Explain Boot Scan Options

[belthasar]

So I ran a scan on my computer, It told me it wanted to do a boot scan. So I did.

After a lengthy scan it returns this message: " File C:\windows.old\users\Persephales\AppData\Local\Temp\HBCD\CIntRep.exe   is infected by win32: pup-gen [pup]
File is in windows folder, are you sure? 1-yes, 2-yes all, 3-no, Esc-Exit: "

Can someone explain what this question is asking? "File is in windows folder, are you sure?"  Am I sure of what? That it's a windows file? that CintRep.exe is in the location that it says it is or is infected? Or is it asking me if I'm sure I want to proceed with a particular action which hasn't been previously stated, such as move to chest, delete, or attempt to fix.

I'm not sure what this question is asking me so I'm not sure how to respond. How do I find out what it plans to do in the event I say "YES" ?

In either case I think the file in question most likely is infected as it looks like its on a part of my hard drive from a previous operating system. And even if it isn't I don't use that information any more so it should be fine to delete or whatever.

Thoughts guys?

[schmidthouse]

Yes, that is a good one
Not sure myself.
And I would agree about the file being .old and I personally have deleted ' .old ' files in the past without issues.
Not advising, just sharing thoughts. 

And welcome to the forum

[seeker15]

The default settings for action to be taken when an infection is found is set to 'ask'. So each time an infection is detected, you will be prompted at the screen to take the necessary action. The question here is not sure. But if you had previously answered their question to delete/repair/move to chest, it, it is asking again just to make sure because the file is in windows folder (ignored the .old). In any case, you might have pressed a key. Otherwise, there are other options that comes up during a boot time infection detection.

[Alikhan]

Why not just use Disk Cleanup and that'll remove previous Windows (old) files. In other words, it'll delete the Windows.old folder.

[Pondus]

win32: pup-gen [pup]

PUP = not virus / Possible Unwanted Program    avast PUP scan is default off in all scan exept Boot scan

suspicious files can be tested at www.virustotal.com / www.metascan-online.com / www.jotti.org

but as said...it is located in windows old folder   

[belthasar]

Hey guys thanks for responding so fast! I was really skeptical that I would ever hear from anyone on here certainly not within ten minutes! To quote the oracle from the matrix: "For what its worth, you've made a believer out of me..."

On my problem though, @seeker you said: "The default settings for action to be taken when an infection is found is set to 'ask'. So each time an infection is detected, you will be prompted at the screen to take the necessary action....if you had previously answered their question to delete/repair/move to chest, it is asking again just to make sure"

By this you mean that Avast has a predetermined set of actions it is going to take, and is asking for confirmation before it executes them correct? I thought that this might be the case but couldn't be sure + I wasn't sure what those actions might be and how they corresponded to the options it gave me. As far as the other options you referenced, yeah I think I know what you're talking about but that was a long list of something like 8 or more options that included move to chest, delete, fix automatically...etc. I believe I got those before I got to the problem we are discussing.

Update:***  So because of my impatience and skepticism of timely responses on online forums, I decided to just take a chance and see what hitting 1-yes would do. It moved the item to the chest. A few more of these instances occurred and I continued moving them to the chest at each prompt. (I guess in this scenario either the default is move to the chest or else it tried to fix, failed, then resorted to this as I believe this is the pecking order in my settings...) After all of these had been addressed it simply booted back up. As we speak I'm running malware bytes on it just to make sure to catch as much as possible before making a backup of my hard drive and continuing my day to day.

@ AliKhan: Wow, cool did not know about that sir umm yeah that sounds good. I'll be sure to try that if I have a similar problem in the future.

Thanks so much for your responses guys! I'll be sure to let you know if anything else develops. I also know who I can count on if anything does!

[olddog]

After a lengthy scan it returns this message: " File C:\windows.old\users\Persephales\AppData\Local\Temp\HBCD\CIntRep.exe   is infected by win32: pup-gen [pup]
File is in windows folder, are you sure? 1-yes, 2-yes all, 3-no, Esc-Exit: "
...Thoughts guys?

Obviously they forgot to display the actual options on offer, and without that information the only safe option is of course "Esc-Exit".

[belthasar]

@olddog: Who is "they"? me? because I wrote that out EXACTLY as it appeared on my screen. I was very cautious to include every bit of information I received from the program because I understand how excluding anything can make it much harder to diagnose.

So if you were thinking that I didn't post the problem properly I assure you, you received all the information I did and that is exactly why I was confused. This program didn't seem to give enough information to answer the question.

[seeker15]

By this you mean that Avast has a predetermined set of actions it is going to take, and is asking for confirmation before it executes them correct? I thought that this might be the case but couldn't be sure + I wasn't sure what those actions might be and how they corresponded to the options it gave me. As far as the other options you referenced, yeah I think I know what you're talking about but that was a long list of something like 8 or more options that included move to chest, delete, fix automatically...etc. I believe I got those before I got to the problem we are discussing.

Correct! You can see what action was set as default by going to Scan> Boot time scan> Settings> When a threat is found, apply the following actions

Update:***  So because of my impatience and skepticism of timely responses on online forums, I decided to just take a chance and see what hitting 1-yes would do. It moved the item to the chest. A few more of these instances occurred and I continued moving them to the chest at each prompt. (I guess in this scenario either the default is move to the chest or else it tried to fix, failed, then resorted to this as I believe this is the pecking order in my settings...) After all of these had been addressed it simply booted back up.

You got your answer yourself

[igor]

Did you set an automated action when scheduling the scan?
Or, was there another file detected before this one where you selected an action "for all"?

[The log file, stored at C:\ProgramData\AVAST Software\Avast\log\aswBoot.log would also have that information.]

[olddog]

@olddog: Who is "they"?

No not you. I assumed you had included all of the information you were given.
My "they" referred to the program developers, Avast.

As I read the settings available for a boot scan, you can preselect to have an automatic action taken if a threat is found, such as Fix Automatically/Move to chest/Repair/delete. The default is ASK.

When a threat, or threats are subsequently found in a boot scan, it isn't good enough in my opinion to hope the user remembers what setting was chosen maybe months previously. The intended action relating to the question should have been shown along with the question. I assume the coding in the program to put that information on the screen has been overlooked (or didn't work).

[olddog]

...was there another file detected before this one where you selected an action "for all"?

Surely if one selected "All" on an earlier threat find, then a repeat of the question should not have taken place on any further threats found in the same scan.