Hi - I got a new HP Mini-310 2000 and finished setup ops & installs, but left the system on standby, forgot & unplugged it. This morning I started it up and after the Windows 7 recovery routine the HP quick launch came up & I chose to start Windows instead. Then I got a black screen with the Avast!5 Scan running - it found the Win32:KillApp-W in EndProcess.exe so I sent it to the Chest. I then searched the web & reviewed the Forum posts. I decided to restore the EndProcess program, but got a message from Avast!5 asking if I wanted to over-write the existing file which was already there. However, I may have launched the “Restore” routine twice, because nothing seemed to be happening the first time. Question #1: When I first sent the PUP to the Chest, did Avast!5 move the whole file or just the PUP section of the code? Q#2: Since I found nothing on the web or your forum (postings over about 6 months) showing Win32:KillApp-W as anything other than an HP Restore tool, does that mean that it is actually not a PUP for HP Mini-310s? Q#3: If “EndProcess.exe” was Restored, then why would it still be in the Chest or if it was Quarantined in the Chest, why was it still at its original location? Q#4: Is there a problem having a good functioning file in & outside of the Chest?
You will have to add an exclusion for the file (see ~~~ below) or avast will get into a look of you restoring it and avast sending it to the chest as it is effectively classed as infected.
The problem being what the process is designed to do is to kill processes and that tool can be used for good or evil and why it is considered a PUP (Potentially Unwanted Program). Avast can’t determine the intent. Since this is part of the HP restoration process and something installed for a purpose rather than someone using it for malicious purposes.
Avast moves the whole file as there isn’t just a part of it that is detected, so endprocess.exe would be moved complete.
- add the full path to the file to the exclusions lists:
[b]File System Shield, Expert Settings, Exclusions, Add[/b] and
[b]avast Settings, Exclusions[/b]
Restore it to its original location, it shouldn't now be scanned and detected.
A file remains in the chest when you restore it, this is useful as if the restore failed for any reason you wouldn't have a copy. Confirm that the file is back in the original location and not detected, then you can delete the copy in the chest.I need some urgent advice on this, I’m not really computer literate… So avast automatically moved the file win32:kryptik-RC to the chest, whilst the Internet was uploading java I think. So I though everything was fine so I then installed a windows update (which may be unrelated to the endprocess file) but then my Hp laptop came up with messages saying ‘ram low’ and ‘hard disk not found’ and ‘private data may be corrupted’. So I did a boot scan and the screen said the endprocess file was infected with win32:killapp-w [pup]. The computer was unable to repair it, the computer was unable to remove to the chest so I continued to start the computer and now I’m unable to view certain files and I am unable to back up files on a USB as the laptop is unable to read it. There is a red circle icon with a white cross saying ram critcally low and avast pops up with a red screen saying Trojan blocked. Through reading past forums should I just exclude the file from avast? Will my laptop then run normally as I don’t think anyone elses laptop has said ram low and could this have to do with me continuing to use the laptop after avast found the file?
If someone could give me directions on how to fix it would be greatly appreciated as there are some important files I need to save.
Please read my first reply again, this issue is about your having selected custom scan and having it scan for PUPs as in the default scans, Quick and Full System scan, PUPs aren’t selected.
So first you have to say where this file was found ?
If you have an HP system and it is found in a folder/partition related to the HP installation, it is legit.
If it is legit, then you have two options:
- change your custom scan and disable the scanning for PUPs.
- exclude the file from on-demand scans in the avastUI, Settings, Exclusions.
Note: A repair can only be done on a true virus infection (and one covered by the repair function), this isn't a virus, no virus code has been injected into the file so there is nothing to extract/repair.Ok thanks. I do have a HP laptop! So I have some questions, how do I find the file? I’m worried because my computer says it can’t detect drive c, so how will it be able to find endprocess.exe? (I haven’t turned on my computer since)
Also how do I know if it is HP installation related?
Thirdly does it matter that my computer is saying ram critically low and that private data at risk? Will that be fixed once I follow your steps if the file is legit?
And one more question, what if the file is not legit?
Sorry about all the questions, i don’t know alot about computers but I have a feeling the file is legit as when I was connected to the Internet the ‘trojan’ file was actually java trying to update…
Ok another question, a friend of mine recommended I do a ‘restore point’. Apparently this puts the computer back ‘in time’ a certain amount, so in my case it would be before the program/file was on my computer. Is this advisable?
Avast should have given the location (path to the file) in the detection ?
I can’t say if the file is legit if I don’t know where it is located, though it is more likely that it is given you have an HP system.
I don’t know why your computer says it can’t find drive C: as that is the main drive/partition that windows is normally installed on. So I presume that windows is running on drive c ?
RAM (you don’t say how much you have) is critical and will slow your system if in short supply.
I don’t know what it is that says your private data might be at risk, what software is saying that ?
Personally using system restore can bring as many problems as it purports to resolve and it depends on how far back you go.
What’s the detection?? How do I find it again?
Ummm my computer only started saying ram low once avast blocked the program… Not sure how much ram
I have but I only bought my laptop last year.
The computer keeps on popping up with computer data at risk in a window every now and then in the middle of the screen only after the program was blocked. And the ram low is popping up on the bottom right hand corner in an icon next to the time in a red circle with a white cross through it which only started once the program was blocked. If avast blocked the program will that be able to affect my computer that badly?
Sorry I have no clue how to find the file and I’m worried I’ve screwed up my computer lol
Presumably you sent it to the chest ?
If so then check the avastUI, Maintenance, Virus Chest, the file should be in there, the original location should also be recorded. If you can’t see the full location, right click on the file and select properties and that will show the original location.
This EndProcess.exe file even if you deleted it will have zero impact on the system as it is only used you would use HPs recovery console, etc. to try and reset your system to how it was when you got it (not something you would want to do in a hurry).
It is a tool that HP uses to kill/end processes in order for it to do its work, under normal circumstances would be inert.
So the other issues are unrelated to this detection.
I don’t know what application or system is displaying either the low RAM or the priate data at risk, I haven’t come across these errors before.
if you cannot acces your c, try typing C:\ in the bar to access it. (see pic bar)
If your computer flagging you that you don’t have much ram you can increase your vertual ram.
i cannot explain clearly in english but maybe picture do. 
(See pic Pagefile)
Thanks both of you!
You’re welcome.
I have done #2 above
and I have right clicked on the path in the Chest and selected “restore” but the path remains in my Chest.
HAS THIS HP APPLICATION BEEN RESTORED?
IF SO WHY IS IT STILL IN MY CHEST?
Thanks in advance for the answers.
Btw, scanning for PUPS WAS MY DEFAULT in as much as I’ve NEVER changed any Avast Settings up until now.
Looking into this further I’ve noticed that this is an ongoing issue going back over 2 years or more with Avast detecting this PUP and there are a lot of discussions on HP sites about this. You’d think that if Avast found “EndProcess.exe” in the path: "C:\HP\Bin" then Avast would know this is a legitimate HP application.
A copy remains in the chest as the last thing you would want is for the restore to fail and you have no copy remaining.
Physically confirm the file is back in the original location, if so you can delete the copy in the chest.
PUPs has always been unchecked, if at any point you make a change any update or install over the top of an existing installation would retain those settings.
It isn’t an ongoing issue, scanning for PUPs will pick up a file designed to stop processes. I don’t believe avast is unduly concerned with the name of the file as such (names can be changed/FAKED). They don’t white list a location as it too is easy to compromise.