avast gave me malware

[kari hakkarainen]

hi i downloaded avast driver updater thru there free app ( avast free virus) and malware bites found 8 differant malwares now iam confused.

[DavidR]

First I would say that there aren't 8 different  instances, it is effectively doubling up as registry keys (for scheduled tasks) in themselves aren't really an issue.

It is also the same for the other detections as they all relate to the single file Avast Driver Updater.exe.  Essentially this is one detection.

Having whittled it down to one detection, on a single file, then you have to look at what it has detected 'Generic.Malware....'.  Generic detections can be sometimes result in false positive detections, based on the non-signature based methods used in generic detections.

Personally I'm not a fan of Driver Update software, from Avast or any other source, I tend to leave drivers alone unless there is a specific reason to update one and then I would seek out the driver update file.  So do you really need a driver updater or not, I'm not sure if the Avast Driver Updater is actually free (or could this be a trial version).

You could upload the file to virustotal.com and see what results you see there, but again watch out for generic/heuristic detections.

[kari hakkarainen]

thanks david. so was malwarebites right in quarantened the files? i didnt want anything to do with them i deleted them and uninstalled the updater. and i sent the threat lab a copy of the results. so should i be right now. ran mbites again all sweet.

[Pondus]

https://www.virustotal.com/gui/file/1ca1fd1120765247cc9f19836a38d4140210471a2ef9ea8561364414ce046006/detection

[DavidR]

thanks david. so was malwarebites right in quarantened the files?

i didnt want anything to do with them i deleted them and uninstalled the updater. and i sent the threat lab a copy of the results. so should i be right now. ran mbites again all sweet.

It is hard to say one way or another as I have no clue as to what their Generic detection is/was based on.  But essentially MBAM didn't quarantine them, you did as you didn't uncheck/deselect any of the options and you must have clicked the Quarantine Selected button.

What I would say is that they are over egging the pudding, as essentially there is one issue, the rest stem from it.

I'm not sure what Pondus is trying to show in his post, as I don't know how he came about it as I see nothing in your posts related to the LittleInstaller in the virustotal results.  Other than 'DriverUpdater' mentioned by two of the detections.

If this was truly the Avast Driver Updater process (which would appear to be the case, as you downloaded it) then that file should have been digitally signed by Avast.

[Pondus]

I'm not sure what Pondus is trying to show in his post,

just showing who is detecting / not detecting it at the moment

as I don't know how he came about it as I see nothing in your posts related to the LittleInstaller in the virustotal results.

That is the file i get when clicking "download trail" here  >>  https://www.avast.com/driver-updater

If you click Details tab in VT and scroll Down to Names, it will show that the file has had several different names

[Cluster-Lizard2014]

Are saying that this 'LittleInstaller' is a legitimate tool that is actually being used by their Avast Driver Updater?

If so then AVAST should answer a few questions because, SlimWare Utilities, Inc. 'LittleInstaller' is considered a PUP (Potentially Unwanted Software) by some sources. It is not a new 'problem' either.

https://www.bleepingcomputer.com/forums/t/581634/driver-update-is-this-malware/

That means it is on many AV/AM/ADW security programs PUP definitions list and will be treated as potential malware. That is almost certainly what Malwarebytes is doing and also including the other related files, for the reasons DavidR explained earlier.

The question AVAST should answer is whether this tool is actually what their Avast Driver Updater is and why they did not recognise the possibility that other security software might report it as a PUP?

I do not like driver updaters in general either. The IOBitDriver Updater I'll happily admit using helped find me a couple of obscure drivers Windows XP driver updating had not found when I first set up a dual boot PC.

But after that it kept on reporting that I had old or very old drivers on both systems even though I had updated them only a few weeks before. It had a particular obsession with updating my main OS USB 3.0 Controller driver, and it seems uninstalling the old one first and then requiring a restart........................................which is bit tricky when its just disabled every USB 3.0 capable port including those used by the keyboard and mouse.

Dumb behaviour. Having something capable of doing that set to do it automatically is even dumber.       

[DavidR]

I'm not sure what Pondus is trying to show in his post,

just showing who is detecting / not detecting it at the moment

as I don't know how he came about it as I see nothing in your posts related to the LittleInstaller in the virustotal results.

That is the file i get when clicking "download trial" here  >>  https://www.avast.com/driver-updater

If you click Details tab in VT and scroll Down to Names, it will show that the file has had several different names

I clicked the Download Trial and it is just the software installation/setup file (so there is a likelihood that it could be considered a pup), but why a file that is digitally signed is getting pinged is beyond me.

When you look at who is and who isn't detecting this  and most of the 'major names' aren't detecting it, I don't know if this is due to digital signatures or not.  What I found interesting is that Malwarebytes 'isn't detecting' it

It looks like Avast Software either have a deal with or now own Slimware Utility Holdings and avast are using LittleInstaller as the internal name.

[sschriver]

If Avast has a relationship with a company as shady as Slimware, I don't want to have anything to do with Avast anymore.

I am a lifetime member of Slimware/DriverUpdate.  As recently as a month ago, I was able to log into my DriverUpdate account and get my registration number anytime I need it.  I put it in my new laptop just a month ago.  However, this month, when I wanted to put it in my new desktop, the ability to log into an account is gone.  I've probably had the membership for over 10 years back when it was only DriverUpdate, before Slimware was added to it.

So now, when i go into the sign in, i only have the option of sending an email and waiting for 48 hours, or chatting online.  No more logging in. I chatted online and low and behold, my name or email address could not be found, and I felt they were laughing at me.  I've seen other lifetime members also upset at suddenly not being found in the system.  Basically, they don't want to honor the lifetime members anymore and people won't find that out until it is time to reinstall.

At one time, in the app, there was a tab with all your info.  That is gone, too, so I can't even get my registration number from the app I do have registered in my laptop.   They've made it so there is no way to retrieve it unless you saved your purchase email from years ago.  But since I could always log in and get it myself, I didn't need it.

I'm sure they think they can crap on their existing customers because Avast is doing such a great job of selling their product for them. 




'

[Asyn]

Hi, Avast Driver Updater has been reworked from scratch and has no relation to Slimware.

-> https://www.avast.com/driver-updater#pc
-> https://www.virustotal.com/gui/file/364f2567464b1541dba88b18e451d85c5458980b8a4b72a2515dee71775652cd/detection