Old HP file now registers as trojan

I was in the middle of running a scan with SAS today when Avast suddenly popped up and detected a virus (HPWaitWindow.exe – Win-32:Trojan-gen) As far as I know the file was included with the Hewlett Packard software bundled with my computer.

I’ve been using Avast for a few months now and have run multiple scans with no detections. It seems weird that it would all of sudden flag a file it had previously scanned many times. Virustotal and Jotti have also detected a virus with 4 or 5 of their scanners (thats probably not a lot, but I’m not really sure)

I’m basically wondering if it’s possible that I downloaded a trojan through another file that may have copied itself onto the HP file. I did download Fraps the night before (from the official site) but I think it’s unlikely to be the cause, although it also had a couple of detections from Virustotal and Jotti, although different (W32/AdAgent.U.gen!Eldorado). Avast did not detect anything.

Any help would be greatly appreciated. Thanks.

Edit: I should mention that MBAM and SAS did not detect anything in the file nor on my system. I also successfully put the file in the Chest and emailed it to support.

hey i sounds like an False threat so you did the right thing by sending it to the support. hopefully you send it to avast so they can check it it out and see if it is a treat or just and false one.

Yeah I’m thinking its most likely a false positive as well, but it just seems a little strange that it was never detected before. Do you know if it’s possible for a file that previously scanned clean to all of a sudden set off an alert? Is it possible that it was altered and infected by another file maybe?

Oh and it was Avast that I sent the file to so hopefully it’ll be cleared up in a day or two. Just trying to put my mind at ease for the time being is all.

I did a Google search of the filename, looked a several of the results, and it looks very likely to me that it is a FP. (Having “Gen” in the title of the detection name makes this more likely, too; it stands for Generic.)

If it was me, I’d not be concerned, and re-scan it periodically, especially following a VPS update. If it scans clean at some point in the future, it can safely be restored to the original location.
If not, further investigation, and notification to Alwil, is advised. (More info on request, should you need that at the time.) Give it a day or three. Or as long as you can do without the file for without uncertainty bothering you. Alwil are pretty good at fixing FP’s fairly fast. Post back in, say, 2 or 3 days if it doesn’t scan clean before then.
It can do no harm in the chest, even if it is malware.

I have the same problem of jason67, I use avast since one year and have HP notebook, suddenly during MBM scan, Avast detected file HPWaitWindows.exe, I check on virustotal and no virus were founded, i am pretty sure is a FP.

please, can everybody tell me if there are news about that?

Please re-scan it periodically following VPS updates.
Did you submit it to Avast as a FP?

Probably is a FP, but understandably, you want the confirmation.

Hi antonpaco

Yes it was a false positive and was resolved 2 updates ago.

ciao jason67, thanks for the answer, I will restore the file from the chest.