Thank you for all your answers and advices.
I myself did not consider this is a malicious behavior, just wondering why this is needed.
Now I suppose this is related to GrimeFigher, as it is some kind of Linux system and might need a change of boot configuration.
http://technet.microsoft.com/en-us/library/cc709667%28v=ws.10%29.aspx
If Online Armor telling that avast wanna configure BCD, then we must assume that this action is legitimate. But such action can easily be malicious as well.
Do you wish to check that? FRST shall resolved the mystery. Or you/we can clean temp files. All files in %temp% should be safe to remove. This CMD commands shall attempt to clean files from %temp% folder:
CMD (aka command prompt) > type:
DEL %TEMP%\*.* /F /S /Q
Enter and then type ...
CMD: RD /S /Q %TEMP%
Enter ...
Thanks for the advice.
I deleted all TEMP files and rebooted the computer. Then, bcdedit.exe is created again.
Could you tell me how to use FRST tool?
But i m sure it comes from avast's "AvastEmUpdate.exe".
Strange, Online Armor says it's from AvastSvc.exe not AvastEmUpdate.exe...
I also have XP Pro with SP3 and the latest Avast Free version. Sometime last week, I also noticed BCDEDIT.EXE being created daily in C:/Windows/Temp ... not sure why this is happening, but it does not seem to be causing any issues. It would be nice to know if this is a side affect of some update by Avast or not.
I also don't have any troubles about it.
I hope I have a clarification from avast! team about what this behavior is.
It is not my wish to make any criticism or rant towards avast!