Latest update flags uphcleanhlp.sys as suspect

[kd5]

The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5-  

[Alan Baxter]

Same thing happened to me this morning.  It's a false positive.  I'm glad Avast asked me what to do with it.

[Asyn]

Report the FP here: http://www.avast.com/contact-form.php?loadStyles

[kd5]

I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.  So, I'm submitting it here.       -kd5-

[Asyn]

I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.  So, I'm submitting it here.       -kd5-

You still can report this thread there.
Here's the link: http://forum.avast.com/index.php?topic=78124.0

[Alan Baxter]

I tried to but it won't let me submit the false positive without selecting a file, and that file is not visible even with Show Hidden Files selected and Hide Protected OS Files unchecked.

That's weird.  I can't see it either.  I'm sure I told Avast to Ignore it and send it to Avast for analysis, but the file appears to be gone.

[kd5]

I just selected Technical Issues and pasted a link to this thread.       -kd5-

[Asyn]

I just selected Technical Issues and pasted a link to this thread.       -kd5-

Good.
Thanks for reporting,
asyn

[DavidR]

The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5- 

This topic was also created within seconds of yours, same issue. I have responded in that.

http://forum.avast.com/index.php?topic=78125.0

However, the path is different as it relates to the anti-rootkit scan \??\C:\Windows\System32\Drivers\uphcleanhlp.sys

[streamck]

Please upload this file:

Code: [Select]

C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

[Nesivos]

The latest update flags uphcleanhlp.sys as suspect.  Uphcleanhlp.sys is part of Microsoft's User Profile Hive Cleanup Utility and is a legitimate application/Service.

Path:  C:\Windows\System32\Drivers\uphcleanhlp.sys       -kd5-  

Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.

[DavidR]

Please upload this file:

Code: [Select]

C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete and investigate.

Hopefully you have learnt a valuable lesson that hopefully shouldn't be too hard to rectify.

You will have to download the UHPclean setup/installation/msi file again, then uninstall UHPclean and install it again, MS UHPclean download location.

[DavidR]

<snip>
Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.

Not correct, I don't have win2k, nor do I have an AMD processor. It is also for XP and isn't restricted to an CPU, see http://forum.avast.com/index.php?topic=78125.0.

[kd5]

Also my understanding is that this is a Windows 2000 DDK driver that was/is found on computers running an AMD processor and Windows 2000.

No, it's not.




That warning came up again this morning, after the morning upate, so I'm assuming this FP has not been addressed yet.       -kd5-

[John22]

Please upload this file:

Code: [Select]

C:\Windows\System32\Drivers\uphcleanhlp.sys
I delete this file, help me!

No file with this name exists. The error is from the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP\0000]
"Service"="uphcleanhlp"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="uphcleanhlp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPHCLEANHLP\0000\Control]
"ActiveService"="uphcleanhlp"

I have had the same error:
http://www.picfront.de/d/8cnR