Author Topic: Avast found Processguard as a virus !  (Read 15890 times)

0 Members and 1 Guest are viewing this topic.

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Avast found Processguard as a virus !
« on: August 30, 2006, 01:07:34 PM »
I booted my computer, but before logging in to my user account I disconnected my cable modem.
When I logged in Avast reported of having been updated???
Ands reported what is shown in the picture, about a trojan Hupigon-KM  !!!

And disabled PG free user interface from running.
The PG protection is though still on.

From Jotti scan, no one else found nothing.

What is going on?

Jarmo
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83559
  • No support PMs thanks
Re: Avast found Processguard as a virus !
« Reply #1 on: August 30, 2006, 02:38:28 PM »
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan, it will need to be temporarily removed from the standard shield exclusions otherwise it won't be scanned), when it is no longer detected then you can also remove it from the program settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #2 on: August 30, 2006, 02:56:24 PM »
Quote
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions)

Thanks David, there is Customize/Add button, but no browsing in Standard Shield to find a file in home edition, so I leave it undone. Not going to write some crazy paths by hand.

If Jotti shows it as a positive, as definately avast found that as shown in pic, was it because the information I had a virus was sent to Avast and they flagged it as such?

I believe my database update was somehow corrupted cause I unplugged my cable in the middle of the process vast was updating. It happened anyways before I logged in.
So could it have been any windows file, even some system one that could have kept my computer from rebooting to windows, something as bad as that?
This is really really worrying me now.

I could not understand what you told me about password protecting the zip, it is needed. Your words were a bit unclear or then my mind, heh. I first of course tried to send it to chest, but PG did not allow :)

I tried to download the current antivirus update also from avast web site.
It told me I already have the latest update.
Rebooted, still trojan found :(

EDIT
Oh I understand, you were trying to tell me a passwrd to zip, lol.
I run no 3rd party zip programs in my current install and PG seems not to allow me to send it to a compressed file. My XP is in finnish language, so i cannot be more specific.

To avast antivirus analysts since I am unable to send you the zip file, I am running PG free 3.410, that should be the latest version there is.
« Last Edit: August 30, 2006, 03:35:31 PM by Jarmo P »
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Avast found Processguard as a virus !
« Reply #3 on: August 30, 2006, 03:55:33 PM »
Thanks David, there is Customize/Add button, but no browsing in Standard Shield to find a file in home edition, so I leave it undone. Not going to write some crazy paths by hand.
Yeah, we asked Igor this in the past... a browse buttom is missed there  ::)

If Jotti shows it as a positive, as definately avast found that as shown in pic, was it because the information I had a virus was sent to Avast and they flagged it as such?
Can you rephrase? Jotti send samples to antivirus companies that do not detect them and have a possibility of being really infected, not false positive.
Jotti helps (try to) with underdetection rate.

I believe my database update was somehow corrupted cause I unplugged my cable in the middle of the process vast was updating. It happened anyways before I logged in.
So could it have been any windows file, even some system one that could have kept my computer from rebooting to windows, something as bad as that?
This is really really worrying me now.
If the update process get corrupt, a new one should correct it. I don't think system files are involved here...

I could not understand what you told me about password protecting the zip, it is needed. Your words were a bit unclear or then my mind, heh. I first of course tried to send it to chest, but PG did not allow :)
From Chest it's not needed. But from mail, if it is scanned by avast, then without zipping it with password will avoid the mail to leave your computer.

To avast antivirus analysts since I am unable to send you the zip file, I am running PG free 3.410, that should be the latest version there is.
I think Alwil should be able to manage this without your sample... it's a public program that could be downloaded...
The best things in life are free.

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #4 on: August 30, 2006, 04:32:51 PM »
Thanks Tech for your reply :)
Much missed that button it seems, not that it would make any real protection but in cases like these. I never had any real virus infection, not I think even now, but if a false positive, should be more easy to exclude a file.
I guess I just keep waiting for the new update for antivirus database.

Strange that no one else has reported this, not in wilderssecurity PG forum or anywhere I have searched.

I tried to upload that file again to Jotti scan, that I trust. Not understanding your words exactly Tech though.
Got this white page reply:
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Well, that file cannot be send to a zip, somehow protected.

So my conclusion is, my puter is owned?
I wait a few days still before reformat or any such drastic things. My cable modem is not blinking constanly and internet connection works well, but one never knows.
« Last Edit: August 30, 2006, 04:36:01 PM by Jarmo P »
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Avast found Processguard as a virus !
« Reply #5 on: August 30, 2006, 04:40:14 PM »
But if a false positive, should be more easy to exclude a file.
I hope there will NOT have a buttom on the virus message... people will mess things considering them as false positives...  :P

Not understanding your words exactly Tech though.
Jotti does not report to the manufactures ALL files submited, just the ones that have a high possibility of being infected.
They're trying to help the antivirus to make their work better.
I mean, they don't send samples of 'false positives'. So Alwil does not receive a sample of this file from Jotti...
But I think they don't need it after all...

So my conclusion is, my puter is owned?
No, I don't think so.
Maybe you can't zip the file because it is in use.
The best things in life are free.

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #6 on: August 30, 2006, 04:47:52 PM »
What you think of this Tech?

Quote
I tried to upload that file again to Jotti scan, that I trust. Not understanding your words exactly Tech though.
Got this white page reply:
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

So it is some malware that keeps me doing another scan with Jotti?
I should trust that message and know I am no worth anymore, my PC is owned?
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Avast found Processguard as a virus !
« Reply #7 on: August 30, 2006, 04:55:41 PM »
So it is some malware that keeps me doing another scan with Jotti?
I should trust that message and know I am no worth anymore, my PC is owned?
No. I think WebShield could be blocking the transmition of the file. The firewall or any other kind of http filtering tool could be doing the same.
I won't take any bad conclusion from that message...  8)
Scan your computer (avast, ewido...), use avast boot time scanner... Be happy  :)
The best things in life are free.

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #8 on: August 30, 2006, 05:03:30 PM »
That warning was pretty drastic!

I rarely do scan my PC with avast, last time though was not much more than a week ago.
It is not my firewall for sure, kerio 2.1.5 works just nice, unless I am owned of course.
Getting really paranoid at this stage for any explanation.
So I do avast scan.  Your explanation of webshield blocking jotti scan makes some sense i try to hold on to it.
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83559
  • No support PMs thanks
Re: Avast found Processguard as a virus !
« Reply #9 on: August 30, 2006, 05:10:49 PM »
Usually when we see this 0 bytes it is because the file is in the chest and is trying to be uploaded and is protected by avast. The other possibility is ProcessGuard's self protection is somehow trying to stop the upload as well ?

You could download the latest version of the free PG and save to your HDD, uninstall the current PG and reboot, do another avast scan and if clean install PG.

I gave up on the free BG ages ago as it is so limited in the protection (number of items) that you can't do any meaningful protection. You effectively can choose between your firewall or AV, even then it won't protect all services, etc. I also found it to be an absolute pig to get rid of, protected registry keys, etc.

If the web shield was somehow intercepting then it would alarm I would have thought.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #10 on: August 30, 2006, 06:00:40 PM »
Tanks David and all others.
This internet has not caused me nothing but troubles.

I want to tell you all a story, about a woman I held to my heart and as a close friend. It was stupid, cause she can be reached in this site:
http://cams.com/p/cams/view.cgi?stream=DreamDoll&action=bio

She is Mihaela Macsim, from Bucharest romania.
One of her friends pointed me to a site some other, and I stupid maybe installed something in my computer, must have been a keylogger or any.
I "knew" her from march 03. Always in my yahoo messenger.

I found out she had a pimp to put her to that stuff, instead living with a brother.

Above very personal, but hope you don't judge me too hard for loving a woman like that?

I did a boot scan, after that no avast alerts.
But everytime I do a reboot, now I get 2 dumprep alerts from XP.

David, PG now covers all processes, not just one. But as I am now, not recommending you any. No idea why 2 dumpreps everytime i log into windows.

Take care of you all, maybe last time I am posting here.

Jarmo
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83559
  • No support PMs thanks
Re: Avast found Processguard as a virus !
« Reply #11 on: August 30, 2006, 07:33:55 PM »
I tend not to judge others as you wouldn't want them to judge you.

I didn't know the free version of PG covered all Now, when I tried it it only covered 2 and one of those was itself. Not sure of I want to go through that level of security again. I much prefer to make an image of my hard disk partitions every week, plus daily data back-ups and if I have a problem, restore the last image and latest data back-up.

Unfortunately the dumpreps are much help to your average user, but there is a tool that can read the dumpreps, sorry I couldn't find a link to it.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11754
    • AVAST Software
Re: Avast found Processguard as a virus !
« Reply #12 on: August 30, 2006, 07:46:04 PM »
I don't think it's the WebShield blocking the file transmission (I think, though I'm not 100% sure, that WebShield scans only incoming traffic, not outgoing). I'd rather bet on Standard Shield.

Anyway, it's a false alarm, of course - and will be fixed in the next VPS update. Sorry for the troubles.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Avast found Processguard as a virus !
« Reply #13 on: August 30, 2006, 08:17:52 PM »
WebShield scans only incoming traffic, not outgoing
Makes sense...
Sorry for the poor guess about being a WebShield provider problem...
The best things in life are free.

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Avast found Processguard as a virus !
« Reply #14 on: August 30, 2006, 08:26:17 PM »
thanks for your reply Igor, it was so much appreciated.
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html