Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

AvastEmUpdate.exe Identified By 4 AV Programs As Containing/Being a Backdoor Trojan


Recommended Posts

Advanced SystemCare Ultimate Report

 

System:Windows 7

x64 Bit:True

Scan mode:RightScan

Update time:2012-10-28 13:02:24

Scan time:10/28/2012 10:36

Time elapsed:00:00:00

Objects scanned:1

Detections:1

Repaired:1

 

 

Scan Settings

------------------------------------------------

Fix found threats automatically: True

Skip files: False

Maximum recursion depth 20

Scan executable files and document files only: True

 

Whitelist

------------------------------------------------

 

Details

------------------------------------------------

C:\Program files\Avast software\Avast\Avastemupdate.exe Gen:Variant.Zusy.22497 Quarantine on reboot

 

Bitdender (same scanning engine as ASCU) and several other programs identify this file as containing/being a trojan

 

As you can see from the report I had auto repair set to yes. After the scan ASCU said the file was qurantined. However, it did not appear in Quarantine. I rebooted, rescanned with same result; i.e., ASCU said the file is quarantined but I could not find the file in Quarantine.

 

Here is the scan log

 

[RightScan2012102810]

DateTime=2012-10-28 13:02:24

10/28/2012 10:10:32 AM: C:\Program files\Avast software\Avast\Avastemupdate.exe|DelFileAndBackReboot=Gen:Variant.Zusy.22497

10/28/2012 10:11:11 AM: C:\Program files\Avast software\Avast\Avastemupdate.exe|DelFileAndBackReboot=Gen:Variant.Zusy.22497

10/28/2012 10:12:30 AM: C:\Program files\Avast software\Avast\Avastemupdate.exe|DelFileAndBackReboot=Gen:Variant.Zusy.22497

10/28/2012 10:36:14 AM: C:\Program files\Avast software\Avast\Avastemupdate.exe|DelFileAndBackReboot=Gen:Variant.Zusy.22497

 

The file was identified as a trojan in both a Right Click scan and in a Full Scan on another computer.

 

1. Whether or not the file is a FP or not is one issue.

2 In additiion, I could not locate in ASCU where I could upload the file for testing.

3. Besides not being able to locate how to upload the file in ASCU for testing my question is how come if ASCU says the file is quaranatined it does not show up in Quarantine even after a reboot and rescan which still says the file is quarantined in the rescan but still the file does not show up in Quarantine?

Link to comment
Share on other sites

Hi Buddahfan,

 

Avastemupdate.exe being one of the files of Avast (or at least pretending), it could be protecting one of it's own files.

 

What do you mean by uploading the file for testing in ASCU?

If you mean something similar like Cloud upload in IMF, I don't think ASCU has such a possibility.

 

You can try uploading to IObit Cloud though.

 

Cheers.

Link to comment
Share on other sites

The file is not deleted. I just looked and saw it.

 

I uploaded to IObit Cloud and it sanned the file. The file came up clean. Enoskype provided the reminder and link on how to how to do it. Thanks

 

It could be a bad file but my guess at his point is that it is good and and a FP.

 

I have a post on the avast! Forum about it that I need to check to see if there is any more information about it.

 

Poinsts #1 and #3 of my three points still stand unanswered.

 

1. Whether or not the file is a FP or not is one issue. Though at this point it looks like FP in ASCU.

 

3. How come if ASCU says the file is quaranatined it does not show up in Quarantine and is not deleted even after a reboot and rescan which still says the file is quarantined in the rescan but still the file does not show up in Quarantine but shows up in the avast! program folder?

 

On the Virustotal on line scan site Bitdefender is one of the four AV packages that identifies it as a Trojan. I did not check over at the Bitdefender forum yet to see if they have any posts on it. I have posted a question there before about a problem with Trafficlight and never go an answer so I uninstalled Trafficlight

Link to comment
Share on other sites

Hi Buddahfan,

 

Avastemupdate.exe being one of the files of Avast (or at least pretending), it could be protecting one of it's own files.

 

What do you mean by uploading the file for testing in ASCU?

If you mean something similar like Cloud upload in IMF, I don't think ASCU has such a possibility.

 

You can try uploading to IObit Cloud though.

 

Cheers.

 

I ran the IObit Cloud scan. It says the file is clean.

Cloud Scan: SAFE

 

File Basic Info:

File Icon:

File Name: avastemupdate.exe

File Size: 241.43 KB (247,224 Bytes)

File MD5: 2ce16fc0e4ae1db9d3a840caad2c19cd

File SHA1: 1296706a204d6788f607dde62ccde59363729e2d

File Type: exe

 

So IMF says its clean. IObit Cloud Scan says it clean. Malwarebytes, SAS, Sophos, Norman, Kaspesky all say it is clean.

Link to comment
Share on other sites

Then it should be because of BitDefender's database. (Oct. 29, 2012)

BitDefender ----------- Gen:Variant.Zusy.22497 ----------------------- 20121029

As seen in the VirusTotal report in the first post of yours together with 3 other A/Vs.

 

Cheers.

 

I noticed that too:smile:

 

Hurricane Sandy is destroying America's east coast. Worst ever in America since hurricane tracking began. Worst yet come

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...