Author Topic: UPHClean.exe detected as Malware  (Read 7342 times)

0 Members and 1 Guest are viewing this topic.

Offline Davy

  • Full Member
  • ***
  • Posts: 139
UPHClean.exe detected as Malware
« on: September 15, 2011, 02:13:33 PM »
Hi, I use Avast pro with XP pro.
I booted the computer the 2nd time today and Avast detected UPHClean.exe as Win32 Malware-gen  and sent it to virus chest.

I use UPHClean to clean the shut-down errors in event log, not that I need to but it never detected it as a 'naughty' before. So I submitted the file by clicking the button etc.

I wonder has anyone come across this and how long does it take for the results approximately.
Thanks.

Dave

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029
Re: UPHClean.exe detected as Malware
« Reply #1 on: September 15, 2011, 02:17:20 PM »
upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the URL in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan  http://www.metascan-online.com/

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85088
  • No support PMs thanks
Re: UPHClean.exe detected as Malware
« Reply #3 on: September 15, 2011, 02:21:30 PM »
I have been using this for more years than I care to remember, I reported this as a false positive. Only avast (and GData, uses avast as one of its two scanners) detect it, http://www.virustotal.com/file-scan/report.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1316088422.

- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists (see Note below):
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

Note: When using the Browse button it only goes down to folder level accept that. Now open the entry in the exclusions and change the \* to \file_name.exe where file_name.exe is the file you want to exclude.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Davy

  • Full Member
  • ***
  • Posts: 139
Re: UPHClean.exe detected as Malware
« Reply #4 on: September 15, 2011, 02:46:30 PM »
Hello Pondus.
Took awhile figure out, Avast kept sending it to vault but I did it some how.

https://www.virustotal.com/file-scan/reanalysis.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1316089168

Sorry having trouble with inserting link, thanks.

Offline Davy

  • Full Member
  • ***
  • Posts: 139
Re: UPHClean.exe detected as Malware
« Reply #5 on: September 15, 2011, 02:49:27 PM »
So it's a falsie, I can let it go back.

Thank you all, Dave

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: UPHClean.exe detected as Malware
« Reply #6 on: September 15, 2011, 10:01:42 PM »
Just started getting this FP today:

Object:  C:\Program Files\UPHClean\uphclean.exe
Infection:  Win32:Malware-gen
Process:  C:\WINDOWS\system32\services.exe

UPHClean (User Profile Hive Cleanup Utility by Microsoft is NOT malware.  Please correct this.       -kd5-
Getting old ain't for sissys.

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Re: UPHClean.exe detected as Malware
« Reply #7 on: September 15, 2011, 10:04:42 PM »
Avast is not detecting here.

Win XP SP3
Avast latest & Windows FW
No other realtime security

Thanxx
Naren

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: UPHClean.exe detected as Malware
« Reply #8 on: September 15, 2011, 10:28:13 PM »
Well, my wife & I both have XP SP3 w/ all updates, with the User Profile Cleanup Utility installed, and Avast (latest version, on both computers, latest updates) reports UPHClean as malware.  It's not malware, it's a genuine bonafide Microsoft application.       -kd5-
Getting old ain't for sissys.

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: UPHClean.exe detected as Malware
« Reply #9 on: September 15, 2011, 10:41:24 PM »
Thanks to Avast I now have to reinstall UPHClean on a customer's computer.  I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up).  Please fix this.       -kd5-
Getting old ain't for sissys.

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: UPHClean.exe detected as Malware
« Reply #10 on: September 15, 2011, 10:43:42 PM »
Avast is not detecting here.

Win XP SP3
Avast latest & Windows FW
No other realtime security

Thanxx
Naren

It's not natively part of the Windows XP operating system.  You have to physically install it on your computer, and now thanks to Avast anyone who had it on their computer now has to reinstall it, unless they're unaware of what just happened.       -kd5-
« Last Edit: September 15, 2011, 10:45:29 PM by kd5 »
Getting old ain't for sissys.

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Re: UPHClean.exe detected as Malware
« Reply #11 on: September 15, 2011, 10:46:11 PM »
I downloaded & installed it & also went into the programs folder UPHC.exe but its not detecting here.

Avast Database - 110915-0
UPHC version - 1.6.36.0

Thanxx
Naren

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85088
  • No support PMs thanks
Re: UPHClean.exe detected as Malware
« Reply #12 on: September 15, 2011, 11:03:56 PM »
Thanks to Avast I now have to reinstall UPHClean on a customer's computer.  I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up).  Please fix this.       -kd5-

Why would you have to reinstall it, if it is in the chest (default action), when it is no longer detected restore it. Or exclude it from the file system shield scan as I mentioned above and then restore it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85088
  • No support PMs thanks
Re: UPHClean.exe detected as Malware
« Reply #13 on: September 15, 2011, 11:06:45 PM »
I downloaded & installed it & also went into the programs folder UPHC.exe but its not detecting here.

Avast Database - 110915-0
UPHC version - 1.6.36.0


I have had mine for many years and that version is 1.6.30.0, which since it was discontinued years ago, I would have though it was the last version.

So where did you download yours ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline kd5

  • Jr. Member
  • **
  • Posts: 95
  • Computer Geek
Re: UPHClean.exe detected as Malware
« Reply #14 on: September 15, 2011, 11:22:36 PM »
Thanks to Avast I now have to reinstall UPHClean on a customer's computer.  I wonder how many other XP computers that have the User Profile Hive Cleanup Utility installed have just had Avast quarantine or delete it (depending on how they have Avast set up).  Please fix this.       -kd5-

Why would you have to reinstall it, if it is in the chest (default action), when it is no longer detected restore it. Or exclude it from the file system shield scan as I mentioned above and then restore it.

Doesn't matter if it's quarantined or deleted, what matters is that Avast is detecting (and quarantining/deleting) it while naming it malware when it's not.  That's what needs to be fixed before it quarantines or deletes it from every XP computer that has UPHClean installed.       

That's what really matters.      -kd5-
Getting old ain't for sissys.