The "second" Avast installer is detected as a virus.

There are two online Avast installers:
The first one, released on 23 March: http://files.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
And the second one, released on 29 March: http://files.avast.com/files/custom/tpmo6552/online/avast_free_antivirus_setup.exe

I’m wondering why the Avast Team modified the original installer to create a second online installer is detected as a Trojan: https://www.virustotal.com/en/file/52f19f67d86d3b74504ce6902181888305b9182085dc2b213811f20a983378af/analysis/

That’s a false positive detection from Ad-Aware and MicroWorld.

The first link is the online STUB installer while the second is the full offline installer.

None of them contain a trojan…

I didn’t know the full offline installer has only 5 mb.

My mistake.

The second one is also an online installer and they both come from avast.

They are both digitally signed.

Ok, thanks. But why the Avast team modified the original online installer to create a second one?

I wouldn’t use the second one that you gave a link for, just look at the path, it is a ‘custom’ build so shouldn’t be used unless A) you know what has changed, the circumstances/reasons for the build and B) your situation matches the requirement for a custom build.

Only download from the regular locations as in the first link files.avast.com/iavs9x/.

“Unfortunately” I already ran the installer in the second link. I was also surprised to see that strange path, that’s I’m writing here. If you go to avast.com to download the free antivirus, you’ll see the download link won’t be “files.avast.com/iavs9x/” but “files.avast.com/files/custom/tpmo6552/”. That’s strange.

It is certainly strange - what build number does it show for the installation ?
The stub installer is a somewhat different case to the full off-line installation file, the stub installer would go and grab the latest avast version and start installing it. So in theory it should end up with 2015.10.2.2215 installed.

I would never use the on-line installation file, if you had another AV installed you should uninstall it or you could have conflict issues. If you did uninstall it, then effectively you would be going on-line without protection whilst you install avast.

Hi,

there is no need to panic, since you are downloading it from us :wink: We use multiple servers to distribute the traffic.

Cheers,
B.

I think the Avast Team created this new online installer to collect more data about us.

Info from virustotal “Behavioural information”:

HTTP requests URL: http://www.google-analytics.com/__utm.gif?utmn=1408625137&utmac=MO-1405551-23&utmwv=4.4sh&utmp=view%2Ffa-2015%2Fenvelope4&utmcc=__utma%3D999.999.999.999.999.1%3B&utmvid=0x5b16e914b098a8ff&utmr=- TYPE: GET USER AGENT: Avast SimpleHttp/3.0 DNS requests www.google-analytics.com (216.58.211.78) TCP connections 216.58.211.78:80 UDP communications 23.99.222.162:123