Hi all, have a question for you! This morning right after booting up, avast! said it detected this (HPZipm12.exe)as malware and moved it to the chest. Uniblue says, “hpzipm12.exe is loaded by the Hewlett-Packard PSC 2100, 2200, 4100, and 6100 series printer drivers. They are essential for the smooth running of these devices.” (My printer is a 6940.) I tried printing something and for one job it worked fine; haven’t tried anything else yet.

Any ideas? Is this a false-positive perhaps? I’ve had the HP printer for three years at least and haven’t downloaded any updated for it recently, although a window did come up yesterday saying there were updates available (was in a hurry and I clicked “cancel”).

Thank you!

Pam

UPDATE: I just looked at something that may be a clue. This file when found by avast! was located in the Windows/system32 folder. Should a legit HP file be in this folder?

upload the file to www.virustotal.com and check it with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here

If it’s in avast’s virus chest, how do I upload it?

You need to add an exception folder in avast, so that when you take the file out of the chest, avast doesn’t detect it again and move it right back.

Then, you need to put the infected file in that folder. Then, you can upload to virustotal.

Or, follow DavidR’s wonderful instructions on how to do so from an earlier post:
http://forum.avast.com/index.php?topic=49495.msg418499#msg418499

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

You’re probably using Avast 5.0, so these instructions would be better:
http://forum.avast.com/index.php?topic=63603.msg537734#msg537734

If 5.0: Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

• In the meantime (if you accept the risk), add it to the exclusions lists (see note below):
  File System Shield, Expert Settings, Exclusions, Add and
  avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: don’t exclude the folder this file is in but exclude the file (or it leaves too big a hole in security, copy and paste the full path to the file into the exclusions.

Oh, just noticed this as well…

Probably just a false positive.

http://forum.avast.com/index.php?topic=64801.0;topicseen

I haven’t gotten around to checking the file yet, but it looks like from the thread above that it is a false positive. I still have it in the chest and everything seems to be running fine without it. Thanks for those instructions; I am definitely printing those off!

Pam

Pam