TrueProcess.exe

This program was part of TrueSwitch; an ISP switching program designed for AT&T WorldNet to change the users email client and address book information from old ISP to new ISP and inform contacts of a change of ISP. It is being flagged as a Virus Description: Win32:Trojan-gen {Other} by Avast. The VirusTotal reports 5/36 (13.89%) AV scan engines with up to date databases as a Trojan.Small.jhy.5632 or Win32:Trojan-gen {Other}. ???

What is the status of this file? Has anyone notified AT&T WorldNet? :o

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Will this link do for the report?

http://www.virustotal.com/analisis/0228a2b2b4db39ef17e9a68a0d32361e

Seems a false detection by the description you’ve wrote down.
Also, GData has the same detection of avast.
What is strange is the “small” detections…
I think they won’t contact AT&T… if it is really a false positive, then they need to correct the virus database… Hope they do it soon.

Let’s keep the thread open and see what happens in the next week in both Avast and VirusTotal websites. :wink:

Ok :wink:

Absolutely fine for the report, report it to avast as a possible false positive for further analysis as outlined in the link in my previous post.

my brothers xp compter is also infected with trueprocess.exe and alot of suspect things were happening including his yahoo email account would not be log onable from his computer until he changed the password and then only good for one log on again. he could change the password from different computer and have no problems. seems his password was being hijacked somehow. and that makes sense with the discription of what the file does. it seems it may have been modified to do some dirty work.

Well he should also upload it to virustotal (VT) to confirm as previously suggested in this topic (Reply #1) and post the results (as in Reply #2).

As this one was most certainly an FP, if the VT results are the same as this original post then I would think that whatever else is going on is unrelated to trueprocess.exe but something else.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.

  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.