoSec exhibition next week – I imagine that stand is either going to be very busy……or very empty

    This scenario is truly a management nightmare – an automated update that renders a PC unusable that can only be repair by hand. On top of this we’re going to have our own PR exercise to sort out.

    All our end-users see is a broken PC. It’s our responsibility to keep them up and running and while we still fixed the problem. They’ll still be asking US questions as to why it

    For new installations we moved away from McAfee long ago (there are other McAfee posts on this blog)

    Our existing customers have been using McAfee for a variety of reasons but when the renewals come up we’ll be making a concerted effort to get them away.

  • Placing Blame Correctly

    Can’t believe how long it’s been since my last blog post! I’ve really no idea where the days are going at the moment

    I’ve had a few problems with my work PC recently. It becomes very unresponsive and gets progressively worse during the day

    I fired up the trusty task manger and the CPU was at 100% usage

    I switched to the Processes tab and sorted the list so i could see which process was causing the problem

    At the top of the list were various Trend services (We use Worry Free Business Security – I’m not a fan of the product name to be honest!)

    When i stopped the Trend client the CPU usage went down and back up when i started it again

    I trawled various online resources to see if could get to the bottom of it with very little luck

    I was planning on submitting a support case with Trend but decided to have one last go myself

    This time i looked a bit closer at the process list a saw multiple entries for TASKENG.EXE

    The total process count was at 2675 – that couldn’t be right

    I knew that TASKENG is the Vista task scheduler so had a look in there

    Turns out this is a pretty common problem and it’s simple to fix (it’s in various different blog posts and forums)

    • Go to the start menu.

    • Type task scheduler and press enter.

    • Press continue on the UAC prompt.

    • In the left pane of task scheduler, right-click on Task Scheduler Library.

    • In the view submenu, make sure the Show Hidden Tasks option is selected.

    • The hidden task that is likely at fault has a name that starts with User_Feed_Synchronization.

    • Select the scheduled task

    • To verify that this task is creating all the taskeng.exe processes, select the History tab in the middle pane near the middle of the screen.  If you expand out the Level and Date and Time Columns, you should see errors and that are about 5 minutes apart.  If that’s the case, then this task is the problem.

    • Right click the task and select Disable.

    image

    Obviously this will stop your RSS feeds from updating (the Windows list – this has nothing to do with Outlook 2007)

    If you do want to use your RSS feed list you can also try deleting the task and then from an elevated command prompt enter

    msfeedssync enable

    This will re-create the task for you if the problem with causing by the task being corrupt

    Once I’d deleted the task i used

    TASKKILL /IM TASKENG.EXE /F

    This killed off all the extra processes that had been created. I know i could have just rebooted the PC but it was a nice feeling watching them all disappear

    My process count went down to 67 and the system suddenly got a lot more responsive

    A did eventually reboot and Trend started up happily without taking too many of my system resources

    My guess is that Trend became overwhelmed with trying to monitor so many processes which why it was the one that initially seemed to be the cause of the problem