I found some malware that avast! didn’t detect.

It was named hp.exe
file version: 1.5.0.1
description: kworpdysdnthqrn
comments: delkjkkbdkxfygk

It was located at J:\WINDOWS\hawlett packard\hp.exe
and registered at HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
and also at HKLM\etc.

I assume it is not a HP product: ‘hawlett packard’ is not the correct spelling
and the description and comment don’t look very professional.

It forces to be executed at system startup, probably in more copies and produces a series of error messages:
Access Violation Error
The proces cannot access the file because it is being used by another process.

I removed the file and all references in the registry, and didn’t see more effects.

Somebody knows this virus/worm/horse?

What avast version are you using 4.8 or 5.0 ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

I’m using version 4.8.1368, and that version is ‘Already up to date’

Good idea! This is the result:

http://www.virustotal.com/analisis/96909c99d6dbe5097b654715a611958dd6f6fdbdcdb28d3e4d06e0bc6e01b943-1266001455

It looks not completely harmless…

Yes, it looks highly suspect, though the majority of the detections are using heuristic detections, which are more prone to mis-detection.

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Yes, it is up to date for avast 4.8, there is a rolling program update cycle to spread the load on the servers as 100 million plus avast users are updated.

• Download avast 5.0.396 free antivirus - http://www.majorgeeks.com/download1968.html?2010-01-29
  Whilst that one isn’t the latest for version 5.0, once installed you should be able to do a manual program update from the User Interface (UI) to get 5.0.418 (only a small incremental update from .396).

Hi Wonda,

Read this: http://www.scribd.com/doc/3290371/Advanced-Windows-Malware-Removal

Use SuperAntiSpyware to remove it fully: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

polonus

@DavidR

The undefined object has been uploaded from the chest; and I have avast 5.0.418 (quite different view, clearer UI). Thanks.

@polonus

I use SuperAntiSpyware frequently, but it only found tracking cookies
“Advanced Malware Removal” is an interesting document, but lets a lot unexplained. >:(

Ha Wonda,

Kijk eens even naar deze info: http://www.neuber.com/taskmanager/process/updates%20from%20hp.exe.html
en ook hier: http://www.file.net/process/updates%20from%20hp.exe.html
en deze link: http://www.bleepingcomputer.com/forums/topic275405.html

groetjes,

polonus

No problem, glad I could help.

Yes the 5.0 UI is different, but as you say it is much clearer and easier to get to know and use it.

Welcome to the forums.