False Positive PUP After Latest Update?

[whitedavidp]

I have been using Avast free on my system for many months now. It seems like after the most recent update, it is now reporting PUP on one file that has been on my system for some time, hstart.exe, and on a couple files in the system restore area that are also .exe but of which I know nothing (I presume they are part of windows).

I note that if I right click on the hstart.exe file or if I scan only the folder containing this file, Avast reports nothing untoward. It only happens during full system scans. Perhaps this is as expected, I don't know.

But I wonder if something changed regarding PUP in the last update that may be causing this.

Thanks

[DavidR]

What is the location of the file ?
Did you install this ?

Signatures are added to and updated all of the time and that too would include what might be classified as a PUP (Potentially Unwanted Program). If this is Hidden Start (as suspected) then it is a tool which could be used for good or evil and an AV can't determine intent. To me if this is correct and you are looking for PUPs this detection is correct.

Hstart.exe with description Hidden Start is a process file from company NTWind Software belonging to product hstart.

Since avast doesn't scan for PUPs by default you must have changed your settings, if so you need to have a reasonable idea of what is installed on your system and what it does, as some tools will certainly be considered a PUP.

[whitedavidp]

What is the location of the file ?
Did you install this ?

Signatures are added to and updated all of the time and that too would include what might be classified as a PUP (Potentially Unwanted Program). If this is Hidden Start (as suspected) then it is a tool which could be used for good or evil and an AV can't determine intent. To me if this is correct and you are looking for PUPs this detection is correct.

Hstart.exe with description Hidden Start is a process file from company NTWind Software belonging to product hstart.

Since avast doesn't scan for PUPs by default you must have changed your settings, if so you need to have a reasonable idea of what is installed on your system and what it does, as some tools will certainly be considered a PUP.

Hello and thanks for the response. Here is what Avast is reporting (from the email alerts - which I love):

avast! [NEWDUDE]: File "C:\Tools\hstart.exe" is infected by "Win32:PUP-gen [PUP]" virus.
"Full system scan" task used
Version of current VPS file is 111008-1, 10/08/2011

and

avast! [NEWDUDE]: File "C:\System Volume Information\_restore{8D9218EC-61DE-4929-8F27-29D51398044F}\RP523\A0076472.exe" is infected by "Win32:PUP-gen [PUP]" virus.
"Full system scan" task used
Version of current VPS file is 111008-1, 10/08/2011

and finally

avast! [NEWDUDE]: File "C:\System Volume Information\_restore{8D9218EC-61DE-4929-8F27-29D51398044F}\RP522\A0076353.exe" is infected by "Win32:PUP-gen [PUP]" virus.
"Full system scan" task used
Version of current VPS file is 111008-1, 10/08/2011

I installed hstart.exe at some point (cannot remember why now). But the two from the System Restore stuff is unknown to me and I assume is from Windows itself - obviously not sure of that.

As to why this is suddenly showing up now when it hasn't all the months before is a mystery to me. I know I have had PUP scanning on from the start. So I am quite sure that I did not change anything. Perhaps the latest update did something in terms of changing an option. Or perhaps the update implemented new checks for what is a PUP? Conjecture on my part, of course.

Anyhow, I know what PUP warning represent. I wonder if there is a way to tell Avast to ignore these files in the future for PUP only? I would not want to ignore them for viruses as that is something else entirely. Cheers!

[DavidR]

I would say that the ones in the C:\System Volume Information\ folder are likely to be copies of the C:\Tools\hstart.exe file (moving to chest, etc. could trigger system restore to make a copy). That can be checked by comparison of the file size or MD5 if you have access to an MD5 hash tool.

Given the location C:\Tools that you installed it or copied the file there ?
In which case it isn't unwanted, but that is a decision only the user can make.

As I said before:

Signatures are added to and updated all of the time and that too would include what might be classified as a PUP (Potentially Unwanted Program).

So it isn't unheard of or unusual for a file/tool now to be detected.

You have two choices uncheck the option to scan for PUPs (as per the default setting which was changed) or exclude the file from scans. From the avastUI, Settings, Exclusions and add (copy and paste) C:\Tools\hstart.exe to the exclusions. This is only for on-demand scans and should be adequate for your needs.