Author Topic: About a (possible) Microsoft website and some files  (Read 7963 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
About a (possible) Microsoft website and some files
« on: August 14, 2014, 10:45:07 PM »
Hello everyone.

I was using my computer normally today, and suddenly, Avast told me about a file that is rare or that almost nobody have it.

I forgot to take a svcreenshot of it, so I going to tell some information about it:

- Website: au.v4.download.windowsupdate.com (I don't remember the rest of the URL)

- File that started the download: C:\Windows\System32\svhost.exe

Do you guys know if it's a false positive?

Thank you for helping me.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: About a (possible) Microsoft website and some files
« Reply #1 on: August 14, 2014, 11:39:54 PM »

REDACTED

  • Guest
Re: About a (possible) Microsoft website and some files
« Reply #2 on: August 15, 2014, 04:41:13 PM »
Probably related to this https://forum.avast.com/index.php?topic=153395.0

Well, on the other thread, they said that no problem were observed on Windows 8.1.
But Both my PC and laptop (using Windows 8.1) got something.

I also upload a screenshot.

I also got the whole name of the file and the origin, if you want.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: About a (possible) Microsoft website and some files
« Reply #3 on: August 15, 2014, 04:49:33 PM »
KB890830 seems to belong to  microsoft windows malicious software removal tool

Quote
I also got the whole name of the file and the origin, if you want.
you may give that


if you want a malware check, follow instructions here  https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes / Farbar Recovery Scan Tool / aswMBR logs

when done one from the malware removal team will check the logs



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: About a (possible) Microsoft website and some files
« Reply #4 on: August 15, 2014, 04:55:20 PM »
could be this.....

First submission 2014-08-12 17:11:12 UTC ( 2 days, 21 hours ago )

File name:Windows-KB890830-x64-V5.15.exe
Publisher:Microsoft Corporation  (signed and verified)
Product:Microsoft Windows Malicious Software Removal Tool
Description:Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet
Version:5.15.10500.0
MD5:d6bceddbc13a4ba05a273cf539f3f5e3
SHA-1:63635be41ebac60d56206147974a5fb6264db4c9
SHA-256:baa5dd6558931805cd1b2a95460d10f8ab68bf183145ce8bec5bfd20bf6bddfe



or this  First submission 2014-08-12 18:48:53 UTC ( 2 days, 20 hours ago )

File name:Windows-KB890830-V5.15-delta.exe
Publisher:Microsoft Corporation  (signed and verified)
Product:Microsoft Windows Malicious Software Removal Tool
Description:Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet
Version:5.15.10500.0
MD5:d1317f3696e4ffbc37cec7f8abaa49c4
SHA-1:1d1ca2ed03408e3f1a6780629371e9e599583998
SHA-256:63fb90dd569c833e6aa2a688fcf61b0724862dc6feb4d82c0255f5df2621a7f4
« Last Edit: August 15, 2014, 04:58:20 PM by Pondus »

REDACTED

  • Guest
Re: About a (possible) Microsoft website and some files
« Reply #5 on: August 15, 2014, 05:32:53 PM »
KB890830 seems to belong to  microsoft windows malicious software removal tool

Quote
I also got the whole name of the file and the origin, if you want.
you may give that


if you want a malware check, follow instructions here  https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes / Farbar Recovery Scan Tool / aswMBR logs

when done one from the malware removal team will check the logs

The whole name and the whole origin:
File (full name): windows-kb890830-x64-v5.15-delta_e41e8e04859c6d2b1b81aca0606d139846185cd0e4.exe
Origin: h/ttp://au.v4.download.windowsupdate.com/d/msdownload/update/software/uprl//2014/08/windows-kb890830-x64-v5.15-delta_e41e8e04859c6d2b1b81aca0606d139846185cd0e4.exe

PS: Just remove the "/" from the "h/ttp" to get the whole link.
Did that for safety purposes.

I will do the malware removal later, but can I post here as a reply? Or should I create a new topic?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: About a (possible) Microsoft website and some files
« Reply #6 on: August 15, 2014, 05:39:14 PM »
Quote
I will do the malware removal later, but can I post here as a reply? Or should I create a new topic?
just continue here


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40604
  • Dragons by Sasha
    • Malware fixes
Re: About a (possible) Microsoft website and some files
« Reply #7 on: August 15, 2014, 07:21:12 PM »
It is a false alert due to the nature of the malicious software remover tool

REDACTED

  • Guest
Re: About a (possible) Microsoft website and some files
« Reply #8 on: August 15, 2014, 08:10:32 PM »
It is a false alert due to the nature of the malicious software remover tool

Should I still do the malware removal thing?

Mostly of times, I create the logs for the Malwarebytes team. Or should I create the logs for the Malware removal team from this forum?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40604
  • Dragons by Sasha
    • Malware fixes
Re: About a (possible) Microsoft website and some files
« Reply #9 on: August 15, 2014, 08:24:15 PM »
No requirement as it is a false positive on Avasts part :)