hpqlpvwr.exe

[John.Parker]

I received notification this morning during the daily quick scan that this file is a high threat. It appears to be related to Hewlett-Packard Resource Center.  This is the first time it has been flagged by Avast, and I have not made any changes/updates to HP recently.  Is there any reason why it would suddenly be flagged?

[Pondus]

what does avast say?
a screenshot would help...

[Pondus]

upload the file to www.virustotal.com and test with 40+ malware scanners
post link to scan result here


if you have the file in avast chest, you can right click it and upload to avast lab as possible false positive
it will then be sendt at next avast auto/manual update
if not in chest, add it to chest manually first....it will only be a copy

how to use virus chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406

[John.Parker]

Screen shot attached

[John.Parker]

Here's the virustotal results. I have also uploaded the file from to Avast as a potential false positive.

https://www.virustotal.com/en/file/25897c2d2e0865d183b9062a1c165fd29203341a442e3a9c49b3917aef798339/analysis/

====
SHA256: 25897c2d2e0865d183b9062a1c165fd29203341a442e3a9c49b3917aef798339
SHA1: 7176fae073f513693a636a71023f4e851a1dfacc
 MD5: 0146c08c94fdee09f5224c114a6c6415
File size: 816.5 KB ( 836096 bytes )
File name: hpqlpvwr.exe
File type: Win32 EXE
 Tags: peexe
 Detection ratio: 2 / 45
 Analysis date: 2013-04-09 10:18:12 UTC ( 2 hours, 36 minutes ago )

Antivirus         Result            Update
Agnitum         -               20130408
AhnLab-V3      -               20130409
AntiVir         -               20130409
Antiy-AVL         -               20130409
Avast         Win32:Agent-ARAT [Trj]   20130409
AVG            -               20130409
BitDefender      -               20130409
ByteHero         -               20130405
CAT-QuickHeal      -               20130409
ClamAV         -               20130409
Commtouch      -               20130409
Comodo         -               20130408
DrWeb         -               20130409
Emsisoft         -               20130409
eSafe         -               20130407
ESET-NOD32      -               20130409
F-Prot         -               20130409
F-Secure         -               20130409
Fortinet         -               20130409
GData         Win32:Agent-ARAT      20130409
Ikarus         -               20130409
Jiangmin         -               20130409
K7AntiVirus      -               20130408
Kaspersky      -               20130409
Kingsoft         -               20130408
Malwarebytes      -               20130409
McAfee         -               20130409
McAfee-GW-Edition   -               20130409
Microsoft         -               20130409
MicroWorld-eScan   -               20130409
NANO-Antivirus      -               20130409
Norman         -               20130408
nProtect         -               20130409
PCTools         -               20130409
Rising         -               20130409
Sophos         -               20130409
SUPERAntiSpyware   -               20130409
Symantec         -               20130409
TheHacker      -               20130409
TotalDefense      -               20130408
TrendMicro      -               20130409
TrendMicro-HouseCall   -            20130409
VBA32         -               20130408
VIPRE         -               20130409
ViRobot         -      

[iamtig]

I am having the same issue, although my pop up looks different. I can not send a screenshot because I am still in the middle of my boot time scan.

I believe I am getting from you that this is nothing to worry about, am I correct? Since there is not an 'Ignore' option, what is the procedure on getting the Avast pop up window from going away? If this question is better asked in another thread, please advise.

BTW, the boot time did not remove it with this message:

\(location)\solutioncenter.cab >hpqlpvwr.exe. EF7FC10_0282_4CD7_837B_757983E832E8 is infected by win32:Agent-ARAT [Trj]

Move To Chest: Error 0xc000007F {An operation failed becauset the disk was full.}

I know my HD is not full, do not know if the chest can get full.

[sunsets]

I also have the same problem. For me, Threat: Win32: Agent - ARAT [Trj]

It's located in C:\Program Files (x86)\HP\Digital Imaging\Help Viewer\hpqlpvwr.exe

[Pondus]

that sure looks like a FP

First seen by VirusTotal
2010-10-31 18:49:22 UTC ( 2 years, 5 months ago )

Sigcheck
publisher................: Hewlett-Packard Company
product..................: HP Help Viewer
internal name............: hpqlpvwr.exe
copyright................: (c) Hewlett-Packard Company.  All rights reserved.
original name............: hpqlpvwr.exe
file version.............: 130.0.124.72
description..............: hpqlpvwr.exe

[Just Bob9]

I've got the same thing.  Went to print a PDF off an email and it wigged out my printer and made it shut down, print multiple copies and generally goof.  I ran a boot scan and got Win32:Agent_ARAT (trj) and it would not put it in the chest, said "disc is full".

[sunsets]

There is a new engine and virus definitions update that corrects the false positive. I did quick and full system scans, and it didn't show up.

Thank you for issuing an update to fix the problem.