Author Topic: Emergency Update 2013-11-21?  (Read 129393 times)

0 Members and 1 Guest are viewing this topic.

Tetsuo

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #15 on: November 23, 2013, 09:48:24 PM »
it seems that it's being given a separate (random) EXEcutable filename on each person's system. 

Avast emergency updates have always worked this way: random filenames (letters and numbers).
When they were first introduced, the download folder for the executable files was C:\WINDOWS\Temp  - which was a very bad idea, by the way.  At least recently they have changed the download folder.

mwsoft

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #16 on: November 23, 2013, 10:01:19 PM »
The emergency update I got does not seem to be the same one talked about in all these posts? I got: C:\Program Files\AVAST Software\Avast\setup\emupdate\45283732-120d-471e-8cdd-23f54d298924.exe /check

Is it the same as earlier, or a revised "emergency update?" I worry about running it so am deleting it w/o doing so. I figure if its "for real" that avast! will post here and tell us, or, failing that, watever it does that is good will appear in the next update to the program? This seems logical, I hope? :)

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Emergency Update 2013-11-21?
« Reply #17 on: November 23, 2013, 10:09:02 PM »
mwsoft,
that's the "random" nature of the executable filename we've just been discussing.   It seems that people who have WinPatrol will see this "emergency update" indicated/titled as 20131121 --- presumably representing the date it was first "created" --- but most people here only received the update today (20131123).   As such, it's likely your update is precisely what we're considering in this thread.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

joe53

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #18 on: November 23, 2013, 10:28:43 PM »
 After using (and recommending)  avast for many years with very few problems, I'm finally forced to register with this forum, and weigh in on this topic.

It concerns me when some randomly labelled alphanumeric executable inserts itself into my auto-startup. I disabled it via WinPatrol as soon as I saw it. After rebooting, no problems.

@avast! As Ricky Ricardo used to say to Lucy, "you got some 'splaining to do!"


Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: Emergency Update 2013-11-21?
« Reply #19 on: November 23, 2013, 10:34:29 PM »
SUPERAntiSpyware is detecting Avast emupdate registry key as Trojan.Agent/Gen.

 Trojan.Agent/Gen
   HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#20131121

BearPup

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #20 on: November 23, 2013, 10:39:10 PM »
@Joe53. I totally agree with you, it is for a similar arrogance on avasts' part that got me to register here recently. So far, no explanations, no apologies, no concern. It makes me consider a new program!

Avast, are you listening?

ram1220

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #21 on: November 23, 2013, 11:13:00 PM »
 I haven't rebooted my computer (Win 7) in days. But I did run an msconfig earlier today for another reason and I found the emupdate checked in my startup items. I unchecked it and am waiting to hear a response from Avast also. With all the release problems with 2014 and Avast's lack of response on that I am worried about this latest "glitch". If it is fact a form of malware I will uninstall Avast and use something else. I also will never put it on another computer I build or repair.

reisender67

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #22 on: November 23, 2013, 11:28:28 PM »
Hello,

I think, Avast has problems with his own self protection. Entries in the registry group "HKLM:Run" can not be delete if the self protection is active.
The same problem with CCleaner.

Greetings
Christian

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Emergency Update 2013-11-21?
« Reply #23 on: November 23, 2013, 11:43:48 PM »
Hi guys,

Yes these are as expected (i.e. no malware). I agree that the random filename is far from ideal (from the mere suspicousness point of view), but this is how it was originally designed.

While the feature was originally called "emergency update", it is now being used to deliver all sorts of updates/patches into avast. It is a mechanism that can update (patch) avast binaries in a lightweight way, usually without requiring a reboot and going through the whole program update process. It is an important mechanism for us (present already since avast v7) that has already "saved" us a couple of times...

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Emergency Update 2013-11-21?
« Reply #24 on: November 23, 2013, 11:53:04 PM »
Vlk,

Now that you're here in this thread, can you enlighten us, specifically:

1) What is the precise purpose/function of today's "update" 2013-11-21 ?
2) Is it really intended to run EVERY time the PC is booted up (or users take-turns logging-on to their accounts)?   [Meaning we should leave it in our startup routine] ---
or was it intended to run only once, in which case we can safely remove it from our startup?

If it's supposed to run every boot:   then for those who accidentally or intentionally removed it, will the "Emergency Update" TASK, in Task Scheduler, reinstate this startup?

« Last Edit: November 24, 2013, 12:07:07 AM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline miguelgrado

  • Advanced Poster
  • **
  • Posts: 801
  • Admin ForoAntispyware
    • Foroantispyware
Re: Emergency Update 2013-11-21?
« Reply #25 on: November 23, 2013, 11:54:14 PM »
Hi guys,

Yes these are as expected (i.e. no malware). I agree that the random filename is far from ideal (from the mere suspicousness point of view), but this is how it was originally designed.

While the feature was originally called "emergency update", it is now being used to deliver all sorts of updates/patches into avast. It is a mechanism that can update (patch) avast binaries in a lightweight way, usually without requiring a reboot and going through the whole program update process. It is an important mechanism for us (present already since avast v7) that has already "saved" us a couple of times...

Thanks
Vlk
greetings, that we already know it but the problem is because it remains in start of windows and does not disappear like in other occasions..thanks

olddog

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #26 on: November 24, 2013, 12:00:20 AM »
..While the feature was originally called "emergency update", it is now being used to deliver all sorts of updates/patches into avast. It is a mechanism that can update (patch) avast binaries in a lightweight way, usually without requiring a reboot and going through the whole program update process. It is an important mechanism for us (present already since avast v7) that has already "saved" us a couple of times...

If the purpose was to patch the program binaries as you say, then I don't understand why:-
(a) it is required to run more than once
(b) there has been no corresponding change in the program download (there should have also been a corrresponding minor version update in the program.
(c) If the patch is so urgent it can't wait for an actual program update, then the present emergency update would not appear to be a reliable method since it relies on the users PC being rebooted, and that can be very infrequent in some cases.


mustang64

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #27 on: November 24, 2013, 12:08:00 AM »
Hey VLK,
How about letting us know if we can remove this thing from our startup??

Those of us with Winpatrol can do that very easily, and there are other ways as well.

Give us a little info here not just a quick hi guys and take off!!

Thanks.
LDS

bikemanAMD

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #28 on: November 24, 2013, 01:21:11 AM »
Yes i'd like to know the purpose of todays emergency update as well, Will it auto remove from startup when it's done?  Can we set it to not start?  It is designed to start on every bootup of PC's?   

Would like either a post with info why it was sent out today, what It fixed?  would be very helpful


olddog

  • Guest
Re: Emergency Update 2013-11-21?
« Reply #29 on: November 24, 2013, 01:51:49 AM »
I think, Avast has problems with his own self protection. Entries in the registry group "HKLM:Run" can not be delete if the self protection is active.
The same problem with CCleaner.

Christian,
Interesting you should mention that. I run with avast's self defense module disabled (primarily because of the issue with CCleaner), and having just checked the "HKLM:Run" entries the one for the "emergency update" is not present, although the "random character.exe" file in question is still in the emupdate file. 

Edit
This particular HKLM:Run entry is NOT present after a clean installation of Avast 2014, nor is the file in emupdate, confirming that the standard installation doesn't run the check on bootup.  Question I have is "was my emergency update HKLM:Run entry placed there as it should have been, done the job it was meant to do and then disappeared into the who knows where, or did something malfunction and not put it there in the first place, and thus the job it was meant to do actually hasn't been done?
If any of the standard binaries get changed/updated/patched after installation, there should be an indication somewhere that the installation is no longer the version it was previously.
« Last Edit: November 24, 2013, 03:05:40 AM by olddog »