Avast Emergency Updates

[rlclifford]

 I have Winpatrol running on my System and Being Alerted of a Avast Emergency Updates Type Runonce at startup 3 so far in the last few days here's the last one

 d72679b3-ccec-4fde-9658-159e46796333.exe In setup/emupdate folder

 Is Avast doing this? Or is it being Hacked?? I can not find any info on these files!!!

[CraigB]

emupdate is a legitimate avast process so do allow it.

[rlclifford]

Thank you for the reply!!!

[olddog]

emupdate is a legitimate avast process so do allow it.

emupdate is a legitimate Avast process, but whether the individual "random name" files are legitimate depends on whether they are properly signed by Avast. I have yet to be convinced that this backdoor procedure doesn't open up a possible security hole.

Interestly this morning there are two "random name" files in my emupdate folder, both Avast signed. One dated 28/12/2013 and the other 31/12/2013. A WinND5sum shows that they are identical  (93f3fad76b9a38d19c4c6db46542089c)

Given that the PC is run each day for some considerable hours, it seems the emupdate process has been applied twice (since my last full reinstall), the same file (albeit with a change of name) has been downloaded twice (at my expense) and the process both times has failed to clean up. Not impressed !

[jwoods301]

There seems to be some confusion on what RunOnce actually means.

It doesn't mean "run one time only".

From Microsoft...

"Run and RunOnce registry keys cause programs to run each time that a user logs on. The data value for a key is a command line."

"By default, the value of a RunOnce key is deleted before the command line is run. You can prefix a RunOnce value name with an exclamation point (!) to defer deletion of the value until after the command runs. Without the exclamation point prefix, if the RunOnce operation fails the associated program will not be asked to run the next time you start the computer."

This example from a Windows XP SP3 box shows that the key was updated today, and by my observation, updated daily...

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce   20131224   REG_SZ   C:\Program Files\AVAST Software\Avast\setup\emupdate\c101a010-40fe-42c9-a1d7-4b42d9a59aea.exe /check   12/30/2013 9:00:02 AM   101   

[miguelgrado]

emupdate is a legitimate avast process so do allow it.

emupdate is a legitimate Avast process, but whether the individual "random name" files are legitimate depends on whether they are properly signed by Avast. I have yet to be convinced that this backdoor procedure doesn't open up a possible security hole.

Interestly this morning there are two "random name" files in my emupdate folder, both Avast signed. One dated 28/12/2013 and the other 31/12/2013. A WinND5sum shows that they are identical  (93f3fad76b9a38d19c4c6db46542089c)

Given that the PC is run each day for some considerable hours, it seems the emupdate process has been applied twice (since my last full reinstall), the same file (albeit with a change of name) has been downloaded twice (at my expense) and the process both times has failed to clean up. Not impressed !

idem...two emergency files but any problem solved.. think

[chris..]

emupdate is a legitimate avast process so do allow it.

Hello,

I think as long as we will not have a specific example about what really makes this legitimate process, we still have many posts about it.
Why avast has not yet spoken about it?
Pleasure?
No needed to know ?

[midnight]

WinPatrol popped up yesterday asked if I wanted to run the Emergency Update so I clicked on allow.  I'm not the least concerned about it.

[NoelC]

I'm not the least concerned about it.

Either you've read a lot into what people have reported here, and/or you have ultimate faith in Avast's protection, and/or you just like living dangerously.   

When the security software starts to act more like malware people really SHOULD notice. 

But apparently this (relatively new) behavior is now becoming well-known and expected of Avast.  I've had several copies of GUID-named executables show up and a RunOnce entry added since my last reboot several days ago.  Seems a bit like overkill, but if you're infected and this "emergency update" stuff saves your bacon I'm sure it will be a happy time.

-Noel

[Pondus]

WinPatrol popped up yesterday asked if I wanted to run the Emergency Update so I clicked on allow.  I'm not the least concerned about it.

Ehm..... well we know your memory is not the best

http://forum.avast.com/index.php?topic=142468.0

[hake]

Is 'emergency update' a delivery channel for software patches?

The use of random file names is a great nuisance.  Is it a 'subtle' nudge in the direction of Avast Security Suite?  I would say that the feature, as implemented, is a big put-off.

[midnight]

WinPatrol popped up yesterday asked if I wanted to run the Emergency Update so I clicked on allow.  I'm not the least concerned about it.

Ehm..... well we know your memory is not the best

http://forum.avast.com/index.php?topic=142468.0

I'm not concerned about it now.  It doesn't show up in start up or task scheduler so I don't know where it's hiding.

[jwoods301]

Is 'emergency update' a delivery channel for software patches?

The use of random file names is a great nuisance.  Is it a 'subtle' nudge in the direction of Avast Security Suite?  I would say that the feature, as implemented, is a big put-off.

This description of Emergency Updater was posted in June 2012 (link provided by Lukas from Avast on the Feeedback site)...

http://www.ghacks.net/2012/06/30/avast-update-brings-emergency-updater-and-sitecorrect-features/

[NoelC]

This description of Emergency Updater was posted in June 2012

That and the GUID-named executables are two different things.  Maybe they're related, but we haven't had word on the latter and the linked article doesn't cover it.

-Noel

[GreggH]

This description of Emergency Updater was posted in June 2012

That and the GUID-named executables are two different things.  Maybe they're related, but we haven't had word on the latter and the linked article doesn't cover it.

-Noel

This was Nov. 23, I believe. And it is in reference to the Nov. 21 GUID emupdate...

http://forum.avast.com/index.php?topic=140730.msg1025160#msg1025160

Gregg