Author Topic: HP\BIN\EndProcess.exe  (Read 29719 times)

Offline willcook

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
HP\BIN\EndProcess.exe
« on: August 25, 2010, 09:04:08 PM »
I could not find the answer to this question in my search of the forums:

I got a virus detected warning for EndProcess.exe when I ran a scan.  However, I cannot remove to chest or repair.  Is this because the file is actually not a virus, or is it a particularly difficult problem to fix.

Thanks.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #1 on: August 25, 2010, 09:15:41 PM »
the file can be in use, have you tried avast boot scan?
http://sites.google.com/site/spg20scottsweb/home/avast-5-boot-time-scan

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #2 on: August 25, 2010, 09:18:59 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline bcress

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #3 on: September 13, 2010, 04:14:04 PM »
I could not find the answer to this question in my search of the forums:

I got a virus detected warning for EndProcess.exe when I ran a scan.  However, I cannot remove to chest or repair.  Is this because the file is actually not a virus, or is it a particularly difficult problem to fix.

Thanks.

I ran a boot-time scan (selecting the option to "Move all to chest"), immediately after updating Avast and the virus definition file.  Upon booting up, I had a message in the lower right-hand corner of my screen.  It read as follows:

Windows Vista (TM)
Build 6002
This copy of Windows is not genuine

However, my copy of Windows is surely genuine, purchased new from Best Buy.  I checked the Avast Virus Chest to see what files were moved.  On this boot-time scan, the only file moved to the chest was C:\HP\BIN\EndProcess.exe (last changed 9/16/1999).  It was categorized by Avast as Win32:KillApp-W [PUP].  This file appears legit...why would Avast categorize it as a Potentially Unwanted Program?

With little working knowledge regarding viruses and anti-virus software, I am going to restore this file and reboot my computer per the following thread to see if the problem is remediated:  http://forum.avast.com/index.php?topic=51790.msg521118#msg521118

Any additional information or an official statement from Avast regarding this issue?

Edit:  Also of note...I have run the boot-time scan before without Avast moving EndProcess.exe to the Virus Chest.  Could this imply that the file has been modified despite indicating that it was last changed on 9/16/1999?  And yes, my Windows time and calendar are current.

Edit 2:  Just decided to shutdown and boot up normally rather than restore EndProcess.exe.  Sure enough, the "not genuine" message was no longer in the bottom right-hand corner of my screen.  I am not going to restore the file unless I hear otherwise, but I would still like some information regarding the file.  Thanks!
« Last Edit: September 13, 2010, 04:35:09 PM by bcress »

Offline mkis

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1622
  • Gender: Male
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #4 on: September 13, 2010, 05:58:06 PM »
Are or were you also running Avira as a resident or even on demand scanner?
Mostly the KillApp detection is found by Avira where it is identified as APPL/KillApp.A and is considered a false positive unless rated as Fraudulent Software (an Avira categorisation - I dont use Avira so dont know much about the category).

That said, avast do have the categorisation Win32:KillApp-W [PUP], so we could have a similar type detection here from avast. Once detections have been made and definitions set, there is likelihood of overlap amongst different brand databases so regardless avira or avast, we are probably looking at much the same thing and possibly enough to upset Windows license or validation data. Mostly (I mean, lots and lots) with Avira, many users have even bought new licenses on account of the mixup. I'm unsure of the extent of the problem with avast. Perhaps they are following the Avira lead.

The best start point for sorting any license/validation error is to run the SFC /SCANNOW command
If you dont know how to do this --go to Start -> Run, then type 'sfc /scannow' (without the quotations) in the box provided and press OK.
Post the results here.


The HP file EndProcess.exe apparently refers to an application they need in the setup process and is detected by Avira because in the hands of an inexperienced user it may pose a problem. This would also tie in with the avast detection.
« Last Edit: September 13, 2010, 06:01:11 PM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Chaul

  • Newbie
  • *
  • Posts: 13
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #5 on: September 15, 2010, 06:28:11 PM »
Avast found this EndProcess.exe on my HP laptop a week ago too and I let it move the file to the chest. Avast did detect it as Killapp-something. Considering how much useless apps most laptops contain, I didn't think too much about it and just let the EndProcess stay in the chest. This was on Windows 7 32b.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #6 on: September 15, 2010, 07:18:49 PM »
Based on the location alone, HP\BIN\EndProcess.exe isn't this jusy one of the tools that HP use if you happen to do a a restoration to factory settings. If so then it isn't an issue, what is, is that you and others have chosen to scan for pups and not appreciated a) what a PUP is and b) the type of things that could be classed as a potentially unwanted program.

Quote from: bcress
It was categorized by Avast as Win32:KillApp-W [PUP].  This file appears legit...why would Avast categorize it as a Potentially Unwanted Program?

Since the EndProcess.exe file can be used to end/kill processes, it is a tool which can be used for good or evil purposes, an AV can't determine intent. If someone else installed this without your knowledge (not HP) then it would be unwanted, but having been installed by HP it is a tool which you may require if you do an HP restore, etc.

So if it is in the c:\HP\Bin location you want to keep it, so need to exclude it from on-demand scans, either that or stop doing custom scans searching for PUPs.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline vander1

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #7 on: April 22, 2011, 04:10:28 PM »
I have just recently brought a hp laptop have avast antivirus have done boot scan and found end process.exe is infected with win32 killapp-w [PUP] no need to panic i have found it either comes in with hp games as i installed a game in hp games called crazy cart 2 avast found files it found harmfull i let it in and uninstalled from where it went to did a recovery
and found this virus later on 1 of 2 sinarios it either came in with the hp game or it was pre loaded when i brought hp system to fix all u have to do is put to chest as i have system runs fine no errors hope this helps

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #8 on: April 22, 2011, 04:20:53 PM »
It normally comes with the HP recovery data, in c:\HP\bin, or something like that, what was the location ?

It isn't a virus, as the suffix [PUP] Potentially Unwanted Program implies. This is a tool used to kill applications (killapp) and is a tool that can be used for good or evil and your AV is not making that determination.

What I find strange is that it is being detected at all as scanning for PUPs isn't enabled by default. So it looks like you have been tweaking avast or its scan settings without knowing the possible effect.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Navvy

  • Jr. Member
  • **
  • Posts: 28
  • I'm a llama!
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #9 on: December 16, 2011, 11:44:42 PM »
I've just installed Avast, then did a boot-time scan. It detected EndProcess.exe in C:\hp\bin infected with Win32:KillApp-W[PUP].

Avast is using default settings, as this computer did not previously have avast on it.

The boot-time scan also found the same infection in one of the System Restore points.

Seems surprising that this is still a problem after so long.

Should I report it as a false positive?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #10 on: December 16, 2011, 11:49:25 PM »
PUP is not false positive as it is not virus
http://searchsecurity.techtarget.com/definition/PUP

it is just telling you that you have a program that can be used for good or bad, depending on what it can do and who installed it
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Navvy

  • Jr. Member
  • **
  • Posts: 28
  • I'm a llama!
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #11 on: December 17, 2011, 12:05:39 AM »
OK, I've added it as an exclusion instead. If it normally never gets run, then it won't matter if it one day gets infected with something else.

Offline punar

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #12 on: February 06, 2012, 08:15:48 AM »
According to the site Pondus linked to, "PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.".
EndProcess is neither a spyware, adware or dialer, and was not downloaded by the user, but came pre-installed with the os. So it's not a PUP and, as long as it's still the original file from HP, it's therefore a false positive.

Offline MichaelT.

  • Its time to Kick A$$ and Chew Bubble Gum, an I'm All Outa Gum.
  • Jr. Member
  • **
  • Posts: 96
  • Gender: Male
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #13 on: February 06, 2012, 10:57:06 AM »
I could not find the answer to this question in my search of the forums:

I got a virus detected warning for EndProcess.exe when I ran a scan.  However, I cannot remove to chest or repair.  Is this because the file is actually not a virus, or is it a particularly difficult problem to fix.

Thanks.

Dude, I have an HP HDX 18-1374CA with the HAD same issue.
This is a false positive, the "Endprocess" part is being detected as part of malware.
This file is needed for your HP OEM programs.

Do as I did,
Exclude the file from Quick and Full System scans.
From 'SETTINGS>EXCLUSIONS> add the file here as well,
ALSO, add your Back Up Location here as well, this will stop it from being detected every timr you do a "Full Scan".



HP ENVY 17-3090NR 3D - Win7x64 SP1 - Intel i7-7620 QM - 8GB DDR3 RAM 4+4 @1600 MHz  - Radeon HD 7690M XT 1GB DDR5 VRAM - C:\80 GB SSD mSATA II - D:\120 GB INTEL 320 SSD SATA II - E:\500 GB Hitachi SATA II - avast! Free - MBAM PRO - Online Armor Firewall - FIREFOX, M86/ABP(easylist,malwaredomains)/BetterPrivacy/VTZilla - COMODO Dragon

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HP\BIN\EndProcess.exe
« Reply #14 on: February 06, 2012, 01:06:52 PM »
It isn't a false positive as it is classed as a PUP (when you search for PUPs expect strange/unusual results), based on what it does (Ends Processes), so can be used for good or evil is why it is flagged as a PUP. An anti-virus program can't determine intent, that is something that only the user can determine.

The user has to know enough about their system, the files on it and what they do to determine if it is A) legit, B) something that they installed or C) would be installed by the manufactures, etc.

These are some of the very reasons why scanning for PUPs isn't enabled by default as most users don't know what a PUP is and even if they did may be unable to make the determination if it is legit or not.

Not included in this general definition by many PUP definitions are tools which can be used for good or evil, some have been legitimately installed for a specific good purpose, but could have been unknowing installed for a malicious purpose. In which case it would be considered unwanted.

Not all antivirus programs scan for PUPs and some will have a different definition on what falls under the heading PUP, avast has it turned of by default (an exception being the boot-time scan). So if you get this you have been tweaking the avast settings without knowing what the impact might be.

####
So for me the question based on the above is should there be an exclusion made or should the user be scanning for PUPs when the default setting is not to.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now