Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: cooby on June 20, 2013, 07:04:37 PM
-
After doing a very clean uninstalling of 8.1483 in safe mode and after two reboots, I installed 8.1489.
I rebooted and startup scan was running and during that, next thing I saw was a welcome screen from chrome and an enormous chrome updates ran.
OT: Even though I was doing Custom installation, how I missed the chrome checkmark, I don't know, I swear it wasn't there :(
I rebooted again and immediately went in to uninstall chrome.
I guess around that time Avast ran a definitions update, or another short scan, and a big red alert came on the screen about rootkits:
svc: gupdate > C:\Program
svc: gupdatem > C:\Program
See attached log and screenie - not sure if really rootkits or avast's internal error.
At some point, in my state of confusion by now, avast suggested boot scan, OK.
It went through all my partitions for hours. I don't think anything was found other that an item in a year-old copy of, all things, avast log I had in My Documents.
The aswAr.log upon next reboot looks clean.
I subsequently checked the web, and those two names, gupdate and gupdatem, seem to be related to that chrome varmin:
http://www.bleepingcomputer.com/startups/GoogleUpdate.exe-25791.html
http://www.bleepingcomputer.com/startups/GoogleUpdate.exe-26582.html
What do I do now? Do I really have a rootkit which bootscan didn't see? How to check? Is gmer still part of avast's scanner?
-
virus and false positive problems should be posted in viruses and worms forum section....that is what it was made fore
see logs to assist in cleaning malware guide at top in that forum section....
-
hope every body is well today.
gupdate and gupdatem are not dangerous. they are used to update many google products, such as google earth etc. it is safe to simply delete them.
they did come with chrome but are actually no problem.
delete and have a good day.
-
virus and false positive problems should be posted in viruses and worms forum section....that is what it was made fore
see logs to assist in cleaning malware guide at top in that forum section....
@Pondus,
I had two options
1. Post in virus help forum
2. Post here.
Considering that the information I have is mangled with installation issues, and information in the error log, I thought here is the best place.
I had no intention, yet, of acusing avast for including a rootkit in the installer. To go to the other forum comes close to it :)
@pinkme,
Quite possible, as the reference from bleepingcomputer I quoted indicate. At least I hope it is ok. But if you read my entire post, you would see that these must have remained after uninstalling and avast alert suggests a rootkit.
-
Hi cooby,
For convenience, the two modes are stored in the same executable. It is a chrome coder's choice - client side and server...
The consumer editions install both Chrome and Google Update on a per-user basis...
Quote taken from: https://code.google.com/p/chromium/issues/detail?id=114356
You may find all of the ansers to your questions in that link on Issue 114356: Google Update Services (gupdate & gupdatem)
link article author = ryan myers
polonus
-
@Polonus,
1. I wanted to mention it several times, here and in the mobile forum, - so finally: I love your genuine Polish Eagle :)
2. Nice link, thanks. Confirms what BC says, but only on name.
But Avast hasn't told me, not in any logs I examined, where that rootkit is. "Program" means nothing to me. "C:\Program (*RAW:SVC: gupdate > C:\Program)" means nothing to me. I have no such directory.
And I still don't know if it was an installer flaw or what avast distributes as chrome has or has not a rootkit in it that is/is-not now on my computer. Simple questions, eh?
Now, I know google says they mean no evil, and I know for sure avast does not, yet ...