a few weeks ago i used avast’s software updater to update Flash, Java, etc… on the next bootup my firewall blocked “upgrdl.exe” which is part of “ctrestrt.exe” written by Absolute Software corp.
i’ve found several references suggesting these are spyware, but most AV’s (on Virustotal and other multiscan sites) do not flag them as malware. anyone here know what these executables do & if they’re malware or not. i currently have “upgrdl.exe” blocked, but it tries to run quite often.
Also - Avast file scan last month found Conduit files on my PC after doing updates with Avast’s software updater. i was assuming all the extra crap Adobe and others try to dump on you would be avoided using Avast’s software updater - is this not the case?
Please ATTACH your MBAM, FRST.txt, and aswMBR.EXE logs to your next post. After posting your logs, do not make any changes to your machine until a malware specialist comes along to assist you in this forum. Please be patient since they come on the forum at different times. Thank you.
all files are in Windows/SysWOW64 folder and also rpcnet.exe is in autoruns in Online Armor set to ‘allow’
comments at the link above state these files are part of Lojack, a product of Absolute Software corp used for tracking stolen laptops, but i have not installed this product.
also no sign of ctrestrt.exe anywhere that i can see - so my first post may be wrong
Thank you for posting your logs. Do not make any changes to your machine at this point until a malware removal specialist assists you. They come on the forum at different times, so please be patient.
Did Avast put anything in the Virus Chest prior to you doing these scans?
Avast virus chest is empty. However, i thought the ‘conduit’ files found last month should be in there. They were identified as a PUP during an Avast file scan and quarantined as i recall - are files deleted from the chest automatically after a set time?
“Get back what’s yours. Absolute LoJack’s theft recovery software for laptops, smartphones and tablets can withstand a factory reset, installation of a new OS, even a complete hard drive replacement. In every instance, the software rebuilds itself and provides a constant link between owner and machine”
Any comments on what to do with the Lojack files? i’ve blocked rpcnet.exe from autoruns in Online Armor to see if that stops upgrdl.exe from trying to run all the time.
Also any comments on using Avast Software Updater for Flash, Java… updates - does any of the bloatware/malware that normally needs to be ‘unchecked’ when updating manually get downloaded?
Pondus - thanks for the recommendation - looks useful. i just read a few reviews saying it doesn’t work with web based installs though - like Flash. Anyone use Avast software updater for Flash etc… any problems?
are all Lojack files and can be disabled by selecting ‘deny’ for ‘read & execute’ in the security tab of the file properties - or by blocking them with a firewall. the only way i’ve read of people successfully getting rid of these files is to call Absolute Software and ask them to remove the files which apparently they’ll do if you can prove you own the laptop.
Lojack is supposed to be disabled until you purchase a license for it, but my firewall was constantly blocking them from calling out. apparently information on location and installed apps is sent out on every boot regardless of whether you have a license or not.