I am working on a friends Laptop an HP Pavilion dv6000 running Windows Vista Home Premium. Well he had placed AVG AV on top of the expired Norton AV trial version already installed on it. So I uninstalled the Norton with their removal tool and AVG with Revo uninstaller and installed Avast Home Edition, ZoneAlarm 8.0 and SUPERAntiSpyware .
Now Super found three other things supposed Trojans and someone going by screen name SASServices saw SUPER’s log and had me restore them run another scan with SUPER and report those three as false positives and restore them.
Well, Avast found 3 of what it is calling Adware. Are these false positives also? Can anyone help me on this? I would greatly appreciate it!
Now this machine was saying something about a complication with HP Connections and then the page on the HP site it sent me to was saying that there was no longer any support for the HP Connections application and it needed to be uninstalled and had a download for that uninstall, of which I downloaded and tried to run it to uninstall the HP connections app and it said something about not being compatible with the uninstall tool or something like that.
But this what Avast has in its chest and I need to know what to do if you will?
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
This is what Virus Total, actually already had for it, as it said file already scanned.
Now I need to know if it needs to be removed or not and id it doesn’t how do we get it back into its original positions as all three of the files were the same when I extracted them to that excluded folder Suspect I created it said all three were the same and asked if I wanted to replace the file on each extraction.
If they do need to be removed how are we going to go about that, also? I really do appreciate this too!
Firstly I never accept the results of a previous scan unless it is on the same day and this is over 7 days old, a long time in AV terms, so I would always get a fresh scan. This may provide more information, either more scanners or less scanners detecting it.
Since a lot of the detections are generic there is still room for doubt and I would suggest you scan it again and if you get the same results then send it to avast for further analysis
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
Or you can send it from the Infected Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Periodically scan the file in the chest after VPS updates, etc. and if it is no longer detected you can restore it, so as you can see there should be no rush to delete, leave in the chest.
I might have the machine in question this weekend as the owner took it home. I sent all three of the files to Avast but I forgot to send them as possible false positives and sent them as possible malware.
I again scanned them after updating the virus database and it claimed them to be virus again. So, do I re-send them as possible false positives when I can?
These files appear to be legitimate files belonging to MS and used by HP computers. Be sure to check the version numbers on your friend’s laptop against those listed at the link below.
The above is not to say that the files on your friend’s laptop are legitimate. As David has suggested above, the actual files on your friend’s laptop should be tested at VirusTotal - Multi engine on-line virus scanner as it is always possible that the files are malicious & masquerading as legitimate files.
Thank you very much. Going to check the version #s on these things and if it is a match going to restore them and report them as possible false positives.
Thanks again, I didn’t find that info when searching!
I have just been able to find the time to post this. Those three files turned out to be False Positives and they restored them without sending them in to report them as false positives too. Don’t know if we can somehow do it without sending them personally or not. But that was the latest version of the Home edition and a machine running Vista. I think it had something to do with that combination, don’t really know though.
Thanks for all that help in that area. He took it to someone else without letting me report them as false positives etc… before they went to work and restored them.