Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Avast "File Reputation Warning" for "am_delta_patch_1.205. ...

    I tried to post this as a reply - contribution to an earlier thread, but that thread is old and closed for comments.


    I get an Avast warning "File Reputation Warning" for files whose names start with "am_delta_patch_1.205. ..."


    The warning says that "very few people in the global community of Avast users have ever encountered this file, which makes it potentially suspicious."


    The are NOT digitally signed.


    Furthermore, my system is set to inform me of available Windows updates but not to download them automatically.


    I have had numerous different filenames trying to do this.


    Here is an example from this morning. It came 6 times:


    “am_delta_patch_1.205.1038.0_6b1a1e295a23978e6a7c6 4a938b9cdc64a938b9cd8bb 8c444c4.exe


    Origin: http://download.windowsupdate.com/d/...are/defu/2015/ ...


    Digital Signature: Not present


    Signed by:


    Downloaded by: C:\Windows\System32\svhost.exe”


    I really would like more information on this. I have no doubt that this is some kind of malware.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    I think it's a definition update for Microsoft Security Essentials: Found a strange file "AM_Delta_Patch_1.115.788.0.exe"

    See also a previous discussion on this forum here: am_delta_patch (as a result of the same Avast warning).

    But I don't know why yours would not be digitally signed; so if you want to make sure, submit it to VirusTotal.com.
    Last edited by BruceR; 2015-08-31 at 15:42.

  3. #3
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    As I said in my submission, it is not digitally signed AND it tries to get into my system without permission. All updates and definitions for MSSSE ask permission for my system.

    I read all the previous threads you mention and am not at all satisfied that they apply to my situation. However, I will check VirusTotal.com as you suggest (I never heard of that before, but it looks promising).

    Thanks.

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    Where do these files arrive? Is MSE getting updated?

  5. #5
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Exactly as described:

    Each attempt of the file to enter my system triggers an Avast "File Reputation Warning".

    MSSE is not set to update automatically and therefore does not update automatically.

    I thought I stated these things clearly in my initial submission.

    Thanks.

  6. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    Quote Originally Posted by Infti View Post
    Exactly as described:

    Each attempt of the file to enter my system triggers an Avast "File Reputation Warning".
    So the files never actually arrive on your system, because the downloads are blocked by Avast? (You said, "It came 6 times".)

    If the files never get downloaded, you won't be able to submit one or more to VirusTotal.

    Do you really need both Avast and MSE?


    Quote Originally Posted by Infti View Post
    MSSE is not set to update automatically and therefore does not update automatically.

    I thought I stated these things clearly in my initial submission.

    Thanks.
    You didn't mention Microsoft Security Essentials in your initial submission, and I think most people have MSE updating automatically even if Windows Updates are not automatic.

    Although I haven't used MSE for a few years, I didn't think it was possible to disable automatic updates at least once per day (unless you disable the Automatic Update service):

    Microsoft Security Essentials Update FAQ

  7. #7
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok: MSE, not MSSE is correct.

    The reason I did not mention MSE previously is that all the other responses said that these files are updates to MSE.

    I recently changed to a different system and it appears that MSE is not installed on this system. So I don’t know why I would be getting updates to MSE at all.

    I probably will install MSE and Windows Defender. I need all the protection I can get.

    Yes, AVAST intercepts these files and I choose to abort the downloads.

    I never knowingly download anything unless I know exactly what it is and have decided I want it. However, some undoubtedly get through. It’s a crazy world out there.

    For example, I get a lot of “Push” files from Doubleclick and I always reject those.

    It is a real shame that the computer world is dominated by criminals and sociopaths.

  8. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,162
    Thanks
    47
    Thanked 976 Times in 906 Posts
    You do not need multiple AV programs running, they can interfere with each other. Stick with Avast but run Malwarebytes Anti-Malware regularly and take care when browsing - as you seem to do.

    Doubleclick files are likely to be cookies and are harmless to your computer, they record browsing habits.

    cheers, Paul

  9. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    Quote Originally Posted by Infti View Post
    I probably will install MSE and Windows Defender. I need all the protection I can get.
    You can't have both:

    34. What about Windows Defender?
    Windows Defender (on Windows 7, Vista, and XP) provided spyware protection only. MSE provides protection against spyware, viruses, Trojans, worms, root kits, and malicious scripts. Therefore, there is no need for Windows Defender.
    • On Windows 7/Vista, MSE should disable Defender. If not, you should disable it.

    Microsoft Security Essentials Consolidated FAQ


    Quote Originally Posted by Infti View Post
    Yes, AVAST intercepts these files and I choose to abort the downloads.
    So I'm curious about how you know they're not digitally signed if they're never actually downloaded; Does Avast tell you that as well as them being potentially suspicious?

  10. #10
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you look at my first submission, you will see a sample. The notice says:

    "Digital Signature: Not present

    Signed by:"

    One other aspect of this that I noticed last night, is that these notices stall my internet connect until I respond by rejecting the downloads.

    I am nearly certain that it is malware. I am going to ask it about it on the Avast forum, which is what I should have done in the first place.

  11. #11
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I went to the Avast forum. Though I did not get a definitive answer, I am going to give you all a few urls which address this issue. I am going to pursue this on the Avast forum, which I think is the appropriate venue for this discussion, and so will not continue with this thread here.

    https://forum.avast.com/index.php?to...946#msg1214946
    has screen shot

    https://forum.avast.com/index.php?to...253#msg1233253
    has screen shot

    https://forum.avast.com/index.php?to...724#msg1238724
    has screen shot

    https://forum.avast.com/index.php?to...792#msg1085792

    https://forum.avast.com/index.php?action=search2
    a search for relevant threads

    If you want to pursue this, I suggest the Avast forum.

    Thanks.

  12. #12
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 648 Times in 571 Posts
    You said here " I have no doubt that this is some kind of malware." and there "there is no question that these attempted downloads are malicious.", but I don't believe that's true.

    If you don't want to trust Microsoft updates, you should uninstall Microsoft Security Essentials and disable Windows Defender.

  13. #13
    New Lounger
    Join Date
    Aug 2015
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    MSE is not is on my system and WD is not running.

    The last sequence of warnings was yesterday. There were only two. So this seems to not be happening any more.

    I am absolutely convinced that this was an attempted malware attack. All other explanations offered here appear to me to be completely unfounded guesses.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •