I`m having a small problem with what I think is a false positive after a virus database update to Avast 5 (free), two days ago.
It refers to Win 32 upclean being possible malware but I dont think it is. Unless Ive got it wrong, I believe it`s a process relating to the Ms User Hive Clean-up Utility that I installed several years ago on this XP (Home) system. It runs automatically at close down.
Can you advise me on how to get the this checked out? I don`t see the option to advise Avast that used to appear with the pop-up window in Avast 4.
May I ask why you have not upgraded or done an uninstall/clean install to the current version of Avast, which is 6.0.1125? This may solve your problems.
Where is the malware now? In the Avast Virus Chest?
Did you have Avast 4.0 on your machine first?
Why do you use the hive clean up all the time? CCleaner does a better job and most of us here use that.
Hive Clean Up overview:
The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment or when using locked profiles as implemented through the Shared Computer Toolkit for Windows XP.
CCleaner, a free system optimization, privacy and cleaning tool. There is a Slim version available as well at http://www.piriform.com/ccleaner/builds – 4th option down. It removes unused files (cache, temporary Internet files, etc.) from your system, allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner.
I haven`t upgraded yet to Avast 6. I prefer to wait until you Avast gurus have sorted out any teething problems first.
Yes, Ive been running Avast in various forms on this machine for about six years. It does a great job and Ive had very few problems with it.
I installed the hive clean-up utility after delayed shut-down problems, mostly down to everybody in the family logging on and having a go on this computer when it was new. It`s makes a clean, quick shut down and I see no reason to remove it, the old log-on stuff still lingering here, I imagine.
Yes, I use CCleaner on default settings regularly. If I remember rightly, it didn`t make any difference to my delayed shut-down though.
Ive told Avast to ignore the Win32 upclean warning for the moment. The last time this happened (avast 4) it was to do with a a GUI process for my ancient sound system which Avast thought was suspicious but wasnt. It was fixed by Avast (in another update) within two days of my advising them of it.
Also, Im running WinPatrol Pro which would have flagged up a suspicious new process. It hasnt, so I`m resonably confident this is a false positive.
Did you do a scan to discover the malware? If you told Avast to ignore the malware, how do you know it was safe to ignore.
I would run an MBAM scan to be sure.
The current version of Avast is stable and I still suggest upgrading to the current version so that you are better protected, lighter on your system, and have more features.
:o What the hell does CCleaner have to do with this? Somehow you completely missed the point of the hive cleanup service (yes, it’s a service, that’s why it’s up all the time). It doesn’t have anything to do with cleaning up registry, read and reread the description you quoted yourself until you understand what it does.
No, no scan yet, but I will do so with MBAM and SuperAntispyware.
I`m fairly sure WinPatrol would have given me a warning if anything odd was going on and of course, SpywareBlaster and Spybot S&D (Immunise) are both up to date and (hopefully) blocking any incoming malware … in addition to Avast, I mean.
The Defence+ part of Commodo would have had something to say about it too, I hope, but it too has been silent.
Your advice on Avast 6 is noted. I will get round to it ASAP.
No, no TeaTimer. I had heard about these problems (on here, I think) and decided that SpyBot would run well enough without it as long as I kept the Immunise part up to date.
Thanks for your advice on Avast 6 … Is there anything else I should know about it before I take the plunge?
Go to Control Panel and uninstall Avast through Add/Remove Programs if possible and reboot.
If Step 4 fails, boot into Safe Mode (hit F8 repeatedly) and run the Avast Uninstall Tool. Uninstall ALL prior versions and products of Avast one at a time and reboot in between.
Reboot.
Install the newest version of Avast and reboot.
Get Internet access and register your copy or add the license key for Free, Pro, or AIS.
A forum search for uhpcleanhlp.sys (if this is the file being detected ?) would have found these two topics on the same thing (avast rootkit scan detection):
Yes, that was the name of the file detected … I tried to get the warning pop-up window back to make a note of it, but couldn`t.
In any case it seems to have been corrected in an update yesterday (or the day before?), so no problem now. In any case I think the file is sent to Avast for examination automatically when you hit the OK button in the warning window.
I don’t think the file itself is sent (as that wouldn’t show the reason/context/circumstances of the alert), just the collated information about the alert will be passed using the CommunityIQ function.