win 32:PUP

[oupulino]

Hi guys can someone help me with this problem.I got this win 32:PUP and win 32: KillApp on my scans I have no idea how to fix.
The computers are too complicated for me and if GURU specialist is willing to connect with my PC  by remote assistance to fix the problem you are more than welcome

[adotd]

Hi oupulino

Welcome to avast!WEBforum

can you visit the following webiste please and do as much as you can and post the logs

http://forum.avast.com/index.php?topic=53253.0

This helps out malware expert.

Regards

Anthony

[Pondus]

what is there to fix.....what is the problem with these detections ?

[!Donovan]

It looks like you have PUP enabled. PUP is a Potentially Unwanted Program that you may or may not want. Did you download the file yourself? If not, then another process could be using this PUP for malicious purposes. Are you able to take a screenshot of the viruses it finds?

[DavidR]

Welcome to avast!WEBforum

can you visit the following webiste please and do as much as you can and post the logs
<snip>

Until we identify if there is a problem please don't send people to that topic as it is not yet established there is a malware problem and even then if it is one that will need specialist assistance.

The win32:KillApp [PUP] sounds like it is an HP process, so that is what we are trying to establish.

[DavidR]

Hi guys can someone help me with this problem.I got this win 32:PUP and win 32: KillApp on my scans I have no idea how to fix.
<snip>

What is the file name and location of the alert ?

What action did you take ?

[oupulino]

 C:\WINDOWS\Temp\unp33555451.tmp
 C:\WINDOWS\Temp\unp1412841.tmp
 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\cache\6.0\13\5bd89d0d-35d4c681\smbkhrnvpetuqumq\jjvefskfgsqheydmybmfw.class
 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0242038.exe
 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0242037.exe

[DavidR]

The win32:KillApp [PUP] detection you mentioned doesn't appear to be present in the list, whilst you don't give the malware names in the list, we are very familiar with the win32:KillApp [PUP] detections and the greatest majority they are on HP systems in the c:\HP\Bin\ folder.

Do you have an HP system ?

On the list of detections, what action did you take at the time of the detections ?

Re the first two detections, C:\WINDOWS\Temp\unp*.tmp:
I believe that should be in the C:\WINDOWS\Temp\_avast_ folder as the _avast_ fo;der is where avast sends/unpacks files that it is going to scan ?

The unp999999.tmp file format is what avast names its temporary files which it is about to scan in that location.

The last to detections in the C:\System Volume Information folder, I suspect may be related to the first two detections, if you deleted them then the system restore may have made copies (restore points) in the C:\System Volume Information folder.

All four of those can safely be deleted.

The third detection in your list, is in your JAVA cache and is generally an indication of a java exploit associated with an out of date JAVA version which is Vulnerable to attack. Your version 6.0.13 is way out of date and you need to update JAVA. That too is safe to delete.

- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

[oupulino]

They are in Virus chest at the moment.,so I just can deleted from Virus chest.
When I did boot time scan I set to deleted.
Maybe that why is not show win32:KillApp any more.
Yes I do have HP system about 6 years old.
Thank you for replay and good advice I will post the progress I start like this Avast product Norton Antivirus 2012 is going to the garbage

[oupulino]

I visit this side  http://secunia.com/software_inspector/. but Microsoft warning is not recommended because is not compatible.What I should do ?

[DavidR]

Yes you can delete those from within the virus chest.

I don't know why Internet Explorer is mentioning compatibility, I haven't heard of this in the forums when we send people there. I have no problem if I visit with firefox.

I have just visited it using IE8 on my XP Pro system and I get the usual the website wants to use flash player (which I allow) and I get a pop-up reporting the JAVA digital signature for secunia has been verified (it uses a JAVA applet to do the check), see image, is that what you mean ?

[oupulino]

Which Java I have to download ?

[DavidR]

The JRE (run time environment) version the latest I believe is 7 update 3.

This may save you a bit of hassle http://www.oracle.com/technetwork/java/javase/downloads/jre-7u3-download-1501631.html. So depending on what your Operating Systems is 32bit or 64bit (see image). You probably have windows XP (which is 32bit, with very rare exceptions), or possibly Vista; so it would be best to download the Windows x86 (32bit) Offline version. That allows you to download it and run it from your system rather that try to install it online.

[oupulino]

Thank you for help it work .Now I like to instal this patches to close vulnerabilities, http://secunia.com/software_inspector/. but no luck it freezes up telling me that will uninstall previous version to do that asking to pres Next and nothing happen freeze up.
Is there any other software that will fix patches to close vulnerabilities ?

[Pondus]

What patch do you have problems with ?