Avast - Is This A False Positive?

Avast didn’t pick this up on previous 3 scans but did today on a scan. Did a new Definition update cause this? Is it a safe file or a virus like Avast is showing? I’m thinking its a false positive but I want to be sure. Thanks and below is the information.

Location: C:\HP\Bin Name: EndProcess.exe Avast 5.0 Pro picks it up as Virus: Win32:KillApp-W[PUP] on a full scan but when I scan just the file it shows OK.

Thanks

Brhokla

No it isn’t a false positive, you appear to have included the option to scan for PUPs (Potentially Unwanted Programs) and possibly didn’t know the impact of that choice. This executable is designed to kill processes so it can be used for good or evil and that intent/purpose isn’t something an AV can really decide.

The Full System Scan I suspect that you have changed the default settings as I mentioned and the right click scan has different settings.

Thanks, As I get use to the program more maybe this won’t be an issue. I appreciate your response.

No problem, glad I could help.

Given the files location, my guess it is part of the HP tools they load you could exclude this file from scans if you don’t want it continually detected.

Welcome to the forums.

I haven’t figured out how to exclude a file yet from a scan but I’ll soon enough have this figured out. Thanks again

Exclusion tab of settings…

You’re welcome.

Once you try as suggested by Tech, you will notice you can only exclude the folder in the initial selection. Once selected, in the screenshot posted by Tech, you can then edit the entry, changing the /* at the end of the exclusion path to /EndProcess.exe

I had the same exact thing happen to me two days ago.

As DavidR said, its a HP file.

excluding it works.

Sat

Thanks all, I got the issue resolved and in the exceptions list. Anybody have any clue when/why the boot time scanner for Win7 64 bit doesn’t work? Thanks

It isn’t that it doesn’t work, but that it is complex and hasn’t been introduced in 64bit versions of the OS. It is planned for inclusion in avast 5.1.

umm i just got this same thing and i delted it is that bad will it do something bad to my computer and if so how can i fix

Something like what, without the file name, location as given in the first post no one can say if it is bad or otherwise ?

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Got the same detection but in KillIt.exe for me there no EndProcess.exe strange. Also nothing in chest so i dont know maybe if you had send it to virustotal we could know if its a virus or no…

So… avast! can you fix that pup detection on the HP KillIt.exe… I would be mad if the real time caught it and move it to chest and destroy my pc.

Thank,
Mr.Agent

Thx Tech its a usefull way for avast! to got this. But i hope if they can correct it then that they will do it…

Edit : Wow look KillIt.exe detection http://www.virustotal.com/analisis/0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1275945232 That not normal that 6 scanners detect it why they dont correct the false positive… ?

There is nothing to fix, this is not really a false positive, it is a tool/program designed to kill applications/process, etc. depends on who/what installed or is using it (you/HP/malware, etc.), as it can be used for good or evil and avast can’t determine intent, ‘you’ have to decide if it is Unwanted.

Even if you did move KillIt.exe to the chest, it won’t destroy your PC as it is likely only to be used by HP if it is trying to do something like a restore, etc. It isn’t a system file.

Well PUPs are potentially unwanted programs, a term invented by MacAfee’s to keep them apart from general malware, these files can be classified as riskware and are malware only then when they have landed onto your computer unintentionally, so you have not installed the tool yourself or intentionally or it came bundled with another program or was placed there by a hacker for malicious purposes. It could be compared to a hammer, that can be either used to sculpt and beautify or to ruin and destruct. So you are the best judge as to exclude it or remove it and to decide on the status of it. The flag was only to warn you about the nature of the tool, executable, program, file…

polonus

what if deleted this item. I had the same hit and deleted. It is an HP computer?

It is gone then, depending on the actual location and file name ?
If it were in the recovery partition it may well be protected. (you would have to check and see if it is still in the original location).

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Yes I know, mouse sliped and clicked the wrong option and followed through ewith the action with out thinking. Can the file be found somewhere on the net do you know?

Not unless you have some deleted items recovery tool.

Since we don’t know a) what the file name was or b) where it was located, we don’t know if a replacement can be downloaded or if it can be restored to what might be a protected area.