Avast Now Practises Self-Cannibalism??

Well OK I was updating Avast cuz I got the pop-up that says “Avast is out of date; in order to better protect your PC blah blah…” so I chose to update. ::slight_smile: (Shouldn’t the update be silent/automatic instead of popping itself up to interrupt me when I work?!) :cry: Then, while the update was ongoing, another red pop-up appeared saying “Threat detected!” and the culprit was a file located on… avast.com… ummm, named avastemupdate.exe… umm, curiouser and curiouser. :o

Now I’m stuck in the middle of the updating and avast simply cannot launch its Updater, cuz somehow it decided in a real badass manner to pick an issue with itself! Wow scary… :o

Dear programmers, please fix this ASAP cuz at this rate I’m never gonna upgrade to the paid version! cuz truth be told, this is more than a little embarrassing. :-X

Screenshot. When I hovered over the object name I got a web address directed to avast.com

Hi,
Are you using any proxy or VPN service? I doubt that Avast would use an IP that according to whois is owned by someone in China. Also, we wouldn’t be using links pointing directly to an IP…

20150209.exe seems also not right.
Looks like something from exactly a year ago.

seems you got some malware from China…

I suggest you seek some help from one of the Malware Removal Experts.
Directions here:
https://forum.avast.com/index.php?topic=53253.0

Yeah, it’s odd. 20150209.exe is legitimate file to be downloaded (updates AvastEmUpdate.exe) but there is a possibility that somebody (great china firewall?) tampered with it. If you are able to look at the file, it should be signed by Avast (and Avast itself checks its own signature).

The correct URL is http://emupdate.avast.com/files/emupdate/20150209.exe, file is 170920 bytes long and signed with SHA1 thumbprint ‎18 1e 2a e5 72 7d e6 0f 52 ef 26 d9 0b c6 91 94 81 60 17 93.

Hi,
on the screenshot you can see the following server (ip address):

http://117.75.20.11/files/70170000000D0AE5F/

this is a server located in China, that does not belong or is connected to Avast. This server apparently somehow re-routes or hijacks your traffic. In the past we’ve seen malware hosted on this IP and therefore its blocked as untrusted.

Bye,
Lukas.