This program was part of TrueSwitch; an ISP switching program designed for AT&T WorldNet to change the users email client and address book information from old ISP to new ISP and inform contacts of a change of ISP. It is being flagged as a Virus Description: Win32:Trojan-gen {Other} by Avast. The VirusTotal reports 5/36 (13.89%) AV scan engines with up to date databases as a Trojan.Small.jhy.5632 or Win32:Trojan-gen {Other}. ???
What is the status of this file? Has anyone notified AT&T WorldNet? :o
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Seems a false detection by the description you’ve wrote down.
Also, GData has the same detection of avast.
What is strange is the “small” detections…
I think they won’t contact AT&T… if it is really a false positive, then they need to correct the virus database… Hope they do it soon.
my brothers xp compter is also infected with trueprocess.exe and alot of suspect things were happening including his yahoo email account would not be log onable from his computer until he changed the password and then only good for one log on again. he could change the password from different computer and have no problems. seems his password was being hijacked somehow. and that makes sense with the discription of what the file does. it seems it may have been modified to do some dirty work.
Well he should also upload it to virustotal (VT) to confirm as previously suggested in this topic (Reply #1) and post the results (as in Reply #2).
As this one was most certainly an FP, if the VT results are the same as this original post then I would think that whatever else is going on is unrelated to trueprocess.exe but something else.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).