Hi everyone, I wanted to ask you if what Avast found is a false positive or not, there is probably another program that has modified the files, what do you suggest I do?
It is best to attach images to the post, many won’t visit unknown 3rd party site/content.
- Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include ‘Attachments and other options’. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.
sorry, I thought it looked good but you have to click the link to see the screenshot, it was a site for uploading images, nothing dangerous, anyway I uploaded the image
I wanted to ask you if what Avast found is a false positive or notUpload detected file to www.virustotal.com and find out
Post link to scan result here
thanks, it seems to me that avast has quarantined it, so to upload it to virus total I should remove it from quarantine? :-\
What was the link to the VT results ?
I would leave it there for now where it can’t do any harm.
The process that triggered the alert looks somewhat strange, is that known to you ?
Whilst it isn’t unheard of for MicrosoftApps to communicate with the internet, this path to the HrTxr.exe looks strange at the very least. Do you use any Microsoft communication apps ?
EDIT: I didn’t read your reply very well I thought you had uploaded it already, presumably yo only have the HrTxr.exe file in quarantine. If so don’t restore it back to its original location or whatever triggered it could do it again.
Go to the Quarantine and hover the mouse pointer over the entry - that should display a trash icon and three dots, this gives other options, don’t use restore and add exception (or next time it wouldn’t be blocked). Create a temporary folder anything really, but a name which would make it obvious what it is, Temp-Quarantine, somewhere you can easily find it. Add that location to the Avast exceptions so it doesn’t alert when you sent it there, use the Extract option. See attached image.
Now you should be able to upload it to Virus Total.
Thank you for the time you are dedicating to me, if I use Microsoft communication programs? no I don’t even use Outlook, I enter Outlook from the web, I have very few programs active in the background, now I’ll try to follow what you told me to extract the file safely from quarantine and upload it to virus total
The best way to post the VT information is using the link to the results (and post it in the post) as it allows us to look at the different sections.
It wouldn’t be the first time that malware has taken advantage of/misused an MS function to gain access to the internet. As many would consider such connection legit.
See this information - https://answers.microsoft.com/en-us/windows/forum/all/what-is-hxtsrexe-in-windows-10/19176b3a-98d9-4a7b-aaff-6a1d4d7c9d0e - whilst this is old it is still valid that it is being misused. Hopefully with that script .html file is in quarantine, this won’t happen again.
Whatever, initiated this html file being created and run by the MS app, isn’t known and it could happen again. So it may be worth running an Avast scan of your system.
sorry I didn’t realize I could share the link https://www.virustotal.com/gui/file/bfe0fed6955b0e2ea332a1e1f4c917c91be51bd16a96e9a8228a8f3d06ba9b74/detection
Seems to be a correct detection, and in one hour it is up from 15 to 16
Not a problem, using the forums for a first time can be a little daunting.
Links to the VT results are fine, as they help with analysis, links to unknown sites/content somewhat different.