Avast Notification

[standeb]

Hello All,

I have noticed that for about two weeks now I receive a message dialogue from avast 6 free that:-

"using herustic scan Avast has found suspicius files in your system". The file is uphupclean.I am asked to send the file but there is no way to send the same. I have read a post with a similar problem only that the file requested to be sent was different but one one answered how to send the file.
The Uphupclean is a windows hives cleanup file which assists windows by closing down open files when windows is shutting down.

I would appreciate guidance on how I should sent this file to avast and advise me with respect to what causes Avast to recognise that file as a threat.
I run Windows XP SP 3
Thanking you ,

standeb

[SafeSurf]

Please take a look at this thread which is already following this issue: http://forum.avast.com/index.php?topic=78179.0 especially Post #12.

[standeb]

Hello SafeSurf,

Thank you for your reply and the link. I have followed that link and others I saw in some of the threads but they all seem to be inconclusive. Just does not properly answer the questions.

I did some poking and noted that the Uphupclean program should be downloaded and kept in a separate folder, (Lets say the desktop, I have it elsewhere) where it can always be located and run. It seems to me in this particular case the same should be opened and when opened one should click the repair button and run the same after it is run you will see a note saying that the same has been successfully installed and run, click close to exit.

I did the procedure and booted up several times since yesterday and I have not seen the avast notification since. However non including me in any of the threads could actually say where to find the location or file path of the suspicious file so that it could be found and sent to Avast. And if the same is located it may not show as a suspicious file at all. All that is required is to open the program, click repair, then click finish. The procedure seems to me to have worked.

Hope this helps.

standeb

[DavidR]

That is the whole point of why the anti-rootkit scan alerted on a 'suspicious' hidden process, e.g. when you go looking for it in explorer, even with show hidden files and folders you can't find it in the reported location. Had you been able to find it and actually sending the file for analysis wouldn't really have helped as it wasn't the physical file, but the circumstances of it being hidden in this way that caused the alert.

Why UHPclean needs to operate in this way is beyond me, but obviously it has done so for many years. Along comes an update in the anti-rootkit scan (or change to its sensitivity) and it is flagging what was in the past left unmolested.

The detection was corrected yesterday so it shouldn't be being detected now as you found.

[standeb]

Hello DavidR,

Many thanks for your reply, I have noted the contents thereof. Quite interesting I would say. Permit me to inquire as to the path the suspicious file was located at and the solution to rectifying the same? I would like to be educated in that premise so that if it re-occures I'd know what to do.

Thanking you for your kind consideration.

standeb.

[DavidR]

The path to the suspect file is reported in the actual alert, but as has been said it is hidden from the usual windows explorer interface and just one reason why it is/was considered suspicious.

As an avast user I can only offer what is my best guess:
Most of the rectification action will be from the CommunityIQ feature in avast, reporting information about detections/suspicions being passed back to avast. Over a short time this should show a pattern, which should be investigated.

It is possible to report it by email to virus (at) avast (dot) com as a possible False Positive in the subject and details in the email body based on the file name, its location and what detected it (anti-rootkit), e.g. all the information from the alert.