Author Topic: What is avast-checker-update.exe and something else  (Read 723 times)

0 Members and 1 Guest are viewing this topic.

Offline D.Murray

  • Newbie
  • *
  • Posts: 1
What is avast-checker-update.exe and something else
« on: April 19, 2018, 07:52:55 AM »
1. Last Sunday I decided, for no reason what so ever, to install update KB4088881 from windows update:

2018-03 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088881)

Shortly after rebooting the system, firewall gave an alarm that avast-checker-update wanted to access hard disk. I was a little suspicious, so I let it do it once. And just after doing it I remembered that it looked like access to raw disk and it was because the disk was something like \Device\Harddisk0\...

Almost immediately after that firewall noted that avast-checker-update.exe wants to connect to ip 52.0.79.27 and I blocked the connection and all connections the exe might want to do later. It also wanted to access raw disk again but I denied it.  Whois lookup at Monday 26 March 2018, 01:18:35 revealed that the ip refers to:

"IP Location:    USA,    Virginia,    Ashburn
IP Reverse DNS (Host):    ec2-52-0-79-27.compute-1.amazonaws.com
IP Owner:    Amazon.com, Inc Amazon.com, Inc
Owner IP Range:    52.0.0.0 - 52.31.255.255    (2,097,152 ip) 
Owner Address:    1200 12Th Avenue South, Seattle, WA, 98144, US
Owner Country:    USA..."

so maybe it is an Amazon customer or something, anyway it does not look like Avast. It could possibly be a rootkit download address. I used Agent Ransack to search all disks to find avast-checker-update.exe but it did not find any. Neither did Agent Ransack find it when searching *avast*.* so I don't think it was any legitimate program at all. Finally, I didn't want to play anymore and booted with rescue disk to restore last good backup from earlier this month. Also run full virus scan for all disks and used aswmbr.exe and tdskiller.exe to find rootkits. Nothing was found. And I have not installed KB4088881 again and nor has avast-checker-update appeared again.

It is hard to believe that there would be a virus in Microsoft update, but after restoring the backup it has not happened again and I had not installed anything else than blender-2.79a-windows64 at 16th of March and avast scan did not find any problem in that. I also uninstalled blender after couple of days after testing it. Anyhow the mysterious avast-checker-update appeared at Sunday 25 of March after installation of KB4088881.


2. At the beginning of March I installed KB4091290 from Microsoft Update:

2018-03 Update for Windows 7 for x64-based Systems (KB4091290)

Don't know why I did it - maybe I was just bored. While I was waiting it to install I was playing Mahjong  because of lack of anything better to do. Suddenly the system jammed completely. No disk access or any other operations were notable. I waited for a while and pushed reset button and the system did boot and looked normal. Installation of KB4091290 had failed as was expected but I couldn't notice anything else. In Microsoft support page https://support.microsoft.com/en-us/help/4091290/march-1-2018-kb4091290 it says:

"Known issues

Symptom
Because of an issue that affects some versions of antivirus software, this fix is being applied only to the computers on which the antivirus ISV have updated the ALLOW REGKEY.   

Workaround
Contact your antivirus manufacturer to verify that their software is compatible and that they have set the following REGKEY on the computer:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

After installing this update, SMB servers may experience a memory leak. Microsoft is working on a resolution and will provide an update in an upcoming release."

I didn't know that before installing the update or if it had anything to do with jamming of the system.  I just run sfc /scannow few times to see and fix any problems with system integrity. Sfc was not able to fix some problems and Windows 7 has not dism as Windows 8 and later versions have but Microsoft has instructions in  a support page to show how to do it in Win7:

https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness

After downloading the System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821):

Windows6.1-KB947821-v34-x64.msu

and installing it as instructed in the support page and running sfc again the system was again ok. After that I found the compatibility issue there might be with AV softwares and KB4091290. Anyway when I then checked the key QualityCompat it was set as required by Microsoft. So the problem was maybe not related to Avast. Anyway the old wisdom "If it ain't broken don't fix it" was proven to be true.

3. What happens to free Avast Antivirus when subscription status expires and it goes inactive. Does it stop working and require upgrade to purchased version or what?

Regards, sr

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70674
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: What is avast-checker-update.exe and something else
« Reply #1 on: April 19, 2018, 08:08:08 AM »
3. What happens to free Avast Antivirus when subscription status expires and it goes inactive. Does it stop working and require upgrade to purchased version or what?
See: https://support.avast.com/article/Activate-Free-Antivirus/
Win 8.1 [x64] - Avast PremSec 21.5.6354.BCi [UI.646] - EEK - Firefox ESR 78.11 [NS/uBO/PB] - TB 78.11
Avast-Tools: Secure Browser 91.0 - Cleanup 21.1 - SecureLine 5.12 - Driver Updater 21.1 - CCleaner 5.82
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0