Hi guys can someone help me with this problem.I got this win 32:PUP and win 32: KillApp on my scans I have no idea how to fix.
The computers are too complicated for me and if GURU specialist is willing to connect with my PC by remote assistance to fix the problem you are more than welcome
Hi oupulino
Welcome to avast!WEBforum
can you visit the following webiste please and do as much as you can and post the logs
http://forum.avast.com/index.php?topic=53253.0
This helps out malware expert.
Regards
Anthony
what is there to fix…what is the problem with these detections ?
It looks like you have PUP enabled. PUP is a Potentially Unwanted Program that you may or may not want. Did you download the file yourself? If not, then another process could be using this PUP for malicious purposes. Are you able to take a screenshot of the viruses it finds?
Until we identify if there is a problem please don’t send people to that topic as it is not yet established there is a malware problem and even then if it is one that will need specialist assistance.
The win32:KillApp [PUP] sounds like it is an HP process, so that is what we are trying to establish.
What is the file name and location of the alert ?
What action did you take ?
C:\WINDOWS\Temp\unp33555451.tmp
C:\WINDOWS\Temp\unp1412841.tmp
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\cache\6.0\13\5bd89d0d-35d4c681\smbkhrnvpetuqumq\jjvefskfgsqheydmybmfw.class
C:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0242038.exe
C:\System Volume Information_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0242037.exe
The win32:KillApp [PUP] detection you mentioned doesn’t appear to be present in the list, whilst you don’t give the malware names in the list, we are very familiar with the win32:KillApp [PUP] detections and the greatest majority they are on HP systems in the c:\HP\Bin\ folder.
Do you have an HP system ?
On the list of detections, what action did you take at the time of the detections ?
Re the first two detections, C:\WINDOWS\Temp\unp*.tmp:
I believe that should be in the C:\WINDOWS\Temp_avast_ folder as the avast fo;der is where avast sends/unpacks files that it is going to scan ?
The unp999999.tmp file format is what avast names its temporary files which it is about to scan in that location.
The last to detections in the C:\System Volume Information folder, I suspect may be related to the first two detections, if you deleted them then the system restore may have made copies (restore points) in the C:\System Volume Information folder.
All four of those can safely be deleted.
The third detection in your list, is in your JAVA cache and is generally an indication of a java exploit associated with an out of date JAVA version which is Vulnerable to attack. Your version 6.0.13 is way out of date and you need to update JAVA. That too is safe to delete.
- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
They are in Virus chest at the moment.,so I just can deleted from Virus chest.
When I did boot time scan I set to deleted.
Maybe that why is not show win32:KillApp any more.
Yes I do have HP system about 6 years old.
Thank you for replay and good advice I will post the progress I start like this Avast product Norton Antivirus 2012 is going to the garbage
I visit this side http://secunia.com/software_inspector/. but Microsoft warning is not recommended because is not compatible.What I should do ?
Yes you can delete those from within the virus chest.
I don’t know why Internet Explorer is mentioning compatibility, I haven’t heard of this in the forums when we send people there. I have no problem if I visit with firefox.
I have just visited it using IE8 on my XP Pro system and I get the usual the website wants to use flash player (which I allow) and I get a pop-up reporting the JAVA digital signature for secunia has been verified (it uses a JAVA applet to do the check), see image, is that what you mean ?
Which Java I have to download ?
The JRE (run time environment) version the latest I believe is 7 update 3.
This may save you a bit of hassle http://www.oracle.com/technetwork/java/javase/downloads/jre-7u3-download-1501631.html. So depending on what your Operating Systems is 32bit or 64bit (see image). You probably have windows XP (which is 32bit, with very rare exceptions), or possibly Vista; so it would be best to download the Windows x86 (32bit) Offline version. That allows you to download it and run it from your system rather that try to install it online.
Thank you for help it work .Now I like to instal this patches to close vulnerabilities, http://secunia.com/software_inspector/. but no luck it freezes up telling me that will uninstall previous version to do that asking to pres Next and nothing happen freeze up.
Is there any other software that will fix patches to close vulnerabilities ?
What patch do you have problems with ?
When I got the Virus automatic updates was down so I did same updates from Window XP and have no idea if that the correct ones so you guys recommended the programs which patches to close vulnerabilities for PC .
I have lots of programs which probably do not need on my pc and they are slowing down my pc.
Like I mention before computers are to complicated for me to fix it they are like black magic for me
When I got the virus I did same updates and have no idea if they are right probably I download program which I don’t need and they are slow my pc .Which patch I don’t know just trying to clean my computer from unnecessary programs after Avast clean my viruses
Hi there lets take a look at the system first and see if there are any problems that need resolving
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
C:\commands.txt echo list vol /raw /hide /c
/wait
C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif
How to post both logs I try zip files and the file is to big .How can I post this 2 files
OTL.Txt and Extras.Txt.
look below the box where you are typing… you dont have to zip
" Attachments and other options"
if you still have problems, upload to www.mediafire.com and post the download link here