Solved AS_Delta_Patch installed

[BreanneS]

Hello, as a precaution I've decided to ask here just to be safe. So I recently turned on my computer and after a few minutes I saw a strange process running in the background. I opened its location and it's claiming to be part of Windows. The file name is AS_Delta_Patch_1.39.510.0.exe and is located in windows/SoftwareDistribution/download/install. What is going on? It's a very recently created file and I can't find any results online to confirm its harmless? I go into properties and it seems to be signed by Microsoft? But they stopped supporting windows 7? Also all other results I find when I search AS_Delta_Patch I get a different version number or AM_Delta_Patch as a result instead? Can anyone confirm this is a harmless file? File description says Microsoft Antimalware WU Stub. Yeah, under digital signatures it has Microsoft listed. It's size is 1.75mb. File version is 1.329.689.0

 

[billmcct]

I find various versions reporting to be part of MS anti-malware definition updates.

MS is still updating their security software after EOL.

 

[BreanneS]

Oh ok thanks for the clarification!

 

[Alejandro85]

I can't speak for that file in particular, but as a general note, a digital signature is a strong indication of a program's origin. Those are specifically made to be extremely difficult to forge and can be trivially verified for authenticity, so an exe with a signature from Microsoft is very likely to really come from Microsoft and not anyone else, and that the file hasn't been tampered with.

 

[file3456]

When you encounter stuff like this, right click the file and copy/paste to the desktop. Now go to Virus Total and upload it there. That'll give you a pretty good idea on whether it's malicious or not.


Some interesting tidbits about Virus Total.

1) They use at least ~70 different anti-virus engines. Thus it is possible to not only spot a sneaky malware file, but also get a false positive. Depending on the type of file, a count of four hits would probably be a malicious file. Again, it depends on what you got there.

2) Virus Total is owned by Google.

3) Every file you submit can be downloaded and analyzed by other people or companies. I wanted to see who was doing the downloading/analyzing so I uploaded something called a canary token laced PDF. What that did was if someone opened the PDF I'd nab their IP address. The top two hits for countries I got that opened that PDF were, 1) China and 2) Russia.

If you need to locate something fast, give Everything.exe a try. In fact, when you launch Everything it'll by default list all files recently modified in a list in time hierarchy. Downloads - voidtools

You might be interested in a program called FreeFixer. It does NOT do what you may think. It will list all the modules (for lack of the right word) that are in your system and you can click the supplied URL to get Info. on that module. Subsequent runs of FreeFixer will let you know of new modules added to your system since the program was last run. This can help narrow done just the potential juicy stuff. FreeFixer

Something else you can do. Use the program HashCalc, drag and drop the suspicious file onto HashCalc and you'll get a SHA256 hash. Actually, it'll produce many hashes, but you want the SHA256 hash. Now copy/paste that hash into the Virus Total search facility and it'll give you Info. if they have it. SlavaSoft HashCalc - Hash, CRC, and HMAC Calculator

Need a second opinion? Try Sanity Check. You can download that here: Resplendence Software - Free Downloads