arpproducticon.exe is flagged as high risk spyware

Viruses and worms
1

Using Avast v5, I keep getting C:\windows\installer[classID]\arpproducticon.exe as a high risk Win32 Gen-Spy. Does anyone have recommendations for what to do with it?

Thanks,
p.

2

Upload to VirusTotal www.virustotal.com when you have the result, copy the URL in the addressbar and post it here

3

Sorry, logging was turned off and it’s already in the chest.

4
  • avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*

That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.

5

Ok, thanks, that worked (though it took a few times before Exclusions kicked in).

First time I’ve used TotalVirus. Here’s the resulting url: https://www.virustotal.com/analisis/3987fce297c9e9115976d659a9eda858c189c527c2e7affcd242689b817c60ef-1265416522

It says that no programs found it dangerous. Why then is Avast flagging this. My heuristics are set to Normal.

Also, in the future, should I use Avast’s “Submit to virus lab” function? And, is there a way to Ignore a false positive, so it can be left in place?

Thanks,
p.

6

Firstly VT is still using a special build of avast 4.8, so that may be the difference.

You shouldn’t use the send to avast labs without first having checked it out, that keeps the flow of such submissions down and hopefully speeds up analysis/correction, etc.

This one however should be sent to the labs as a possible false positive you can include a link to this topic and the VT results in the info dialogue box of the submission process. That way they they also have some reference points which should also speed things up. Periodically scan the file from inside Chest, after VPS updates, when it is no longer detected you can Restore the file/s to the original location/s.

There is no direct single click Ignore route as it is considered to risky if accidentally used on a virus, so it is the exclusions route. Program Settings, Exclusions and the File System Shield exclusion (below).

  • In the meantime (if you accept the risk), add it to the exclusions lists:
    File System Shield, Expert Settings, Exclusions, Add and
    avast Settings, Exclusions
    Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
7

Ok, thanks for that insight, David. I’ve submitted it. I’ll wait a bit before I attempt to Restore the prog.

Best wishes,
p.

8

You’re welcome.