I used Avast free up until a few years ago, but I had problems with false positives. I went again with it a few days ago, after becoming disenchanted with Macafee. I had recently scanned with Avast, MBAM and Superantispyware, and came up clean. This morning for the first time I did a boot time scan. It found 3 viruses. They are now in the Chest. :(One was c:\hp\bin\processlogger.exe which it called a Win32:Pup-Gen [Pup]. I Googled it and found a discussion of it on the hp forum, where the moderator told an inquirer that it was NOT a virus, and was an Avast FP.
The other two were named Encode\ISO.class and were in the Sun\Java\Deployment\cache and identified as Java:Agent-GM [Expl]. I Googled it and found a discussion on Bleepingcomputers forum, where someone had the “GM” Java:Agent [expl] plus GL, GJ, BJ, GO, and GN plus a BW [Trj] and a WIN:32Hupigon-ONX [Trj]. Anyway, the moderator said that he could help him remove the above, but that experts agree that because of the nature of the viruses, he would not be able to trust his computer again to keep information safe, without reformatting and reinstalling the O/S!
So to make a long story short, would that be true in my case? Also, I wanted to submit the files to Virus Total to be sure they were not FP’s, but don’t know how to do it from the Chest. Can you advise me what I need to do now?
PUPs are Potentially Unwanted Programs. You might want it, or you might not. Just by the name, processlogger.exe, you would suspect the file logs processes. The moderator is right, it is not a virus, but it is not entirely an avast false positive, as one might use this ‘processlogger.exe’ for malicious purposes. An example is to have a malicious program to download this file, save it to a trusted folder, and run the file. When done, the malicious program would send the contents of processlogger.exe to their server for ‘analysis’.
as Donovan say PUP is not virus…and PUP scan is off on the default quick/full scan
PUP (potentially unwanted program)
http://searchsecurity.techtarget.com/definition/PUP
Sun\Java\Deployment\cache and identified as Java:Agent-GM [Expl]from infected website...trying to exploit your browser..... clear your browser and java cache you have latest browser version and java update ?
Check what version of java you have here:
http://java.com/en/download/testjava.jsp
Also, I wanted to submit the files to Virus Total to be sure they were not FP's, but don't know how to do it from the Chest. Can you advise me what I need to do now?
How to guide from DavidR
Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.
you restore the file from chest to that folder, and then you can upload to VirusTotal from that folder
Thanks for the replies! I have the latest browser and cleared the cache, and I have updated Java. I haven’t tried submitting to Virus Total yet. Do you think I need to do anything else for security? I take it you think I don’t need to re-install Windows Vista? What about changing all my passwords? ???
PS. I have submitted one of the files to Virus total (I figure one is enough), and it came back with quite a few hits as malware. Bit defender calls it Java.Trojan.Downloader.OpenConnection.AN
I have changed the passwords for my most critical applications. Can anyone tell me if my computer is safe? Is there a way I can tell if this was an “active” infection? Scans by Avast, MBAM and Superantispyware now show no Issues. I have had SpywareBlaster installed for years. I have used KeyScrambler and Sandboxie for about 8 months. Is there a virus removal tool, or an online scanner that I should use? Or, do I really need to wipe everything and re install Vista? (I hope the hell not!)
if you OS / browser / java was fully updated then the exploit will not work…unless they where very new
if you are in doubt, you can follow Essexboys guide and let him have a look inside
http://forum.avast.com/index.php?topic=53253.0
OK, thanks very much!