Trojan detected by Avast, JS:FakeAV-FL [Trj.]

[RONIN2010]

1. If the KillIt.exe file is in the Chest but also exists on your machine, you can delete it from the Chest.
2. The system restore file you can delete as well since you will not be able to use it anyway.
3. The April99Win32.exe I'd leave in the Chest for now. 

Will Do.

Also, have you done an MS Update since your Boot-time scan to see if it picks up anything that is missing?

To clarify, you are now using Avast 5.0.594 now?

Do a quick check to see if any of your software needs to be updated as well.  The PSI is more thorough than the OSI version

I haven't checked my MS updates since the boot time scan, as I had to rush off to work but will do this, as well as run PSI the moment I'm home. I did DL PSI before I made any changes, just had to rush out the door. I will post my results, once complete. As for Avast, yes ma'am I'm running 5.0 and virus definitions are current.

[SafeSurf]

You're headed in the right direction to improve your security.  OK...keep us posted. 

[Sarakael]

@ RONIN2010
be aware you won't get rid of it without diagnostic tools  

[SafeSurf]

Sarakael,

Thank you for your input, but we've already been using diagnostic tools.  It is not necessary at this point to use other tools, and if necessary we have a Certified Malware Expert on hand for this.  Thank you. 

[Sarakael]

SafeSurf !!
Certified Malware Expert  ( rofl )
You'd better told it as I started here !
I ASKED FOR THAT !

Don't longer waste my time with guys like you

[RONIN2010]

Hello All.

Just finished checking my MS updates and no critical updates are pending. However I am having an issue running PSI. I installed the app but cannot get it to scan. When I click "start scan" , it starts, jumps to 93%, then a pop-up appears, saying "scan aborted". I tried uninstalling, then reinstalling but same result.

[RONIN2010]

Hello all.

Please disregard previous post.. I was able to get to get PSI to scan, after registering. Imagine that.. However I seem to have opened a new can of worms with that app.. I've managed to get all programs updated except for one in particular. Adobe SVG Viewer 3.x. I updated this by uninstalling what was there and installing the current version and still can't get it to disappear from the threat list. Maybe due to the fact that it's at it's end-of-life? Also I deleted the system restore point that had the KillIt.exe mentioned, as well as deleted the KillIt.exe from the chest. What I would like to know however, is how can I keep this from coming up in future boot scans, when it hits this file? Other than that I'm running a MBAM scan just for extra measure, to make sure all is well. Thanks again so much for your help and patience.

[SafeSurf]

@ Sarakael,

Certified Malware Expert  ( rofl )

We do have someone here named Essexboy...see his post on the Sticky on the top of the Virus and Worms section of this forum, who has helped many people with malware removal.  I am not implying that I am the certified expert.  Thank you.

[Altarir.]

I ASKED FOR THAT !

you asked for what?

Don't longer waste my time with guys like you

yeah go burn in hell

[SafeSurf]

RONIN2010,

After you deleted the system restore, did you reboot?  Then restart your system restore again?

If a program is at the "end of it's life" and there is no update for it with PSI, then we have no choice but to wait for an update or use a different software.  Also, after you update a program there and reboot, some people rescan to make sure is successful. 

You mentioned earlier that KillIt.exe is something that is in your machine being used by Hp, however David mentioned that Avast is detecting it as a PUP. 

The HP on isn't a problem, as it is a tool (PUP = Potentially Unwanted Program), but tools can be used for good or evil and this on is part of the HP recovery partition. This tool is used to kill running applications and that is why it got flagged, but no action is required.

Perhaps David can offer more assistance with this.

Question:  Do you by any chance have the Teatimer on for Spybot SD?  Many have reported problems with this and Avast.

[DavidR]

You shouldn't have to delete it as it is there to perform a legit function if it is in the HP recovery process which I suspect because of its location C:\HP\bin\ this also assume you have an HP system.

The HP on isn't a problem, as it is a tool (PUP = Potentially Unwanted Program), but tools can be used for good or evil and this on is part of the HP recovery partition. This tool is used to kill running applications and that is why it got flagged, but no action is required.
<snip>

However if you don't want to delete it then you would have to exclude it from on-demand scans, avast settings, exclusions.

[RONIN2010]

RONIN2010,

After you deleted the system restore, did you reboot?  Then restart your system restore again?

If a program is at the "end of it's life" and there is no update for it with PSI, then we have no choice but to wait for an update or use a different software.  Also, after you update a program there and reboot, some people rescan to make sure is successful. 

You mentioned earlier that KillIt.exe is something that is in your machine being used by Hp, however David mentioned that Avast is detecting it as a PUP. 

The HP on isn't a problem, as it is a tool (PUP = Potentially Unwanted Program), but tools can be used for good or evil and this on is part of the HP recovery partition. This tool is used to kill running applications and that is why it got flagged, but no action is required.

Perhaps David can offer more assistance with this.

Question:  Do you by any chance have the Teatimer on for Spybot SD?  Many have reported problems with this and Avast.

Thanks David and SafeSurf for responding.

No ma'am. Actually I did not reboot after deleting the system restore point. Matter of fact I didn't even have system restore disabled. I did however restore the HP/Bin/KillIt.exe from the chest before I deleted the entry in the virus chest, per David's earlier instruction. Sorry I wasn't specific on that. And yes I have had problems in the past with Avast detecting Teatimer.exe as a virus. However I had submitted it to Avast, who released a patch, with this as an exclusion in 4.8. Haven't had any problems lately with it but since Spybot doesn't seem necessary at this point I'm likely going to remove it anyway.

[DavidR]

You're welcome.

[SafeSurf]

And yes I have had problems in the past with Avast detecting Teatimer.exe as a virus. However I had submitted it to Avast, who released a patch, with this as an exclusion in 4.8. Haven't had any problems lately with it but since Spybot doesn't seem necessary at this point I'm likely going to remove it anyway.

Sounds like a good idea considering the amount of people we've had here with problems with it.  Let us know how things progress.  Glad we can help. 

[RONIN2010]

Sounds like a good idea considering the amount of people we've had here with problems with it.  Let us know how things progress.  Glad we can help.  

Yeah I'm starting to get that feeling lol. Spybot doesn't seem to be moving forward innovatively, in the last few years. I guess my last question would be, would you have any suggestions on what could be done about the file that was flagged as infected in my MSDN directory? "April99Win32.exe" Other than leaving it in the chest. I am a little curious as to why it keeps showing up on boot time scans, if this file has already been quarantined. My lack of knowledge regarding the quarantine process is speaking here.. That and since I did not disable system restore before I deleted the restore point that was in the chest, was it even removed? Thanks again for your help through all this, as you all have been very helpful and it's greatly appreciated!