Hi,
I have researched the web and this forum before submitting. I was surfing the web a couple of days ago, when Avast v7 yelled out with Threat Found. HpqPhUnl.exe and it was moved to the virus chest, as I was unsure if this was a false positive. The virus in the chest shows as Virus Win32: Malware-gen.
Its original location was C:\Program Files\HP\Digital Imaging\Unload. I do have an HP printer of which I do not use everyday. Some websites say this is definitely not a virus, but a couple of others [who want you to download their scanner] say it will affect other things like usb’s. I have noticed since this file is in the virus chest my cordless mouse cursor goes on walkabouts all by itself. I plugged in a corded mouse and that did the same thing.
Could someone advise if I should return this file to its original location, or, treat it as a virus.
I also have Mbam Pro installed.
Many thanks
Cheers
From the Virus chest report it to avast! as a false/positve. do you remember which field alerted you ? You can exclude it fron files system shield to start with. while a copy of the file stays in the chest you can analize it from there once in a while to see if it is still detected.
Hi iroc9555,
Thank you for your reply. I have left the file in the virus chest for the moment until I am told if it actually is a false positive or not. I must say though that my printer is now ‘playing up’. Not sure which field alerted me, but a window popped up saying Threat detected/found. I just seem to get a mixture of opinions from the web, saying yes it is a virus, and no it is not a virus. I would rather not report it as a false positive until I am sure.
Virus Win32: Malware-gen is too generic and it is for sure a F/P since it is a HP printer file. You can though send the file to Virus Total to be analize by 40 or more antimalwares.
You can restore HpqPhUnl.exe from the chest. A copy of it will remain in the chest where you must report it to Avast! virus lab as a F/P so it can be analize otherwise you will not know if it is infected or not. Also you can reanalize it from there once in a while to see if it is still detected.
Meanwhile so that Avast can not detected again, you can exclude it from:
- Avast! > Settings > Exclusions. This will exclude it from the automatic and manual scans
- Avast > Real Time Shield > File system Shields > Expert settings > Exclusions. This will esclude it from Avast! real time scan while using the comp.
- In File system shield > Expert settings > Autosandbox > Exclude it from automatic sandbox.
- Avast! > Real Time Shields > Behavior shield > Expert settings > Trusted procesess
Once the file is not detected any more in the chest you can erase those exclusions. It is not safe to have files excluded for no reason at all
Hi iroc9555,
Wow, I have followed your suggestions to the letter. Sent file to avast, set exclusions, and restored. Thanks for the virustotal website too. I did believe that this was maybe a FP. You have been very helpful in your step by step, clear to understand instructions.
Many thanks to you.
Have a lovely day.
Cheers
Di.
You are welcome.
What did VT says. You can copy/paste the URL link here so that we can look at it.
When I sent the file the first time, VT showed Avast and another AV as being malware. I sent it again just now, and clicked on reanalyze, and it now shows clear in Avast.
As requested here is the link.
https://www.virustotal.com/file/66d674cc21d7679708b8a8113a71e7f23fba9c04b02bbe37e4c13fb21c8d558a/analysis/1333237316/
Thanks again
Mackenzie2.
Do not forget to analize it from Avast! Virus Chest. There should be a copy of the file there. If the scan comes out clean, you can remove the exclusions in Avast! and eliminate the file from virus chest.
Regards.
Hi iroc9555
I have just scanned the file in the virus chest, and the result was -no virus-, so I have now deleted it from the chest. I will now remove all the exclusions.
Many thanks again for all your help.
Kind regards
Di…