Author Topic: HPLaserJetService.exe identified as rootkit. False Positive?  (Read 5152 times)

0 Members and 1 Guest are viewing this topic.

Zippy1970

  • Guest
Since today, Avast keeps popping up a message that my HPLaserJetService.exe is a rootkit which should be removed. I tell Avast to ignore the file since I'm pretty sure this is a false positive.

Anyone else getting this message?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #1 on: June 30, 2013, 11:55:47 AM »
think there was som HP problems a year ago.... try forum search

anyway, you can report / upload file to avast lab here.  http://www.avast.com/contact-form.php

Offline dko

  • Newbie
  • *
  • Posts: 4
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #2 on: July 01, 2013, 10:36:49 AM »
I too have had this reported as a possible Root kit.  The file has been on my PC for years.

My operating system is Window 7 Ultimate (x64). I have had avast! free for around a year and this file has never been challenged by avast! until 2 days ago. 

Currently the file is in the avast! Virus chest.  Maybe not my best decision as the Windows 7 Component Services > Services (Local) entry disappeared when I exited and rebooted PC.
So far my Printer is working as normal so I am not unduly worried yet!,  HOWEVER I was unable to find out exactly what HPLaserjetService.exe does via a web search nor whether I need it with Windows 7. I do not like having unresolved unknowns that "May" rear their ugly heads later when I may not associate the issue with the actual cause.

I sent a report to avast!  2 days ago and mentioned that  that I believe it to be a False-Positive.  I gave them my email address and asked avast! to confirm their finding (either way).  So far no response and I do not know if avast! normally does or does not respond.  The problem is that IF it is not avast!'s usual procedure to respond and it just updates its definitions if a False-Positive then I would not know to restore it from the Virus Vault (which I would prefer to do as obviously HP think the file is desirable or necessary).


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #3 on: July 01, 2013, 11:09:20 PM »
@dko

Quote
The problem is that IF it is not avast!'s usual procedure to respond and it just updates its definitions if a False-Positive then I would not know to restore it from the Virus Vault (which I would prefer to do as obviously HP think the file is desirable or necessary).
right click file in chest, and rescan....when not detected it is fixed and can be restored
a copy will remain in chest after restore....this can be deleted when all is OK

avast FAQ. how to use virus chest.  http://www.avast.com/faq.php?article=AVKB21


« Last Edit: July 01, 2013, 11:21:19 PM by Pondus »

Offline dko

  • Newbie
  • *
  • Posts: 4
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #4 on: July 02, 2013, 07:41:30 AM »
 :) Thanks Pondus.  There are so many aspects of avast! that it can sometimes be difficult to know where/what to look for. 

I did exactly what the link you referred me said to do, and today HPLaserJetService.exe is accepted by avast!  ;D

Now I have to reinstall my HP software to try and a restore the HP Laserjet Service to my Windows 7 "Local services". (or not reinstall HPLaserJetService.exe and see if anything detrimental happens)


Cokomon

  • Guest
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #5 on: July 13, 2013, 04:46:51 AM »
I just signed up to post in this thread, as it seems Zippy and dko did as well.  I got this same error message yesterday, when I was simply printing to the Microsoft XPS writer rather than my HP Laserjet printer.  Shortly after everything went through, Avast popped up to warn me that this might be a rootkit.  Sensing it may be a false positive, I selected the ignore action and found this forum thread.  Then today my wife was on her laptop and got the same error at startup time.  She also had the printer software installed.

I only got this printer within the last couple of months, and in that time Avast hasn't complained about anything.  We just got the executable from the install CD that came with the printer.  I ran a boot scan after this happened and the results said "no virus found".  However, I checked my virus chest and HPLaserJetService.exe is currently residing in there, with the virus description "Win32:Evo-gen [Susp]".  I really am hoping that this is just a false positive, although it makes me wonder what this service was doing that it would set of Avast's alarms.

Included is a screenshot of the error.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #6 on: July 13, 2013, 09:09:36 AM »
@Cokomon

you can upload the file from virus chest as possible false positive to avast lab

see the FAQ link i posted above, on how to do it

« Last Edit: July 13, 2013, 09:11:22 AM by Pondus »

Cokomon

  • Guest
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #7 on: July 13, 2013, 04:48:48 PM »
Thanks for the response.  Can I submit a file to Avast while it is inside the virus chest folder or do I have to remove it first?  Also, after submitting the file will I eventually get a response as to whether or not it really was false positive?  Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #8 on: July 13, 2013, 08:01:33 PM »
Thanks for the response.  Can I submit a file to Avast while it is inside the virus chest folder or do I have to remove it first?  Also, after submitting the file will I eventually get a response as to whether or not it really was false positive?  Thanks.
you can submit from inside chest....you right click the file in chest

instructions on how to use the chest here.  http://www.avast.com/faq.php?article=AVKB21

you may get a responce.... anyway, wait a day or two then right click the file in chest and rescan it
if not detected you can restore it....a copy will remain in chest, this yoy can delete when all is OK




Cokomon

  • Guest
Re: HPLaserJetService.exe identified as rootkit. False Positive?
« Reply #9 on: July 14, 2013, 02:40:13 AM »
I submitted the virus/rootkit to the lab.  Thanks for all the help.

I hope I had the info right.  I grabbed the version number off the accompanying dlls (Programs and Features didn't seem to have a version number listed for the printer software).  I also marked it as from a trusted source in so far as it was from an install disc included with the printer.  Sorry if I'm bugging you, I've never had submit a report before and I just want to make sure I did it right.
« Last Edit: July 14, 2013, 02:46:50 AM by Cokomon »