FHVc8WHr.exe.part Win32.PUP-gen [PUP]

FHVc8WHr.exe.part Win32.PUP-gen [PUP]

                               Google

Your search - FHVc8WHr.exe - did not match any documents.

Suggestions:

Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.

When was the last time you saw this after a Google search?
As of this moment my computer looks stable, but if this was the culprit then it’s a mean virus. Avast found it on a boot-time scan. The message was: Documents and settings\local settings\temp\FHVc*WHr.exe.part |>
is infected by win32pup-gen[pup].
I tried to repair it but I got this message: Error 42060--------------file not repaired. So I put it in the virus Chest.
The problem came about when I tried to download “Dictation Pro” from the CNET web site DOWNLOAD.COM. I allowed the Download helper to assist with the download. Along with Dictation Pro came two pieces of malware, GetSavin and Info Atoms. The Dictation Pro eventually failed to load because I don’t have Vista (my fault). The other two were found by Advanced SystemCare. I eventually Let ASC delete them. but the problem persisted. It appeared to interrupt Avast’s definition download. Each time I rebooted after a crash Avast reported a definition update. After the virus went into the Chest I got a clean download from Avast. That happened today. During the Dictation Pro download both Thunderbird and Firefox were unceremoniously shut down and as I recall Avast reacted at some point with: Error loading C:\Program Files\alwil Software\Avast5\ashMaiSv.dll. The operating system cannot run %1. That later showed up when I tried to send an email and Thunderbird complained that the certificate from my provider was outdated.
All that to get to this. I’m guessing that FHVc8WHr.exe.part was part of one of the two malware programs. Since Google has no documents that refer to it it may be new. Any one who has any info about this I would appreciate a heads up. I will keep the FHVc8WHr.exe.part in the virus chest. When I know how to do it I’ll forward it to Avast. Thanks

FHVc8WHr.exe.part Win32.PUP-gen [[b]PUP[/b]]
PUP = not a virus / Possible Unwanted Program a program that can be good or bad if abused..... so you need to know what it is before you decide what to do

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
post link to scan result here

The other two were found by [b]Advanced SystemCare[/b].
some info about IObit software you may want to read

http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

I don’t know how to find the file. It’s in the Virus Chest of Avast. Where do I look? I don’t want to scan for it unless you say it won’t get out. Thanks for the Iobit links. I go out and read them. Thanks

It's in the Virus Chest of Avast. Where do I look?
as you say...in virus chest

if you want to test it at VT you right click and restore the file to orginal location, then brows to that location and upload to VT
however if you got it from CNET downloader…that is known to have some bundled crap, i guess this is just some browser/toolbar crap file

if you want to check and clear your browser for crap files…if you have any. Run AdwCleaner…click delete…post log here
you find it here http://forum.avast.com/index.php?topic=53253.0

I have too much to loose in restoring the file. I sent a copy to avast and hopefully they can determine if it’s good or bad and what it does. Knowing what it does would help in future diagnoses. Too many web sites just give a rating which doesn’t help that much. My biggest fear is that it has messed up my registry and know I don’t trust CNET to down load a registry repair tool from. As I said I think it is programed to interfere with Avast and worth a closer look. I don’t have the advanced knowledge to analyze it so I will to leave it to the experts.
All I know is as of now my computer is stable (well, so far), and it appears that loosing the file has had no negative effect. I’m going to run the program you suggested. If I had to vote on a scale 0 to 100, 100 being the worst, the file would get 100. Too bad about CNET. I thought they were top shelf. I would like to find out what you find. Thanks for all your help, Dave

All I know is as of now my computer is stable (well, so far), and it appears that loosing the file has had no negative effect.
if you are suspicious and you want a check ... from the same guide i linked to scroll down to OTL and attach a diagnostic log, then Essexboy will have a look inside

Well, I went down again. So much for thinking I was out of the woods. I think I said that I had a successful definition update (130420-1), but as soon as I rebooted this time Avast updated my database (130421-0). I wonder if this “program” is trying to prevent Avast from updating. The one time I was able to witness the breakdown the only thing Windows Task Manager showed active was AvastSvc.exe and wmiprvse.exe. System Idle Process was at 00 (normally 95). Over the next week I will be going through the suggestions that you have given me including taking FHV… out of the Chest and running it in VirusTotal. I will post everything I get. The database just up dated (130421-1). Everything seems to be OK. In “Logs to assist in cleaning malware” The sentance “If you are having problems still after MBAM has run”, what does MBAM stand for? I brushed over the page but I didn’t see the reference. Thanks

MBAM = MalwareBytes AntiMalware

if you attach the requested logs at once, then the removal experts can look it over and give you/fix any issue they see now

attach these logs

AdwCleaner
Malwarebytes
OTL
aswMBR

These are the first two. I want to know if I can unplug my E-Drive? It is really slowing down the reboot.

I redid the attachments just to be safe. I didn’t see the more attachments at first.

Here are the files from MBAM and Otl.

your malwarebytes log say no action taken… did you not click the remove selected button after scan?

i also see you have some software from IObit…you may want to read this
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

malware removers are notified, ceck back later today

I thought I removed 3 items. I’m running it again. I read the IObit refferances, but I’m not sure what to do. The IObit’s Advanced SystemCare found the two programs that started me on this odyssey. I’d like a program that does what this one does (I think), but I don’t know of one that is out there.
The scan ran again and found one more. I removed it and the log that was created did not say that it was removed. It wants me to reboot. I’ll send what I have after the reboot.

for protection use avast and malwarebytes,
for maintenance use CCleaner. http://www.piriform.com/products
OBS remeber to untic the toolbar install if you dont want that

FHVc8WHr.exe.part this is an incomplete download and as such is quite harmless

Apart from that all I can see is one that AdwCleaner missed. Are you experiencing any problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
[2013/04/09 06:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\InfoAtoms

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I am still having problems. I woke up this morning to find a message (one of those little pop up screens) that MBAM blocked an out going attempt to communicate with a potentially harmful web site (something like that). I wasn’t fast enough to get a screen shot. In MBAM I found a reference to FHV… I though I had gotten rid of that during a previous scan with one of the programs you recommended. In the attachment ending with (01-16-59) you will see that the pup has changed. I assume that (:OTL…\Program Files\InfoAtoms…:Commands…[Reboot]) is the code you refer to. After some of these scans I have found some troubling results. The file Application Data disappeared so finding the MBAM log files wasn’t possible. I think I corrected that correctly, at any rate I have the file back. This is all new and strange to me so I hope you will forgive me for being so timid.
I run the fix you sent this evening and send the rest of the files. Thanks Dave

Not a problem this type of thing can be daunting first time around… Yes infoatoms may be the culprit so removal of the folder should cure that… What file was MBAM blocking ? As it is very very aggressive and I never trust it

The only update in MBAM I saw referred back to to the FHVc8WHr.exe.part. So I assume that the pup (PUP.BundleInstaller.IB) embedded in it is trying to reach out to it’s home server. The (win32.PUP-gen) has been replaced with (PUP.BundleInstaller.IB). After the last MBAM scan the reboot stalled and I had to unplug the computer. It booted “normally” after I plugged it back in. I was told that windows Security Center doesn’t play well with Avast so I have always had it turned it off. After the first scan I let MBAM correct the “problem”. But I sent the log created when the problems were found. The second scan reviled the (PUP.BundleInstaller.IB), and the windows Security Center was running. I turned of the three elements and after a third scan the three problems were back. This time I have not allowed it to repair them. I’m going to go back over the other thead as well as this one to make sure I send everything. Here are three more log files. I’ll run the fix you sent.

I ran OTL and have attached the log file. Am I correct in assuming that the original log was amended. I didn’t back up the first. I’ve been running the program out of a folder named Avast and the log is saving there. If it has it’s own home though I don’t know where it is. MBAM hides in Application Data, so I wonder if that’s the case for OTL. I’m afraid I nodded off and when I woke the computer was in the same state I left it with the addition of the text file. Like it skipped the reboot! If you think we have this licked please let me know. If you don’t mind I would appreciate being able to ask you a few questions before this thread concludes. They have to do with some of the recommendations and how to get avast to scan for pup’s. I’m going to run MBAM again to see what comes up. Thanks David