Avast found Processguard as a virus !

I booted my computer, but before logging in to my user account I disconnected my cable modem.
When I logged in Avast reported of having been updated???
Ands reported what is shown in the picture, about a trojan Hupigon-KM !!!

And disabled PG free user interface from running.
The PG protection is though still on.

From Jotti scan, no one else found nothing.

What is going on?

Jarmo

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won’t be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions)

Thanks David, there is Customize/Add button, but no browsing in Standard Shield to find a file in home edition, so I leave it undone. Not going to write some crazy paths by hand.

If Jotti shows it as a positive, as definately avast found that as shown in pic, was it because the information I had a virus was sent to Avast and they flagged it as such?

I believe my database update was somehow corrupted cause I unplugged my cable in the middle of the process vast was updating. It happened anyways before I logged in.
So could it have been any windows file, even some system one that could have kept my computer from rebooting to windows, something as bad as that?
This is really really worrying me now.

I could not understand what you told me about password protecting the zip, it is needed. Your words were a bit unclear or then my mind, heh. I first of course tried to send it to chest, but PG did not allow :slight_smile:

I tried to download the current antivirus update also from avast web site.
It told me I already have the latest update.
Rebooted, still trojan found :frowning:

EDIT
Oh I understand, you were trying to tell me a passwrd to zip, lol.
I run no 3rd party zip programs in my current install and PG seems not to allow me to send it to a compressed file. My XP is in finnish language, so i cannot be more specific.

To avast antivirus analysts since I am unable to send you the zip file, I am running PG free 3.410, that should be the latest version there is.

Yeah, we asked Igor this in the past… a browse buttom is missed there ::slight_smile:

Can you rephrase? Jotti send samples to antivirus companies that do not detect them and have a possibility of being really infected, not false positive.
Jotti helps (try to) with underdetection rate.

If the update process get corrupt, a new one should correct it. I don’t think system files are involved here…

From Chest it’s not needed. But from mail, if it is scanned by avast, then without zipping it with password will avoid the mail to leave your computer.

I think Alwil should be able to manage this without your sample… it’s a public program that could be downloaded…

Thanks Tech for your reply :slight_smile:
Much missed that button it seems, not that it would make any real protection but in cases like these. I never had any real virus infection, not I think even now, but if a false positive, should be more easy to exclude a file.
I guess I just keep waiting for the new update for antivirus database.

Strange that no one else has reported this, not in wilderssecurity PG forum or anywhere I have searched.

I tried to upload that file again to Jotti scan, that I trust. Not understanding your words exactly Tech though.
Got this white page reply:
“The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file”

Well, that file cannot be send to a zip, somehow protected.

So my conclusion is, my puter is owned?
I wait a few days still before reformat or any such drastic things. My cable modem is not blinking constanly and internet connection works well, but one never knows.

I hope there will NOT have a buttom on the virus message… people will mess things considering them as false positives… :stuck_out_tongue:

Jotti does not report to the manufactures ALL files submited, just the ones that have a high possibility of being infected.
They’re trying to help the antivirus to make their work better.
I mean, they don’t send samples of ‘false positives’. So Alwil does not receive a sample of this file from Jotti…
But I think they don’t need it after all…

No, I don’t think so.
Maybe you can’t zip the file because it is in use.

What you think of this Tech?

I tried to upload that file again to Jotti scan, that I trust. Not understanding your words exactly Tech though. Got this white page reply: "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

So it is some malware that keeps me doing another scan with Jotti?
I should trust that message and know I am no worth anymore, my PC is owned?

No. I think WebShield could be blocking the transmition of the file. The firewall or any other kind of http filtering tool could be doing the same.
I won’t take any bad conclusion from that message… 8)
Scan your computer (avast, ewido…), use avast boot time scanner… Be happy :slight_smile:

That warning was pretty drastic!

I rarely do scan my PC with avast, last time though was not much more than a week ago.
It is not my firewall for sure, kerio 2.1.5 works just nice, unless I am owned of course.
Getting really paranoid at this stage for any explanation.
So I do avast scan. Your explanation of webshield blocking jotti scan makes some sense i try to hold on to it.

Usually when we see this 0 bytes it is because the file is in the chest and is trying to be uploaded and is protected by avast. The other possibility is ProcessGuard’s self protection is somehow trying to stop the upload as well ?

You could download the latest version of the free PG and save to your HDD, uninstall the current PG and reboot, do another avast scan and if clean install PG.

I gave up on the free BG ages ago as it is so limited in the protection (number of items) that you can’t do any meaningful protection. You effectively can choose between your firewall or AV, even then it won’t protect all services, etc. I also found it to be an absolute pig to get rid of, protected registry keys, etc.

If the web shield was somehow intercepting then it would alarm I would have thought.

Tanks David and all others.
This internet has not caused me nothing but troubles.

I want to tell you all a story, about a woman I held to my heart and as a close friend. It was stupid, cause she can be reached in this site:
http://cams.com/p/cams/view.cgi?stream=DreamDoll&action=bio

She is Mihaela Macsim, from Bucharest romania.
One of her friends pointed me to a site some other, and I stupid maybe installed something in my computer, must have been a keylogger or any.
I “knew” her from march 03. Always in my yahoo messenger.

I found out she had a pimp to put her to that stuff, instead living with a brother.

Above very personal, but hope you don’t judge me too hard for loving a woman like that?

I did a boot scan, after that no avast alerts.
But everytime I do a reboot, now I get 2 dumprep alerts from XP.

David, PG now covers all processes, not just one. But as I am now, not recommending you any. No idea why 2 dumpreps everytime i log into windows.

Take care of you all, maybe last time I am posting here.

Jarmo

I tend not to judge others as you wouldn’t want them to judge you.

I didn’t know the free version of PG covered all Now, when I tried it it only covered 2 and one of those was itself. Not sure of I want to go through that level of security again. I much prefer to make an image of my hard disk partitions every week, plus daily data back-ups and if I have a problem, restore the last image and latest data back-up.

Unfortunately the dumpreps are much help to your average user, but there is a tool that can read the dumpreps, sorry I couldn’t find a link to it.

I don’t think it’s the WebShield blocking the file transmission (I think, though I’m not 100% sure, that WebShield scans only incoming traffic, not outgoing). I’d rather bet on Standard Shield.

Anyway, it’s a false alarm, of course - and will be fixed in the next VPS update. Sorry for the troubles.

Makes sense…
Sorry for the poor guess about being a WebShield provider problem…

thanks for your reply Igor, it was so much appreciated.

my words :slight_smile: i was like what the :wink: … but mistakes happens :wink:

I see that it will be fixed in next update, but just like to report same thing here, turned on both my computers and there is an Avast warning of trojan in ProcessGaurd, not nice to wake up to.
Big error boy’s, not a nice one, hpefully it will be fixed soon

hi
has happened to my pc -no process guard-infected!and will not let me access programme to do any thing
Question what do we do now?
wait till fix ,and will it let p.g work ok and let me access p.g?
uninstall p.g now and reinstall after fix?
any advice please.
cheers dean.m

I have also had this problem this morning on both computers. I re-installed on one and still had the same problem, and reading through this thread seems that it is a false positive. The file in question is Procguard.exe. This is in the full version.

Following the instructions given near the top of this thread it is quite simple to type in the path given in the Avast warning. Have done this and problem over.

Regards

David

I think you should let things be as they are and wait.

Normal scan did not let me put procguard.exe to chest, but a boot scan did. So there it stays until avast antivirus database is fixed.

PG works normally, prevents IE or other apps I have not given internet access without asking me. It is just the GUI file that avast flags as a false positive. Without a missing graphic user interface yoy cannot of course go and change the program rights, but basic protection still works :slight_smile:

We will see if there are no long term effects like needing to uninstall PG and install or such, but I suspect, the file needs just to be removed back from chest when database is fixed