Updates from HP

[imrmoose]

New her. Thanks in advance for any help anyone can give me. First experience with a virus, took it in and this is what they found an did.
Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
and
Program Files\Updates from HP\137903\Program\BackWeb-137903.exe   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined
After a few boots the HP thing is back. Avast does not find them. Any idea what to do.
Thanks, Moose

[DavidR]

What originally detected these ?

As I'm not sure it was avast given your comment, "cleaned by deleting - quarantined," as avast doesn't clean by deletion, send to Chest, is its quarantine. Many of these Agent detections are generic, this makes them more prone to mis-detection.

The avast virus database for win32.agent is a huge 22891 signatures in all and some of those are I believe generic detections able to detect multiple variants of the same family.

[imrmoose]

Not sure what they used to detect them but it was an 8 hour scan. I have run avast a few times and before and after and they no show up.

[DavidR]

Given the locations of the detections relating to HP and BackWeb Client I don't know if this is anything to do with their support function (I won't use HP ever again), so there is every possibility that this was a generic detection based on what it might do, rather than a specific virus signature.

If this original detection was avast (which has to be confirmed) and it subsequently is no longer detected, then it could be it was a false positive detection, which has now been corrected. For this reason I hope you now get the idea that deletion is never a good option, you have none left, so send to chest and investigate.