the file wich is detected is c:/hp/bin/endprocess.exe , does anyone know what this is?
Try a search in this forum (search box in the window) for that malware name or endprocess as this has been discussed recently.
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.
but why is a real threat like ardamax keylogger only detected as a PUP?
but why is a real threat like ardamax keylogger only detected as a PUP?You have to buy it, and install it....and you know what it will do. It does not install by itselfe
sorry, i was just looking at the ardamax website and there was no mention of the keylogger being able to install itself remotely through email anymore as was the case some years ago.
look here http://forum.hosts-file.net/viewtopic.php?f=11&t=549&hilit=ardamax
jepp thats from 2008…but interesting…
The problem is one of intent, with tools like this (to stop/kill/end a process), they can be used for good or evil and avast isn’t to know the intent. You know from the location and that you have an HP system (presumably) that this is a tool from HP, most likely used if required when doing a restore, etc. So you know it is OK so as you say can ignore it but avast can’t as it doesn’t have the information you have.
yes it is a HP computer.
thanks
You’re welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don’t want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.
Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
just did, works perfectly