Author Topic: Avast - Is This A False Positive?  (Read 13660 times)

Offline brhokla

  • Jr. Member
  • **
  • Posts: 60
  • Gender: Male
    • Personal Message (Offline)
Avast - Is This A False Positive?
« on: June 05, 2010, 02:56:48 AM »
Avast didn't pick this up on previous 3 scans but did today on a scan.  Did a new Definition update cause this?  Is it a safe file or a virus like Avast is showing?  I'm thinking its a false positive but I want to be sure.  Thanks and below is the information.

Location:    C:\HP\Bin       Name: EndProcess.exe    Avast 5.0 Pro picks it up as  Virus:  Win32:KillApp-W[PUP]  on a full scan but when I scan just the file it shows OK. 


Thanks

Brhokla
Win 7 64bit, AMD Turion 2.2GHz Dual Core, 4 Gigs Ram, Avast Pro 5 Antivirus, Malwarebytes, SuperAntiSpyware, Online Armor Free Firewall

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #1 on: June 05, 2010, 03:36:34 AM »
No it isn't a false positive, you appear to have included the option to scan for PUPs (Potentially Unwanted Programs) and possibly didn't know the impact of that choice. This executable is designed to kill processes so it can be used for good or evil and that intent/purpose isn't something an AV can really decide.

The Full System Scan I suspect that you have changed the default settings as I mentioned and the right click scan has different settings.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline brhokla

  • Jr. Member
  • **
  • Posts: 60
  • Gender: Male
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #2 on: June 05, 2010, 08:08:26 AM »
Thanks,  As I get use to the program more maybe this won't be an issue.  I appreciate your response.
Win 7 64bit, AMD Turion 2.2GHz Dual Core, 4 Gigs Ram, Avast Pro 5 Antivirus, Malwarebytes, SuperAntiSpyware, Online Armor Free Firewall

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #3 on: June 05, 2010, 01:22:21 PM »
No problem, glad I could help.

Given the files location, my guess it is part of the HP tools they load you could exclude this file from scans if you don't want it continually detected.

Welcome to the forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline brhokla

  • Jr. Member
  • **
  • Posts: 60
  • Gender: Male
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #4 on: June 05, 2010, 02:52:59 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again
Win 7 64bit, AMD Turion 2.2GHz Dual Core, 4 Gigs Ram, Avast Pro 5 Antivirus, Malwarebytes, SuperAntiSpyware, Online Armor Free Firewall

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #5 on: June 05, 2010, 02:57:02 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again
Exclusion tab of settings...
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #6 on: June 05, 2010, 03:06:45 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again

You're welcome.

Once you try as suggested by Tech, you will notice you can only exclude the folder in the initial selection. Once selected, in the screenshot posted by Tech, you can then edit the entry, changing the /* at the end of the exclusion path to /EndProcess.exe
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Saty

  • Full Member
  • ***
  • Posts: 115
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #7 on: June 05, 2010, 04:30:17 PM »
I had the same exact thing happen to me two days ago.

 As DavidR said, its a HP file.

excluding it works.

Sat
(2) Vista Basic laptops 32bit SP2...../ 2.16GHz 2GB ram 160GB HD / 1.86GHz 2GB ram 80GB HD / Avast 5.1 807 Free / Immunet Protect Plus / PC Tools Firewall Plus 7 / PC Tools Threatfire / WinPatrol Free / Malwarebytes Free / Superantispyware Free / IE8

Offline brhokla

  • Jr. Member
  • **
  • Posts: 60
  • Gender: Male
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #8 on: June 06, 2010, 02:37:07 AM »
Thanks all, I got the issue resolved and in the exceptions list.  Anybody have any clue when/why the boot time scanner for Win7 64 bit doesn't work?  Thanks
Win 7 64bit, AMD Turion 2.2GHz Dual Core, 4 Gigs Ram, Avast Pro 5 Antivirus, Malwarebytes, SuperAntiSpyware, Online Armor Free Firewall

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #9 on: June 06, 2010, 03:06:33 AM »
It isn't that it doesn't work, but that it is complex and hasn't been introduced in 64bit versions of the OS. It is planned for inclusion in avast 5.1.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline dayto

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #10 on: June 06, 2010, 11:26:19 PM »
umm i just got this same thing and i delted it is that bad will it do something bad to my computer and if so how can i fix

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #11 on: June 07, 2010, 12:07:58 AM »
Something like what, without the file name, location as given in the first post no one can say if it is bad or otherwise ?

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Mr.Agent

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2773
  • Proud to be an avast! user.
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #12 on: June 07, 2010, 09:04:02 PM »
Got the same detection but in KillIt.exe for me there no EndProcess.exe strange. Also nothing in chest so i dont know maybe if you had send it to virustotal we could know if its a virus or no...

So... avast! can you fix that pup detection on the HP KillIt.exe... I would be mad if the real time caught it and move it to chest and destroy my pc.

Thank,
Mr.Agent
Smart phone LG G2 - (Specs) Processor Quad Core 2,26 GHZ - 2048 MB RAM - True IPS LCD Full HD 1080p Screen - 13 MP Camera 1080p HD of 60 fps - (Security) avast! Free Mobile Security with Anti-Theft

A beast is a beast, she will stay strong until she lives... -Mr.Agent

Offline Mr.Agent

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2773
  • Proud to be an avast! user.
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #13 on: June 07, 2010, 09:12:18 PM »
I haven't figured out how to exclude a file yet from a scan but I'll soon enough have this figured out.  Thanks again
Exclusion tab of settings...

Thx Tech its a usefull way for avast! to got this. But i hope if they can correct it then that they will do it...

Edit : Wow look KillIt.exe detection http://www.virustotal.com/analisis/0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1275945232 That not normal that 6 scanners detect it why they dont correct the false positive... ?
« Last Edit: June 07, 2010, 09:29:27 PM by Mr.Agent »
Smart phone LG G2 - (Specs) Processor Quad Core 2,26 GHZ - 2048 MB RAM - True IPS LCD Full HD 1080p Screen - 13 MP Camera 1080p HD of 60 fps - (Security) avast! Free Mobile Security with Anti-Theft

A beast is a beast, she will stay strong until she lives... -Mr.Agent

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast - Is This A False Positive?
« Reply #14 on: June 07, 2010, 10:15:57 PM »
There is nothing to fix, this is not really a false positive, it is a tool/program designed to kill applications/process, etc. depends on who/what installed or is using it (you/HP/malware, etc.), as it can be used for good or evil and avast can't determine intent,  'you' have to decide if it is Unwanted.

Even if you did move KillIt.exe to the chest, it won't destroy your PC as it is likely only to be used by HP if it is trying to do something like a restore, etc. It isn't a system file.
« Last Edit: June 07, 2010, 10:20:58 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now