Anyone know what this Avast file is?

[rezerekted]

I go to the toilet and when I get back to my PC my firewall is notifying me that '94519b49-aef8-4350-8c25-b2f29e1c06b6.exe' wants internet access and was running from the setup folder under Avast parent folder. Gave it temp access but when I go to look for that file there is no such file.

 

[michalrz]

I go to the toilet

Clearly not a security buff

The amount of moronic upgrades that free AVs get is hard to follow, but this particular one sounds malwareish. It shouldn't be in the software's root folder.

 

[michalrz]

It disappeared because it might have became active and hid itself. Sorry for not providing specific data, but connecting the drive to a known good system would be a start.

 

[rezerekted]

Ran Linux off a bootable USB, ran Process Explorer, RogueKiller, TdssKiller, Malwarebytes Anti-Rootkit and a few other tools and I am clean. I think it was perhaps a temp file self updater to Avast is all.

 

[michalrz]

Yeah you definitely hit it hard, if it was anything wrong you'd find something.

I agree about it probably being a temp updater but I haven't seen plenty of occasions where software does that. I was under the impression %appdata% or some other temp place was the usual launchpad.

Sorry for adding to the panic.

 

[rezerekted]

Perhaps I will open Avast forum account and ask about it there because it wanting Internet access is a bit weird.

 

[rezerekted]

Got another Firewall alert so joined Avast forum and asked about it and they are just emergency update files, also that is an Avast protected folder so no worries. FYI.

 

[michalrz]

I'm glad you don't have to nuke it from orbit.

However that's kind of why I quit using application level firewalls like ZoneAlarm. I found myself kind of guessing some decisions it was presenting to me. I don't want to lookup each and every update server for everything I have running. Really, at one point you will simply agree to infection because you had no way to know. The user isn't supposed to perform heuristics.

I would whine a bit about how there's no such thing as an 'avast protected folder' but all I'd be saying is -once again- resistance is futile
However- it's mostly the software in question that fails and infects itself.
In this case, a potential vulnerability in Avast that would allow remote writing to the installation directory by Avast itself is enough of a reason not to even mention the term 'avast protected folder'. Who watches the watchman ?

 

[rezerekted]

I just use Windows firewall but I have this front end for it called Windows 8 Firewall Control that has its own way of creating rules. If I used just the Window Firewall as is I would never have noticed anything.

On the bright side, I now have about ten more anti-rootkit/malware tools in my tools folder thanks to this Avast updater alert.

The guy at Avast said only Avast can write to that folder.