MpMiniSigStub.exe alert

[pokl]

 Version  6.01644
win 7x64

yesterday i got an alert ;
C:\Windows\SoftwareDistribution\DownIoad\1nstaII\mpas-d_bd_1.165.2.3O9.O.exe> MpMiniSigStub.exe Medium Threat: Win32:Evo-gen [Susp] Move to Chest
i let it move to chest, today i got a second alert.
The references on this forum point to avast being unable to scan this file ; in this case it is treated as a virus.
i suspect it might be a virus:this is what just occurred:
i clicked ok to move to chest.
so the file was removed from   "C:\Windows\SoftwareDistribution\DownIoad\1nstaII\"  notice 1nstaII is spelled with 1 not L

EDIT:The 1nstall issue is not right, the "1 "is caused by the fact i had onenote ocr'd my screenshot from this alert .( i could not find a way to copy this from the avast gui.

A minute later the dir "1nstaII"was removed
i then got this Fw alert:


The file location suggests windows update, but this is my update history: no file called "MpMiniSigStub.exe" has been downloaded via win update the past 2 days



I would really like some assistance please, thanks



EDIT:

I just discovered windows update triggers the alert:



EDIT 3:

after this failed update attempt i could look at the actual file ,it is:
C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.165.2309.0.exe

EDIT 4:

virustotal result : "Probably harmless! There are strong indicators suggesting that this file is safe to use. "
 https://www.virustotal.com/en-gb/file/c225cff19a8fb92b6bcf29619903738af314b0bac0047c81f4d5159b1ea6a3f4/analysis/

[essexboy]

This is an update for Microsoft security essentials/defender and as such is probably not encrypted hence Avast alerting on it.  You may temporarily disable Avast whilst downloading this update.  If it alerts again click the false positive link at the bottom of the popup 

[pokl]

Thanks, i got the update ok after disabling avast.
But there is no "false positive link at the bottom of the popup  ".see the screenshot above
or do you mean the "submit the file box" ? ,i have this box ticked.

[essexboy]

Aye sorry I forgot that changed with the latest version 

[pokl]

I had the box ticked ,so avast has the file.
Thank you for helping out.

[Eddy]

Version  6.01644?
I sure hope that is not the avast version you are using.

[pokl]

Version  6.01644?
I sure hope that is not the avast version you are using.

Yes, why?
I read there are many issues after upgrading , so decided to wait.....

But , my false positive woes are not over ; this morning endless popup alerts on the screen, had to use the off button .
Before the reboot i :
1.  set an exclusion in the main scan : " C:\Windows\SoftwareDistribution\Download\*  "
2. Disabled windows update.
3.  then rebooted ,but hanging on the "welcome "screen.
4. Reboot in safe mode ; disabled Avast startup and service.

So now i am back into a running OS , without an av !
I presume your advice would be to upgrade ? although the cause for  a false positive should be the av db , not the program version ?

snippet from usntr log:
26-1-2014 0:32:07   Processing file C:\Windows\System32\MpSigStub.exe...

[CraigB]

The best option imo that you could do is download the avastclean tool and a new copy of the latest avast version from here http://forum.avast.com/index.php?topic=145192.0

Run the clean tool ( which will reboot the system into safe mode ) to remove any remnants of avast, run tool for all versions of avast ever installed then reboot back to normal mode and install the new avast.

"Hint" disable defender as it's protection level is abysmal and you'll gain back some system resources as well giving better performance, avast covers you in the areas that defender is supposed too and if you want a second opinion scanner then Malwarebytes would be the most highly recommended to use with avast.

[pokl]

The best option imo that you could do is download the avastclean tool and a new copy of the latest avast version from here http://forum.avast.com/index.php?topic=145192.0

Run the clean tool ( which will reboot the system into safe mode ) to remove any remnants of avast, run tool for all versions of avast ever installed then reboot back to normal mode and install the new avast.

I'll guess i will do this when i have some time.
Is there a "ini"somewhere? i have some exlusions set in avast, would be easier to copy those and paste into the new avast .

"Hint" disable defender as it's protection level is abysmal and you'll gain back some system resources as well giving better performance, avast covers you in the areas that defender is supposed too and if you want a second opinion scanner then Malwarebytes would be the most highly recommended to use with avast.

I was sure i did disable Defender , but it was not , or it has enabled itself.