Strange exe in Windows\Temp - AVAST related?!

Avast Free Antivirus / Premium Security
1

A couple of days ago, I got an unpleasant surprise: my firewall alerted me of a file in C:\Windows\Temp, cal, but then the led .exe that was trying to go online. I went to the folder and saw the file, but then it disappeared. I think that you can understand when I thought “Infection!”

I manually checked all running processes, services and startup items and I did a scan with Avast, but nothing was found, and for a day or two, there were no new anomalies. Well, until tonight. This time, I was faster, though, and I managed to make a copy of the file before it self destructed. Well, the encouraging, but strange thing is that it seems to be Avast related. So can anyone tell me what this is and hopefully put me at ease?

http://img.photobucket.com/albums/v302/IvanV/Razne%20tehnicke%20stvari/whaaa.png

2

It could well be the avast Emergency Update Checker (introduced in avast 7), as I believe that creates such a file name in temp whilst carrying out the check to see if there is an emergency update present.

Avast! Emergency Update - see Vlk’s brief explanation, http://forum.avast.com/index.php?topic=99540.msg794105#msg794105.
And

3

Thank you, DavidR! :slight_smile: I checked the timestamp of the file with the last run time of the Emergency Update task in Task Scheduler and they are a match! That lifted a weight off my chest. :slight_smile:

EDIT: If it was introduced in version 7, it’s strange that I’ve never seen it before updating to version 8. But I guess that it doesn’t really matter.

4

You’re welcome.

The majority of user will probably not notice it, I know it happens, but I haven’t gone checking. My firewall hasn’t notified me of it either, but I have allowed the AvastEmUpdate.exe which would create this file.

5

Same thing here…one both Win7 and XP machines, Online Armor questioned about 3 weird .exe files like :

92d1d255-f490-4c4a-90ca-1e19926aea5f.exe, 0.0.0.0, (0.0.0.0)
C:\Windows\TEMP\92d1d255-f490-4c4a-90ca-1e19926aea5f.exe Hash(MD5): D10A35D060D7164FFFE2CD7195EEA2DF

This happened after I upgraded to V 8. I opened file location and I saw one of them was in the Avast directory.

Ran MalwareBytes full and Avast full, no infection.

6

From version 8,two fixes have been installed,the latest yesterday.in normal .are fix downloaded of avast emergency update.firewall of avast authorize rules for this fixies

7

I received 2 alerts on new application rules allowing these two Avast programs. They also show up under AIS Firewall Application Rules under an avast grouping different than the Avast Software main group. I wouldn’t have gotten the alert except for the fact that I had an option ticked to alert on new firewall rules. Avast already knows they are ok. ;D