Author Topic: Latest update flags uphcleanhlp.sys as suspect  (Read 17578 times)

0 Members and 1 Guest are viewing this topic.

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Latest update flags uphcleanhlp.sys as suspect
« on: May 14, 2011, 01:56:50 PM »
The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5-  
« Last Edit: May 14, 2011, 01:59:05 PM by kd5 »
Getting old ain't for sissys.

Offline Alan Baxter

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 412
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #1 on: May 14, 2011, 03:36:31 PM »
Same thing happened to me this morning.  It's a false positive.  I'm glad Avast asked me what to do with it.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #2 on: May 14, 2011, 03:52:26 PM »
Win 8.1 [x64] - Avast PremSec 21.10.6772.IBC [UI.679] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.3 - SecureLine 5.14 - Driver Updater 21.3 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #3 on: May 14, 2011, 04:25:07 PM »
I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.  So, I'm submitting it here.       -kd5-
Getting old ain't for sissys.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #4 on: May 14, 2011, 04:29:21 PM »
I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.  So, I'm submitting it here.       -kd5-

You still can report this thread there. ;)
Here's the link: http://forum.avast.com/index.php?topic=78124.0
Win 8.1 [x64] - Avast PremSec 21.10.6772.IBC [UI.679] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.3 - SecureLine 5.14 - Driver Updater 21.3 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Alan Baxter

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 412
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #5 on: May 14, 2011, 04:35:02 PM »
I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.

That's weird.  I can't see it either.  I'm sure I told Avast to Ignore it and send it to Avast for analysis, but the file appears to be gone.

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #6 on: May 14, 2011, 04:52:04 PM »
I just selected Technical Issues and pasted a link to this thread.       -kd5-
Getting old ain't for sissys.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72843
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #7 on: May 14, 2011, 04:55:24 PM »
I just selected Technical Issues and pasted a link to this thread.       -kd5-

Good. :)
Thanks for reporting,
asyn
Win 8.1 [x64] - Avast PremSec 21.10.6772.IBC [UI.679] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.3 - SecureLine 5.14 - Driver Updater 21.3 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85956
  • No support PMs thanks
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #8 on: May 14, 2011, 05:18:02 PM »
The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5- 

This topic was also created within seconds of yours, same issue. I have responded in that.

http://forum.avast.com/index.php?topic=78125.0

However, the path is different as it relates to the anti-rootkit scan \??\C:\Windows\System32\Drivers\uphcleanhlp.sys
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline streamck

  • Newbie
  • *
  • Posts: 1
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #9 on: May 14, 2011, 10:40:14 PM »
Please upload this file:
Code: [Select]
C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #10 on: May 14, 2011, 10:53:45 PM »
The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5-  

Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.



OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85956
  • No support PMs thanks
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #11 on: May 14, 2011, 10:55:04 PM »
Please upload this file:
Code: [Select]
C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete and investigate.

Hopefully you have learnt a valuable lesson that hopefully shouldn't be too hard to rectify.

You will have to download the UHPclean setup/installation/msi file again, then uninstall UHPclean and install it again, MS UHPclean download location.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85956
  • No support PMs thanks
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #12 on: May 14, 2011, 10:58:09 PM »
<snip>
Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.

Not correct, I don't have win2k, nor do I have an AMD processor. It is also for XP and isn't restricted to an CPU, see http://forum.avast.com/index.php?topic=78125.0.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #13 on: May 15, 2011, 01:25:02 PM »
Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.

No, it's not.




That warning came up again this morning, after the morning upate, so I'm assuming this FP has not been addressed yet.       -kd5-
Getting old ain't for sissys.

Offline John22

  • Jr. Member
  • **
  • Posts: 25
Re: Latest update flags uphcleanhlp.sys as suspect
« Reply #14 on: May 15, 2011, 03:23:48 PM »
Please upload this file:
Code: [Select]
C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

No file with this name exists. The error is from the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP\0000]
"Service"="uphcleanhlp"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="uphcleanhlp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP\0000\Control]
"ActiveService"="uphcleanhlp"

I have had the same error:
http://www.picfront.de/d/8cnR