Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Davy on September 15, 2011, 02:13:33 PM
-
Hi, I use Avast pro with XP pro.
I booted the computer the 2nd time today and Avast detected UPHClean.exe as Win32 Malware-gen and sent it to virus chest.
I use UPHClean to clean the shut-down errors in event log, not that I need to but it never detected it as a 'naughty' before. So I submitted the file by clicking the button etc.
I wonder has anyone come across this and how long does it take for the results approximately.
Thanks.
Dave
-
upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the URL in the address bar and post it here for us to see
alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/
-
http://forum.avast.com/index.php?topic=84742.0
-
I have been using this for more years than I care to remember, I reported this as a false positive. Only avast (and GData, uses avast as one of its two scanners) detect it, http://www.virustotal.com/file-scan/report.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1316088422 (http://www.virustotal.com/file-scan/report.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1316088422).
- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.
-
Hello Pondus.
Took awhile figure out, Avast kept sending it to vault but I did it some how.
https://www.virustotal.com/file-scan/reanalysis.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1316089168
Sorry having trouble with inserting link, thanks.
-
So it's a falsie, I can let it go back.
Thank you all, Dave
-
Just started getting this FP today:
Object: C:\Program Files\UPHClean\uphclean.exe
Infection: Win32:Malware-gen
Process: C:\WINDOWS\system32\services.exe
UPHClean (User Profile Hive Cleanup Utility by Microsoft is NOT malware. Please correct this. -kd5-
-
Avast is not detecting here.
Win XP SP3
Avast latest & Windows FW
No other realtime security
Thanxx
Naren
-
Well, my wife & I both have XP SP3 w/ all updates, with the User Profile Cleanup Utility installed, and Avast (latest version, on both computers, latest updates) reports UPHClean as malware. It's not malware, it's a genuine bonafide Microsoft application. -kd5-
-
Thanks to Avast I now have to reinstall UPHClean on a customer's computer. I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up). Please fix this. -kd5-
-
Avast is not detecting here.
Win XP SP3
Avast latest & Windows FW
No other realtime security
Thanxx
Naren
It's not natively part of the Windows XP operating system. You have to physically install it on your computer, and now thanks to Avast anyone who had it on their computer now has to reinstall it, unless they're unaware of what just happened. -kd5-
-
I downloaded & installed it & also went into the programs folder UPHC.exe but its not detecting here.
Avast Database - 110915-0
UPHC version - 1.6.36.0
Thanxx
Naren
-
Thanks to Avast I now have to reinstall UPHClean on a customer's computer. I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up). Please fix this. -kd5-
Why would you have to reinstall it, if it is in the chest (default action), when it is no longer detected restore it. Or exclude it from the file system shield scan as I mentioned above and then restore it.
-
I downloaded & installed it & also went into the programs folder UPHC.exe but its not detecting here.
Avast Database - 110915-0
UPHC version - 1.6.36.0
I have had mine for many years and that version is 1.6.30.0, which since it was discontinued years ago, I would have though it was the last version.
So where did you download yours ?
-
Thanks to Avast I now have to reinstall UPHClean on a customer's computer. I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up). Please fix this. -kd5-
Why would you have to reinstall it, if it is in the chest (default action), when it is no longer detected restore it. Or exclude it from the file system shield scan as I mentioned above and then restore it.
Doesn't matter if it's quarantined or deleted, what matters is that Avast is detecting (and quarantining/deleting) it while naming it malware when it's not. That's what needs to be fixed before it quarantines or deletes it from every XP computer that has UPHClean installed.
That's what really matters. -kd5-
-
It will be fixed, but as has been said there should have been no need to reinstall, certainly doing so before it is resolved isn't going to solve anything as it would be detected again.
That is why I gave instructions on how to exclude it until it is resolved.
-
As I said they are normally quick to resolve and VPS 110915-1 resolves this false positive on uphclean.exe.
-
Thank you for a quick fix. -kd5-