Avast scan says AvastSvc.exe is PUP ?!?

So is this the ‘real’ avastsvc.exe, or a fake?

The scan reports that that its PID is 1636, and if I do a netstat I see that PID 1636 is talking to Alexa on several high ports. Good thing I have Alexa and other corporate spyware sites pointing to 127.0.0.1 in my hosts file.

Looked up the equivalent of kill -9 in Windows Vista, it is KILLTASK. Trying to kill 1636 gives me an ‘access denied’ even in an elevated session. Thanks Microsoft: you corporations always seem to stick together.

Please advise.

PUP is not a virus, but Possible Unwanted Program

but yes strange it would say that about its own file…
Test suspicious files at virustotal.com

Thanks Pondus, I searched my hard disc for any instance of AvastSvc.exe, no such file.

Is this an Avast asset, or just some 3rd party product that communicates with Alexa, and named to look like a trusted program?

Cheers,
Robert

PID is 1636 you have set Avast to scan memory… If you do that expect the unexpected

What is strange is that avast doesn’t scan for PUPs by default (mainly because of the confusion that it causes I believe), so you appear to have changed your shield/scan settings or as essexboy mentions elected to have avast scan memory in a custom scan.

The avastSvc.exe is the main avast process, controlling the shields, etc.

So, assuming this instance of AvastSvc.exe is the legitimate one… here’s the questions:

Avast sends data to Alexa?

What data? (E.g. url prefetch & scanning, site ratings)

Did you know that this allows Alexa to do data mining on my visited web sites and sent data?

Why take over so many high ports?

How can I turn this off?

Please advise.

Avast is not sending data to alexa. Avast service controls all out going data through a proxy to scan for any malicious activity hence if IE was doing that it would appear to be coming through Avast as as it is scanning it. So you need to look at the other net fronting programmes to determine what is doing it.

The only data sent to avast by the programme is details of suspicious files/websites but, only if you opted in to community IQ

There is a good explanation of that if I can relocate the link

Thank you kindly, Essexboy; I’m here to learn and learning a lot.

Will check on those items, and update the thread with what I find…