avast

Malware _____________________________________________________________________

C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Size . . . . . . . : 671,936 bytes
Age . . . . . . . : 76.3 days (2015-12-03 08:03:35)
Entropy . . . . . : 6.6
SHA-256 . . . . . : AC4FD796792192FC2DDDF0B0FCBF9E941FEFB764F566380683416A2CD20073C1
Product . . . . . : Avast Upgrade
Publisher . . . . : AVAST Software
Description . . . : Avast Settings Backup
Version . . . . . : 10.3.0.54
Copyright . . . . : Copyright (c) 2014 AVAST Software
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : DeepScan:Generic.Malware.PV!Pk.813A1D5A
Fuzzy . . . . . . : 87.0
Startup
C:\Windows\system32\Tasks\AVAST Software\Avast settings backup

This forum is not a psychic medium where we look in a crystal ball

If you have a problem, explain it

Hello,

I have the same thing.
Here is what happened to me yesterday: I got a message (I assume now falsely from avast) saying to update avast. I have clicked on it and it created a new Firefox shortcut on my pc and pinned it to the taskbar.
Then it opened a similar firefox but it asked to add several addons like ‘update avast’ or something similar. Hopefully for me I did not accept the “allow addon install”. I closed Firefox and deleted the wrong shortcut on my windows taskbar and openned again the correct firefox. It has no strange addons installed inside it. :wink:

This morning hitmanpro tells me :

[i]"Properties
Name backup.exe
Location C:\Program Files\Common Files\AV\avast! Antivirus
Size 656 KB
Time 76.6 days ago (2015-12-03 17:43:19)
Authenticode Valid
Entropy 6.6
Product Avast Upgrade
Publisher AVAST Software
Description Avast Settings Backup
Version 10.3.0.54
Copyright Copyright (c) 2014 AVAST Software
RSA Key Size 2048
LanguageID 1033
SHA-256 AC4FD796792192FC2DDDF0B0FCBF9E941FEFB764F566380683416A2CD20073C1

Detection Names
Bitdefender DeepScan:Generic.Malware.PV!Pk.813A1D5A

Scoring (87.0)
One or more antivirus vendors have indicated that the file is malicious.
Program starts automatically without user intervention.
Program is code signed with a valid Authenticode certificate.
The file appears to be part of an installation package or setup program. This is typical for most programs.

Startup
C:\Windows\system32\Tasks\AVAST Software\Avast settings backup"[/i]

I try to scan the folder “C:\Program Files\Common Files\AV” with Avast and it found nothing !! ;(
I also scanned my pc with malwarebytes and nothing came.

I don’t what to do to remove it properly !
Thanks in advance :wink:

edit: here is what virustotal says :
https://www.virustotal.com/en/file/ac4fd796792192fc2dddf0b0fcbf9e941fefb764f566380683416a2cd20073c1/analysis/

It seems to have been a False Positive in Bitdefender engine ( all AV using Bitdefender engine detected it yesterday) now there is only AegisLab left

file belongs to avast

[b]CopyrightCopyright (c) 2014 AVAST Software[/b] [b]Product Avast Upgrade[/b] Original name Backup.exe Internal name Backup File version 10.3.0.54 Description Avast Settings Backup Signature verification Signed file, verified signature Signing date 11:59 PM 2/5/2016 Signers [+] [b]AVAST Software a.s.[/b] [+] DigiCert High Assurance Code Signing CA-1 [+] DigiCert Counter signers [+] DigiCert Timestamp Responder [+] DigiCert Assured ID CA-1 [+] DigiCert

False Positives can be reported here >> http://www.aegislab.com/Support/

How to report FP >> https://forum.avast.com/index.php?topic=14433.msg1260414#msg1260414