Avast.SetUp accesses www.WindowsMedia.Com

Hello People–

I run LimeWire; and I occassionally execute downloaded files which pose as [.MP3] files, but are actually a type of script-containing audio file that is
exploited by MalWare. Avast seems to catch these files immediately (when I try to play them), and I send them the the virus chest.

My system seems to be infected anyway. My ZoneAlarm logs (ZoneAlarm is a popular firewall) show repeated attempts by different programs (mostly WmPlayer.exe [Windows Media Player], but also spoolsv.exe, ftp.exe, and hh.exe) to access the internet. Reverse IP lookup shows that the targetted sites are typically associated with the recording-industry (or else WindowsMedia.Com). To date, ZoneAlarm’s logs show that it has blocked all of these attempted accesses.

But yesterday, ZoneAlarm’s log showed that one had slipped through. It got through because the access was executed via Avast.Setup (which is in the “trusted” zone). Avast.Set SHOULD NOT be sending data to www.WindowsMedia.Com. But it did.

I had re-downloaded and re-installed Avast just last week (because it was acting funny). I declined to do that again. Instead, I executed “repair” via the , <Add/Remove Programs>, <avast! AntiVirus> entry. Don’t know if Avast “repair” validates-and-replaces corrupted Avast files or not. Will it???

Persons in a similar situation might want to watch out for MalWare using Avast.Setup as a vehicle of trusted internet access.

I would have to question this as avast.setup has no means of connecting to anything other than the avast download locations as indicated in the servers.def file.

Since avast version 4.8 there has been a self-defence module in avast that should make it very difficult for other applications to delete/modify or disable avast or its files.

I would look to different tools as I personally don’t feel ZA is the sharpest tool in the bunch if it was a half decent firewall (see below) it would detect changes in a file and challenge it for its access to the internet.

See http://www.matousec.com/projects/firewall-challenge/results.php.

  • Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

Which was the avast.setup file folder location?

Yes, it will repair.