Hi,

I did a Scan.
Avast said to put in quarantine the c:\hp\bin\processlogger.exe file because Win32:PUP-gen [PUP].

Real virus or false positive ?
And what’ll happen when logging myself on my HP PC if I do so ?

How to know ???

Thanks.

You have enabled PUP detections. I suggest you disable PUP detection if you don’t understand what are these detections.

Thanks but I’ld like to understand…

PUP = Potentially Unwanted Program http://searchsecurity.techtarget.com/definition/PUP

Thank you. What I want is not to disable PUP scan on the whole disk, but to diseable PUP search in my HP PC folders. Other viruses in HP folders are of course to be scanned.

PUP is not virus…it is programs that can be used for good and bad…depends why it was installed and what it is used for

What I want is not to disable PUP scan on the whole disk, but to diseable PUP search in my HP PC folders
not possible, PUP scan is ON or OFF

Yes of course. I want too much. Avast is a free software… :-\

And there is lesser risk in disabling PUP detection than to make an exception in scaning a few directories. Isn’t ?

Yes of course. I want too much. Avast is a free software...
has nothing to do with free.....same thing in avastPRO or AIS....PUP scan is ON or OFF (default)

as i said PUP is not virus, and default setting is OFF…
it will only tell you that you have a progam installed that can be used for good or bad, depending on who installed it and what it is for
if you make exception then nothing in that folder will be scanned…but i think it is possible to make exeption for one file ? have never used this

Problem : I don’t find the switch to disable PUP detection. Somewhere in Settings I suppose, but where ?

see picture in first post http://forum.avast.com/index.php?topic=54216.0

I don’t find any picture !! How to disable PUP search in AvastAV ?

The image is definitely in the first post, so I cant understand why you can’t see it. I will replicate it here (click to expand), though I don’t know if you will have the same problem.

It is in the Scan Computer, Scan Now section, you need to expand the scan details, hover the mouse over the ‘Turn off’ text and it converts to a button, click to turn off.

Thanks. I’ll try that. :wink:

(When I was not logged a few minutes ago, the image didn’t appear. Now I’m logged and I see your picture :-\ )

You’re welcome.

There is such a switch/button in each different scan type, though I don’t know if switching it off in one scan type (quick scan in my image) does the same for the other scan types. If not it may well give you the ability to create a custom scan for only certain folders, though this isn’t the same as not use it in certain folders but do in others (in the same scan).

If the c:\hp\bin\ folder doesn’t change, you could actually scan it once to confirm things are OK and then exclude that path from the scan/s. Though personally I’m wary of that idea.

I did a Boot scan, and came up with the pup-gen, if i am reading this forum correct it is part of Avast and can be switched on or off in each type of scan, I looked at mine, all pup indicators are off, the boot scan still found :
HP/BIN/PROCESSLOGGER.EXE "Infected with - win32:PUP-Gen [PUP]
as well as:
System Volumne Information_restore {00eff988-5705-4d9a-ba78-7681a60fb54}\rp1213\a0172554.exe "Infected with - win32:PUP-Gen {PUP}

I moved to “chest” any suggestions?

To give a bit more information: I just went to “chest” did a scan on one of the files, it seems the real virus is win32:killapp-w (PUP) I will check the other 4 and also see if they have a virus name upon scanning.

The same general advice offered to the others in this topic, in this location it isn’t a Potentially Unwanted Program (PUP) but a tool, the same is true of the Killapp detection if its original location is the hp/bin folder, etc and you obviously have an HP system. Send those back (restore from the chest), confirm they are back in the original location hp/bin, etc. and delete the copy that remains in the chest.

The one in the system volume information folder is only because it was moved from the original location, so essentially when you have those back in the original location, that which was sent to the chest from the system volume information folder can be deleted from the chest.

Either don’t scan for PUPs or be aware if there are any PUP detections that you have to investigate to see if they are actually unwanted or are tools which you installed or were installed by the system manufacturer.

Thanks David, I think I will leave it in the “chest” for a bit

My concern was all my PUP indicators were off, yet the boot scan still found the pup’s
and in an additional location (my Sys Admin Info) and two of the files if scanned in the
“chest” indicate another name. Would the Win32:pup-gen {pup} have moved if I attempted a
sys restore? (which I did Twice, each to a succesive time)?

Does Avast move an entire file to the “chest” I.E. HP\Bin\Processlogger.exe or is the
“chest” indicatore just a reference to “where” the suspected virus is hidden? I dont want
to delete an entire “needed” file just a virus.

For the most part PUPs aren’t really an issue and for some cause more concern than reassurance when the user has no idea what definition of a PUP is or what the file is that is being alerted on.

avast moves the file to the chest (a protected area), it is no longer in that location. So if you delete a file in the chest, that’s it, it is history, gone to the bit bucket in the sky, toast.

Personally there is little point in leaving this in the chest (Restore it) as that file in that location is legitimate, but tools can be used for good or bad. An AV isn’t to know the purpose it will be used for, hence the category PUP.

Thanks David I’ll move it back tonight when I get home from work.