Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast Setup file showing Malware in VirusTotal


  • Please log in to reply
29 replies to this topic

#1 nparab

nparab

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 January 2016 - 05:05 AM

I downloaded the Avast Setup file from the Avast.com website for my newly upgraded Win 10 machine machine yesterday. In Microsoft Edge, it was showing corrupt or invalid signature after the download (~4.8 MB). So I downloaded it via Chrome, which gave no errors but a much smaller file size (31KB). But just to be sure (because of the discrepancy in file size) I did a check on VirusTotal. and it showed about 6 antiviruses showing Trojan or Malware, but only in the smaller file downloaded via Chrome (attaching screenshot at this link: https://www.dropbox.com/s/49vn553w5ymhxng/VirusTotalAvast.jpg?dl=0).

 

What does this mean? Does this mean that the Avast.com website has been hacked or something? Why the two different file sizes? Or are Virus Total analysis showing false positives? I have Malware Bytes Anti Malware installed on my PC and it showed no malware. Windows Defender shows no threats. So, I'm confused now. I need to install Avast, as (alongwith virus protection) it gives real-time protection from malware in the free version (and I don't trust Windows Defender for protection), but I'm scared to install it from either of these setup files. What should I do?


Edited by nparab, 22 January 2016 - 05:10 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:23 PM

Posted 22 January 2016 - 06:14 AM

I downloaded the setup file for Avast Free in Google Chrome - the complete file is 4.8MB in size.

My guess is that the download from your Chrome is corrupted.

#3 Hauberk

Hauberk

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 PM

Posted 22 January 2016 - 06:30 AM

direct download can not be trusted may it got infected, and direct link can get infected any time so its not very good. but its ok some times. torrent are safer why some site recommended to download thru torrent files on there official websites. what you have download is a infected or anther file which is infected. but ever time you download be sure it safe. and re downloaded if it doubted file like your have downloaded. and what really happed to your file when you try to download on Microsoft edge is maybe you use WIFI and it have a little disconnect on way to your PC or a problem on you network. ...

 

I downloaded the setup file for Avast Free in Google Chrome - the complete file is 4.8MB in size.

My guess is that the download from your Chrome is corrupted.

That true i have downloaded and it was fine...


Edited by Hauberk, 22 January 2016 - 06:38 AM.


#4 nparab

nparab
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 January 2016 - 06:43 AM

I downloaded the setup file for Avast Free in Google Chrome - the complete file is 4.8MB in size.

My guess is that the download from your Chrome is corrupted.

 

Well, actually, I did a stupid thing before I uploaded the Chrome file on VirusTotal for checking (which was an afterthought). I ran it. It ran properly and said it was downloading Avast files. But I aborted it at the last minute where it said install. So the file is not actually corrupted. And I now think my computer might be infected. And I tried downloading in Firefox too. It shows the same smaller file (31 KB).


Edited by nparab, 22 January 2016 - 06:45 AM.


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:23 PM

Posted 22 January 2016 - 07:05 AM

direct download can not be trusted may it got infected, and direct link can get infected any time so its not very good. but its ok some times. torrent are safer why some site recommended to download thru torrent files on there official websites.

Quite the contrary... direct links are usually the best way to get software, and torrenting is a security risk.

:step3: Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious wormsbackdoor TrojansIRCBotsBotnets, and rootkits spread across P2P file sharing networks, gaming and underground sites. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show file extensions - Why you should set your folder options to “show known file types”.

Best Practices for Safe Computing - Prevention of Malware Infection

Well, actually, I did a stupid thing before I uploaded the Chrome file on VirusTotal for checking (which was an afterthought). I ran it. It ran properly and said it was downloading Avast files. But I aborted it at the last minute where it said install. So the file is not actually corrupted. And I now think my computer might be infected. And I tried downloading in Firefox too. It shows the same smaller file (31 KB).

Is your internet connection okay?

Edited by Sintharius, 22 January 2016 - 07:07 AM.


#6 nparab

nparab
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 January 2016 - 07:47 AM

1. Yes, I try to avoid torrents for downloading software. That's why I want the legit (but free) version of Avast (from their official website) which offers real-time malware protection.

 

2. My internet connection seems to be okay. It's showing 1 Mbps download speed in SpeedTest.net. 


Edited by nparab, 22 January 2016 - 09:23 AM.


#7 Hauberk

Hauberk

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 PM

Posted 22 January 2016 - 07:49 AM

 

direct download can not be trusted may it got infected, and direct link can get infected any time so its not very good. but its ok some times. torrent are safer why some site recommended to download thru torrent files on there official websites.

Quite the contrary... direct links are usually the best way to get software, and torrenting is a security risk.

:step3: Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infested with malware according to security firm Norman ASA and many of them are unsafe to visit or use. Malicious wormsbackdoor TrojansIRCBotsBotnets, and rootkits spread across P2P file sharing networks, gaming and underground sites. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. If you must use file sharing, scan your downloads with anti-virus software before opening them and ensure Windows is configured to show file extensions - Why you should set your folder options to “show known file types”.

Best Practices for Safe Computing - Prevention of Malware Infection

 

That 5 years old, but i don't talk about time. i talk about truth, three more then 12,000,000 users (12 millions and more) on bittornet only and other programs can not be counted. I said official websites, not random sites. and you download torrent random sites e.g: torrent which user control and upload infected files. and encrypted servers on it. and low ranks sites. torrent have good and bad side and there no doubt about and that is true in life as well. and download files at your won risk in not official and untrusted sites... i hope people know the un know and hope that post get updated or newer post be posted. this the true. if is not safe why 12 millions use it in one program only. its only been blocked in some country because it illegal in there location which the torrent file had cracks files. ... but some users crack there own apps and games and share it and its completely Legal in life but in some location is not. and i hope miss understand and lies rumors and foolish dis appear.


Edited by Hauberk, 22 January 2016 - 07:52 AM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:23 PM

Posted 22 January 2016 - 07:49 AM

Can you try downloading another legit software (from Bleeping Computer, maybe) and see if it occurs again?

Edit: Cracked software is never legal - it's piracy, which is in essence stealing from the software makers. Malware is just the icing on the cake.

Edited by Sintharius, 22 January 2016 - 07:54 AM.


#9 nparab

nparab
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 January 2016 - 07:53 AM

Can you try downloading another legit software (from Bleeping Computer, maybe) and see if it occurs again?

 

I already installed legit software like Firefox, Chrome, MBAM, MBAE. It's a new upgrade of Windows 10 (I chose the "Keep personal files only" option in the upgrade, so previous apps or settings were not carried over). I'm reinstalling my required software applications one by one. MBAM, MBAE, Avast & Chrome were the first. I installed Firefox only to test the Avast thing. But I'll try downloading from Bleeping Computer too. And also do a VirusTotal test on all the other setup files and post the results here.


Edited by nparab, 22 January 2016 - 08:07 AM.


#10 nparab

nparab
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 22 January 2016 - 08:51 AM

Ok. Here's the roundup of my VirusTotal scans:

 

I checked the setup files I had previously downloaded for Firefox, MBAM, MBAE & Chrome on VirusTotal.com and it showed all of them without any threats.

 

Then I downloaded setup files again for Chrome (via Edge browser like the first time), Firefox, MBAM, MBAE (through Chrome) and for Avast (through Firefox this time).

 

All of them were without any threats except the Avast setup file (this time downloaded through Firefox not Chrome, size 31 KB). This time it showed 4 malware / trojans. Attaching screenshot at this link: https://www.dropbox.com/s/yv8uzjdt7f7r6vc/VirusTotalAvast_Firefox.jpg?dl=0

 

Then I downloaded 2 legit softwares from BleepingComputer. Zemana AntiMalware & Rem-VBSworm (via Chrome). The Zemana file (4.8 MB) showed 1 threat. Attaching screenshot at this link: https://www.dropbox.com/s/g234b5y12ak5y2c/VirusTotalZemana.jpg?dl=0

 

Edit: One more thing to add: When I try to run the Avast setup files downloaded through Chrome, Firefox & also Edge (even the bigger 4.8 MB file) WIndows Smartscreen gives me a warning: "Windows SmartScreen prevented an unrecognized application from starting. Running this application might put your PC at risk."

 

In "More Info" it says:

Application: avast_free_antivirus_setup_online.exe

Publisher: Unknown Publisher

 

If I click on "Run Anyway", in the User Account Control dialog, it says "Verified Publisher: Avast Software a.s."

 

Edit 2: My copy of Windows 10 is not cracked. It is genuine, downloaded and activated via the Windows 10 Media Creation Tool. I try to avoid v.much cracked software. That's why I want the legit (but free) version of Avast (from their official website) which offers real-time malware protection. Otherwise I could have just as well have installed a cracked anti-virus with premium features.


Edited by nparab, 22 January 2016 - 09:50 AM.


#11 Hauberk

Hauberk

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 PM

Posted 22 January 2016 - 09:59 AM

Edit: Cracked software is never legal - it's piracy, which is in essence stealing from the software makers. Malware is just the icing on the cake.

 

It's piracy for good. as i said there bad and good in life as well piracy. they crack the games and apps to happy others cant pay it or reach it etc, etc, etc and app for to get help in people life, work and for their self. and not sell cracked software which cost less the original and not use a cracked software for a company and make money from it and not use cracked software on their produces and their workers. etc, etc. but you words and sentences not make any sense. (please be sure before you talk and tell others things that not true or not near it) i have an answer for you, companies make their produce cracked and share it, to get famous. as anther example there some company pay for piracy their website and pay for them when done of that and show the error in the website(used for good and equal in same time they both win e.g: news; google website has been hacked, and they get famous...). and crack their produce for other people to be famous(this a equal example they use to be famous good for them and share it to people bad and good for people because they get it free but the company fool the country ​and law for their goods). if you have a question ask me and if more than one ask either. and please don't miss understand there good crackers just happy they people and bad crackers just Mining programs with ads and viruses and adware etc. ...


Edited by Hauberk, 22 January 2016 - 10:30 AM.


#12 Hauberk

Hauberk

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 PM

Posted 22 January 2016 - 10:48 AM

Ok. Here's the roundup of my VirusTotal scans:

 

.......

 

Edit 2: My copy of Windows 10 is not cracked. It is genuine, downloaded and activated via the Windows 10 Media Creation Tool. I try to avoid v.much cracked software. That's why I want the legit (but free) version of Avast (from their official website) which offers real-time malware protection. Otherwise I could have just as well have installed a cracked anti-virus with premium features.

 

Use a bootable antivirus rescue disk if you can't remove any virus that don't let you download a anti viruses or use the anti viruses that one of sing of exiting viruses on you current system. you can use another system to remove it but i recommend use a bootable antivirus rescue disk.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 22 January 2016 - 11:10 AM

Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free.

avast! download/Installation files links are available from...Alternate avast program edition (setup online installers):Important Note: You need to be ONLINE during this installation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 hamluis

hamluis

    Moderator


  • Moderator
  • 55,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:23 AM

Posted 22 January 2016 - 11:51 AM

To Hauberk:

 

Posted Today, 08:59 AM

 

It's piracy for good. as i said there bad and good in life as well piracy. they crack the games and apps to happy others cant pay it or reach it etc, etc, etc and app for to get help in people life, work and for their self. and not sell cracked software which cost less the original and not use a cracked software for a company and make money from it and not use cracked software on their produces and their workers. etc, etc. but you words and sentences not make any sense. (please be sure before you talk and tell others things that not true or not near it) i have an answer for you, companies make their produce cracked and share it, to get famous. as anther example there some company pay for piracy their website and pay for them when done of that and show the error in the website(used for good and equal in same time they both win e.g: news; google website has been hacked, and they get famous...). and crack their produce for other people to be famous(this a equal example they use to be famous good for them and share it to people bad and good for people because they get it free but the company fool the country ​and law for their goods). if you have a question ask me and if more than one ask either. and please don't miss understand there good crackers just happy they people and bad crackers just Mining programs with ads and viruses and adware etc.

 

 

The subject matter submitted by the OP...has nothing at all to do with piracy or illegal software.  The website position on such has already been pointed out to you.  Refresher course, per excerpt from the Forum Rules:  "No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences."

 

I suggest that you focus on the subject matter contained within this topic...contribute if you have something pertinent to discuss...and move away from your chosen apparent inclination to discuss piracy in a topic initiated by a fellow member.  If you wish to start your own topic, feel free to do so, knowing that such will not be allowed at this website.

 

The OP came here for malware assistance...which others are trying to provide.  I suggest that you focus on what's pertinent in that arena and cease providing your personal views on piracy and such.

 

Louis


Edited by hamluis, 22 January 2016 - 11:53 AM.


#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:23 PM

Posted 22 January 2016 - 11:57 AM

What happens if you try to launch the smaller file (since the 4.8MB one is the legit installer)?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users