Avast WEBforum
Other => Viruses and worms => Topic started by: jdtech on February 24, 2012, 01:57:18 AM
-
I have recently discovered the file Betterinstaller.exe located in C:\Users\"username"\AppData\Local\TempDIR. I discovered it on my own during a temp file cleanout. I scanned it with my Avast antivirus free version. Told me no threat detected. I goggled to find out more, when i did i saw alot of things suggesting it was a threat. I downloaded the Avast aswMBR as suggested by another user on this site. To my surprise "Threat Found, Infected with Betterinstaller.exe. This was the only threat found by the avast aswMBR. My question is if this is a known threat by Avast why doesn't the free version detect it? My program and virus definitions are updated to the latest versions. I have really liked Avast and have always relied on it. This is the 1st time Avast has ever overlooked something (to my knowledge). Now that i know this it leaves me with an uneasy feeling and feel as if i am not properly protected and need more.
-
Can you post the contents of the aswMBR log in your next reply.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (https://www.virustotal.com/) and report the findings here, post the URL in the Address bar of the VT results page.
-
I wiped my pc and ran a restore from backup right after posting, sry.
-
No problem, something to remember should it happen again.
Welcome to the forums.
-
I actually just came across the same issue using the latest version of AIS. MBAM actually detected BetterInstaller.exe asa PUP:
C:\Users\*******\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto)
AIS does not detect the file as malicious, but according to quite a few Google results, it is indeed a threat. I scanned it on VT, here is the link to the scan results:
https://www.virustotal.com/file/738a98aaf02f6f3077dc91aee772649f7bdd917bcdf0915ac7b3b449551ff7df/analysis/1330379809/
-
Part of the reasoning behind that would be in its name indicates:
PUP (Potentially Unwanted Program) so it entirely depends on if you knew it was installed. I would say this is pretty low level threat.
- The regular on-demand scans Quick and Full System Scans don't scan for PUPs (Potentially Unwanted Programs) by default, you have to have elected to scan for them ?
My guess on the reason they aren't scanned for by default is exactly because of what you did here, deleted the file as you feel it is a threat when it might not be. The greatest majority of files scanned in on-demand scans are inert or dormant, so don't present an immediate risk.
The resident scanner (File System Shield) can scan for PUPs (change Expert Settings) if you feel you want to know if one of these is actually run.
BundleInstaller - generally installed as part of a package, a pre-checked option when installing something else.
If you didn't install it or know it was present, then to you it is unwanted, so let MBAM deal with it.
-
Thanks for your reply David! :)
As a note, I have my heuristics sensitivity set to "High" and I also have PUP scanning on, but it's not detected.
I know it's not a huge threat, but I stumbled upon this thread from Google and thought I'd chime in and try to help. This file has probably been lying dormant on my system for several months, and was only picked up today after an MBAM definitions update. I think it may have come from an app I downloaded from cnet, which now bundles their downloads inside a wrapper. I've been staying away from that site since I found out about the "extras" they include in their downloads!
-
You're welcome.
MBAM makes a good companion for avast as you might have seen from many peoples signatures.
-
Thanks for your reply David! :)
As a note, I have my heuristics sensitivity set to "High" and I also have PUP scanning on, but it's not detected.
I know it's not a huge threat, but I stumbled upon this thread from Google and thought I'd chime in and try to help. This file has probably been lying dormant on my system for several months, and was only picked up today after an MBAM definitions update. I think it may have come from an app I downloaded from cnet, which now bundles their downloads inside a wrapper. I've been staying away from that site since I found out about the "extras" they include in their downloads!
Yes. We can both thank CNET for that. I'd like to get rid of it, but it won't harm anything and I'm afraid deleting it will take out a couple of applications I (stupidly) downloaded from CNET that I don't want to lose.