Windows (or Defender) reported overseer.exe

[German]Users of Windows 10 (or older versions) may notice surprisingly a program named overseer.exe suddenly appearing on the system. Here is some information for those affected.


Advertising

Error description and observations

I recently stumbled across this problem again by chance here in the German MS Answers forum. The affected person was confronted with the problem that the program was faulted under Windows 10 in Windows Defender. The user wrote (I translated the text):

Defender generates a message for the file "overseer.exe".
What is this program? Can anyone provide information on this?

But there are also users who suddenly find the Avast Overseer application on the system. This case can be found e.g. at Bleeping Computer. This thread can be found in the AVAST forum, which refers to the steam forum entry where the program suddenly stops working ("OVERSEER.EXE has stopped working" message). Or Internet Explorer suddenly stopped working. On the web you will find numerous hits from users who deal with the program. 

Some background

The program "overseer.exe" belongs to the free light version of AVAST virus scanner (and now also to all AVAST and AVG security products) and is stored under Windows in the following directory:

C:\Program Files\Common Files\avast software\overseer

The .exe program file should have a digital signature from the antivirus vendor AVAST (otherwise a virus would be suspected). You can check this by right-clicking on the overseer.exe file, selecting Properties in the context menu and then switching to the Digital Signature tab. If the tab is missing, the program is unsigned, is not from AVAST and is problematic (possibly a malware).


Advertising

Some information about the program can be found in this AVAST forum post. Internet Explorer doesn't work after installing the program (probably because of the shield function of the software). There is a second place where the program is stored – and the uninstaller did not remove overseer.exe according to a post.

Within this AVAST forum post AVAST developer drake127 revealed a few insight in October 2017.

It is our new application that is going to help us detect common (technical) issues with our products. In a sense, it behaves similarly to our Avast Emergency Update but is able to correct these issues independently and even catch them sooner. That's at least theory, currently we are evaluating its performance on small fraction of our users.

AVAST writes that they started testing the tool on some systems in October 2017. Upon request, the AVAST employee will specify:

It's a small independent application residing in its own directory, therefore it should be able to fix even most broken Avast installations. It's being run daily from task scheduler but it has really small footprint and if everything is fine, exits within seconds. It also has its own release cycle and is able to update itself automatically.

During its run, it identifies some well-known (but very hard to prevent) issues with our products and attempts to fix them, if possible. For example, it detects whether the antivirus service is running and if it is not, it triggers repair. Right now, that's about it. We'll see if it actually helps as much as many people in the office hope it will. :-)

Within the forum tread, the discussion on three pages revolves around the function and why it is installed for testing purposes. In 2018, the tool seems to be widely distributed with the free AVAST virus scanner (and also with other AVAST and AVG products.

How does overseer.exe get on the system?

The is the question, how does that tool came on a Windows system? My first question I would ask: Has the user installed an AVAST or AVG virus scanner? In this case, it has been installed by this software.

However, users affected are often pelading as 'not guilty' of having knowingly installed any AVAST program or file such as overseer.exe. The background is that the AVAST Free virus scanner has been installed on the system as a potentially unwanted program (PUP) with other software since that time. The following screenshot shows the problem during the installation of the CCleaner from Piriform (see my blog post CCleaner comes mit AVAST PUP).

CCleaner V5.37 Installer mit AVAST PUP

This software option can be deselected in the user-defined installation mode. But hardly not all users reads these messages, and so the program lands in Windows unintentionally. 

Note: I'm surprised that Windows Defender didn't complain about the PUP already during the installation, because something like this can be detected. I had several blog posts about PUP, CCleaner and its risks, see article at the end of this post. 

As mentioned above: I also assume that the tool will also come onto the system regularly by installing the AVAST virus scanner (or the AVG counterpart belonging to AVAST). 

How do I get rid of the tool?

Within this AVAST forum post I just found the hint, that the tool won't be uninstalled during uninstalling CCleaner or AVAST. So you need to clean your system manually. This means: delete the relevant folder, check if tasks are available for startup and also check the registry to see if there are (auto-start) entries. An article on Techdows.com describes this. You can also try – if it helps, I don't know – to remove the AVAST stuff according to the instructions on German site deskmodder: Boot into safe mode and use the AVAST Uninstall utility. Maybe this will help. 

Similar articles:
CCleaner 5.45 pulled and other peculiarities
AVAST CCleaner 5.45 and the telemetry thing
CCleaner comes mit AVAST PUP
CCleaner has been infected with malware
PUP: AVIRA adds Aviara Launcher to paid version
Slimjet browser: Beware of Bing search engine
Is FlashPeak Inc. shipping Slimjet browser with a backdoor?
Firefox addon Web Security transfers private data
HP installs secretly HP Touchpoint Analytics Client telemetry client


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in issue, Windows and tagged , . Bookmark the permalink.

One Response to Windows (or Defender) reported overseer.exe

  1. files in system32 as been replaced and move to
    windows/system32/Common Files/AVG/Overseer/overseer.exe.hbhb3662.tmp.

    I had to robocopy to system32

Leave a Reply to Roger Coderre Cancel reply

Your email address will not be published. Required fields are marked *