AVG detects as Malware

[mimosian]

Just tried to install and AVG (I have the Internet security paid for package) detects as Malware.  The downloaded (v1.7) 1Meg file scans okay, it is the irsetup.exe that gets picked up as malware though it says threat unknown.

I scanned both the 1Meg and irsetup via virustotal and both clean, which includes AVG, so bit odd.

I have sent both to AVG for analysis and await their response.  In the meantime I quarantined.

Any ideas as to what is going on?  Also, was the disabling of identity protection reported elsewhere in the forum ever sorted.

Many thanks.

[Shane]

Just tried to install and AVG (I have the Internet security paid for package) detects as Malware.  The downloaded (v1.7) 1Meg file scans okay, it is the irsetup.exe that gets picked up as malware though it says threat unknown.

I scanned both the 1Meg and irsetup via virustotal and both clean, which includes AVG, so bit odd.

I have sent both to AVG for analysis and await their response.  In the meantime I quarantined.

Any ideas as to what is going on?  Also, was the disabling of identity protection reported elsewhere in the forum ever sorted.

Many thanks.

Good job uploading to virus total, that helps you see it is a false positive.
The irsetup.exe is part of the setup factory I use to make the setups.

I bet it flagged it with the word .GEN in it. Thats stands for generic. (not a big fan of AVG myself, I use Avira)

Also uploading it to AVG was the right thing to do. it will take them a day or two, but they will check the file, see it is fine and then update their virus defs

I was going to use the new setup factory 9 (I use 8) and the new compression it uses. Makes the setups smaller. But of course every setup i make my Avira flags as a .Gen compressed virus. SO I am staying with 8 for now.

The whole Generic virus things is the AV's trying to detect potentially new viruses. Which 90% it seems to flag good files.

As you can see here though
http://www.indigorose.com/forums/threads/24611-Setup.exe-done-in-v8-is-detected-as-a-virus/page3

It happens all the time

But the file is safe, if you want wait till you get the next AVG virus defs and have it scan the file again

Shane

[mimosian]

Thanks for a rapid response Shane, much appreciated.

Do not recall seeing a General tag, but might have been there.

Just for your info, I have been driven to distraction by W7 gobbling up memory and then having to page.  With my wife and I both staying logged on, switching between users became slower and slower as time went on as the OS retreived stuff from the page file when switching.  I had 4Gig Ram.  I banned my wife from using Internet Explorer and things did improve, but still as time progressed everything got slower and slower.  I then switched off the page file and things were much better, for a while, but eventually it ran out of RAM and with no page file got the inevitable messages.

Next move was 8Gig RAM and no page file and much better but, you guessed it, ended up as above eventually; it just took longer with a reboot required to clear.

Hence, I went looking for a memory manager and found your program.  I look forward to trying it out.

As per previous post, do you know if the AVG identity protection problem, whereby it was disabled by CleanMem, was every sorted by AVG?

Phil.

[Shane]

As per previous post, do you know if the AVG identity protection problem, whereby it was disabled by CleanMem, was every sorted by AVG?

I don't recall cleanmem disabling anything, was it a forum post here?

Also CleanMem 2.0 will be ready soon, you may like it 
http://forums.pcwintech.com/index.php/topic,1781.0.html

Also if you have 8gb (Like I do, with page file off) you should never come close to filling it up. You have something with a BAD memory leak. CleanMem will keep it under control, but you need to find out what is using so much memory as well.

Shane

[Evan]

I agree with Shane about the BAD memory leak. You shouldn't be running out of memory. You definitely have a program that you need to have updated or disabled.  That's really your bigger issue here.   

Evan

[mimosian]

Shane, the identity protection post was here: http://forums.pcwintech.com/index.php/topic,1429.0.html

On the memory leak, absolutely it looks BAD, but amazingly I had exactly the same type of problem with XP on a different older computer.  It seems to be connected to a) having multiple users logged in at the same time and b) not rebooting the machine.  As for software being used, IE was always the worst, especially with lots of windows and/or tabs.  My wife now uses Chrome on the new machine but again with loads of tabs open at the same time.  It seems hard to believe it is connected to the number of tabs.  If one looks at resource manager there are 21 chrome processes even though only two chromes open (one per two users) with the total commit for Chrome being about 1Gig.

I am currently getting low memory messages, but that is still with 961MB free and 256MB standby!

Firefox is now crashing and hard faults go through the roof when that happens.

I would finally add that when I went to 8Gig, it was not reusing the previous 4Gig.

Have you ever seen anything like this before?

[Shane]

Is your windows 32 or 64 bit?

32 bit can only handle up to 4 gb. Anything more than that and you have to go to 64 bit

Let me know how cleanmem does for you 

Shane

[mimosian]

Shane, it is 64 bit and will let you know. 

[Shane]

Good, I want to see if CleanMem can help keep your systems memory usage under control 

Also, you may want to open the task scheduler and change how often cleanmem runs from 30 to 15 min. IN the new 2.0 15 min will be the default

Shane

[mimosian]

Shane, now installed and running.  Changed to every 15' as you suggested.

Resource manager tells me that when CleanMem runs, it reduces the In Use memory and increases the Modified by a slightly smaller amount than the In Use decreased by, with Standby making up the difference.  One can then see the In Use memory steadily increase again at the expense of Modified and Standby until CleanMem runs again (assuming no new programs run up etc).  I would imagine that the slight increase in Standby is the real gain here, being memory that can be assigned to a new process when Free Memory is fully used.  Is this correct and what you would expect to see?

I am running a log file and it shows how memory for a process changes after a run, I think, with figures such as:
chrome.exe, 100.95 MB ==> 1.74 MB, PID: 5960.  What does this mean?  The figures do not tie up with any of those shown for the same process in Resource Manager.

I also noticed that it is the Commit Charge that is the real measure of when the system is about to have problems; this had been hitting nearly 100% with Physical memory at about 85% when things got unstable.  Physical memory drops after CleanMem runs but Commit Charge does not change.

It took about three weeks for the system to eventually gobble up the 8Gig RAM previously so I shall monitor closely to see whether CleanMem helps.

Any comments on the significance of Commit Charge and my observations about the effect of CleanMem running on In Use v Modified V standby memory and the log file results as detailed above?

[Shane]

http://en.wikipedia.org/wiki/Commit_charge

Commit Charge is how much of the page file is reserved for the processes if it is needed. I have sen programs that don't have a memory leak in the physical memory, but have a memory leak in the commit charge.

Something on your system is a very rouge app.

On the stand by list, this is why it helps
http://www.pcwintech.com/cleanmem

5. CleanMem does help with programs that have memory leaks. The memory is pushed to the system cache, not the page file. The system cache is still in memory. And a program can call back what it needs instantly. This is why there is never a hiccup in heavy 3D games as CleanMem runs. The memory that is not reclaimed is freed and allowed to be taken over after a certain amount of time. The system cache is not a bad thing! and is far better than the page file. Mainly because it has the GB speeds in memory than the MB speeds of the hard drive.
(Warning: Memory Terminology in Windows is completely screwed. System Cache could mean something else, perhaps Memory Cache is better? as proof of this confusing way the memory has been labeled in windows, in Windows XP the PF usage in the task manager is actually commit charge, not page file usage)

Since the goal is less hard drive usage you can see here how the standby list (or system cache) gives us what we are looking for.
http://download.microsoft.com/download/7/E/7/7E7662CF-CBEA-470B-A97E-CE7CE0D98DC2/MemorySizingGuidanceWin7.docx

"Standby List
The Standby list contains unmodified pages that have been removed from process working sets, which effectively makes the Standby list a cache. If a process needs a page that is on the Standby list, the memory manager immediately returns the page to its working set.
All pages on the Standby list are available for memory allocation requests. If a process requests memory, the memory manager can take a page from the Standby list, initialize it, and allocate it to the calling process. This is called repurposing a page.
Pages on the Standby list are often from recently used files. By keeping these pages on the Standby list, the memory manager reduces the need to read information from the disk. Disk reads can decrease system responsiveness."

The standby list is far better to use than the page file. Why? Speed!
A hard drive goes on avg. 50 to 75MB/s where memory is over 100x that.
http://www.tomshardware.com/reviews/ram-speed-tests,1807-3.html

So how does moving memory to the standby even help?
Take a process say, Firefox.exe
[50MB currently in use memory] - [25MB Unused, but still claimed by Firefox] = total memory 75MB

When the memory is moved to standby Firefox claims the 50mb back instantly, where the other 25mb isn't, so that memory will be free to the rest of the system.

As proof stop CleanMem from running, let Firefox grow large in memory usage. Then run CleanMem. You will see Firefox drop, then grow back up, but not to the large size it was.

This is how CleanMem uses the Windows memory manager to its advantage. Now by having that extra memory free to the system, Windows has no need to go running to the page file, which is ran off your drive and is where the slow down comes from.

That's why people who had high page file usage before CleanMem notice the biggest improvements after using CleanMem.

If you want to give CleanMem 2.0 a try
http://forums.pcwintech.com/index.php/topic,1781.0.html

CleanMem will help with apps that leak physical memory, but doesn't help on page file leaks. Thats a whole other ball game.

No personally I shutdown my system every night. No reason to have a system going 24/7 unless your hosting something.

You say it takes about 3 weeks for the system to get full.

Here is what to do. To find that program causing the high commit charge, open the task manger and watch the commit charge. Now start closing 1 program at a time.

When you close the program with the leak you will see the commit charge take a nose dive. Then you found your leaky app

Shane

[mimosian]

Shane, ta for the info.

I will give v2 a go in a few days time.

Unfortunately my wife cannot stand it when I tell her the system has to be rebooted.  She has loads and loads of tabs open in Chrome (used to be IE) and it apparently causes her problems if she has to close the browser down.  Believe me, I would rather avoid the grief than insist on shutting the machine down!!!

When I got her to shut the apps down yesterday, it was closing Chrome that saw a significant reduction in commit charge and I fail to understand why Chrome has so many processes running (it was 21).  Firefox uses only one (she will not use Firefox as some of the sites do not work properly, even with IE tab, apparently).  I use firefox and its Commit charge is 367Meg and this is unaffected by CleanMem (with 18 tabs).

I notice that W7 SP1 is now and out wondered about installing it to sort of 'refresh' the O/S in case of any funnies.  What do you think?

[Shane]

Chrome runs a new process for each tab i think. I remember reading that somewhere.

The thing is to though is you should be able to have chrome remember the tabs that where open, so when you reboot and open chrome it will reopen the tabs.

I have to admit, in 16 years in computers (I'm 32) I have never heard of anyone needing web pages open 24/7 LOL. Thats why there is bookmarks, and such.

I don't think a web browser has ever been tested like that. With 20 tabs open, 24/7 fore weeks to months at a time.

But some users, use things in different ways. And there is nothing wrong with that. Just try to keep in mind that a web browser wasn't made with that kind of usage in mind. (I think of course, I have no proof on how they think it should be used, so I may be wrong)

Have you updated to the latest version of chrome? Updates may help the memory usage and leaks it seems to have after such a very long time running.

My chrome shows 10.0.648.127 beta

Chrome has to be restarted to finish the update, if she never restarts it, it never updates.

I use firefox myself. I have chrome and IE9. I use them all to test my sites in them. But I mainly use firefox.

CleanMem only helps with the working set of a process. Which is the actual memory being used. Commit charge, This is composed of main memory (RAM) and disk (pagefiles). So subtract the working set from it and you get how much is being claimed for the page file. Normally an app shouldn't need the page file unless there isn't enough memory. But in this case you have a page file leak as well.

All web browsers depend on java and flash. make sure you update both. I think java is up to update 24 and flash is 10.2.

Again the browsers have to be closed to get the updates.

Shane

[Evan]

Chrome keeps every tab isolated so that if a web page crashes it won't take down the whole browser. Chrome also runs a separate process for each extension you have running. If you want to try get the number processes to match the number of tabs you have running don't forget to factor in a process for each extension as well. I currently have 15 tabs open but have 10 extensions so I have around 25 processes running for Chrome.

I personally use Firefox more and use Session Manager addon so that I can close Firefox and have it remember every tab I have open (if I want) so that when I restart the computer I go back to where I left off without using bookmarks. If you haven't tried that addon, I think you should.

You should also check to see if you have the latest version of Java and Flash installed as that could make a big difference in the performance of your machine.

Another thing to remember is that Windows Vista and 7 are designed to use all of your memory so it is normal to see your memory eventually be exhausted. This is by design and is done in the background. If you have actually having problems though then there is something else going on.

What this might come down to is that your wife needs to change some of her habits. Rebooting periodically will help tremendously. If she is dead set in not changing then there is going to be a performance hit in leaving browsers and web pages up for weeks at a time. That's just how it works unfortunately.

Evan

[Evan]

I would finally add that when I went to 8Gig, it was not reusing the previous 4Gig.

Have you checked your BIOS to make sure that the board recognizes all of your memory? If it doesn't then your board might not support that much memory. If you can provide a link to the mfr. product page I can see if it does.

Evan