Avg Free is flagging this as a trojan. It is in the hp/bin folder as well as user directories.

Could this be a legit file? maybe part of HP's backweb which I know gets flagged sometimes

If ok - How can I exclude from future scans?

hello ajcstr,
i think it might be worth uploading the file in question to virustotal
i dont know how to exclude the file from future scans since ive never really used avg free but im sure someone can tell you how if its an fp
http://www.virustotal.com/
lodore

{QUOTE-> hello ajcstr,
i think it might be worth uploading the file in question to virustotal
i dont know how to exclude the file from future scans since ive never really used avg free but im sure someone can tell you how if its an fp
http://www.virustotal.com/
lodore <-QUOTE}

Tried this and I just get the screen back with no result - same thing with kaspersky file scanner. Just comes back with the same screen like I entered nothing

Did you try uploading it to Jotti? http://virusscan.jotti.org/

Hello ajcstr

Rightclick on autoplay and choose properties,version. Take a look at the description. Sometimes you will find the vendor's name. What I read here excluding a file or folder is only possible in the paid version: http://forum.grisoft.cz/freeforum/read.php?8,104786,backpage=6,sv=

Niels

{QUOTE-> Tried this and I just get the screen back with no result - same thing with kaspersky file scanner. Just comes back with the same screen like I entered nothing <-QUOTE}
Hello,
what browser did you use?
sometimes it doesnt work here in opera or firefox but it works fien in internet explorer.
lodore

yes -I used IE 6

{QUOTE-> Hello ajcstr

Rightclick on autoplay and choose properties,version. Take a look at the description. Sometimes you will find the vendor's name. What I read here excluding a file or folder is only possible in the paid version: http://forum.grisoft.cz/freeforum/read.php?8,104786,backpage=6,sv=

Niels <-QUOTE}

Well then can it be set not to automatically delete the files it thinks are infected?

Hello ajcstr

I don't use AVG but what I read here in the manual : http://download.grisoft.cz/filedir/doc/AVG_Anti-Virus_Free/User_manual/avg_aff_uma_en_75_8.pdf
If AVG can't heal then you should get options what AVG must do with it.

Niels

There are several files in the c:\hp\bin folder that are flagged as malware, but in fact they are FP's.

Funny thing about this one is, I can't copy it to another location which is disturbing.

I can't send it to any of the online checkers (I guess cause I can't copy it?)

It is in the C:hp\bin\ folder as AUTOPLAY.exe but also in 2 startup folders - one in a user account and another in "default user" startup folder, both as AutoPlay.exe

I have run cureit, super antispyware and active scan and none of these programs flag it.

So I'm really not sure what to do with it. Avg keeps putting it in quaranteen and I keep restoring it.

If it is running you will not have access to it, so shut it down in Task Manager then try.

You could also remove the icon from the startup folders and reboot, that would stop it also (if it wasn't malware).

I don't have this prog in my HP bin folder, but Googling shows that plenty of others do - so it's probably legit (though it could be a Riskware finding - Killwind.exe and Terminator.exe, both in HP/bin, are often flagged as riskware).

{QUOTE-> If it is running you will not have access to it, so shut it down in Task Manager then try.

<-QUOTE}

I don't see it in task manager and it does not show up on HJT as a running process (which again does not make sense). Maybe I will try to copy in safe mode.

{QUOTE->
I don't have this prog in my HP bin folder, but Googling shows that plenty of others do - so it's probably legit (though it could be a Riskware finding - Killwind.exe and Terminator.exe, both in HP/bin, are often flagged as riskware). <-QUOTE}

Yes - Panda does not like these, but AVG does not flag them:

C:\hp\bin\KillIt.exe
C:\hp\bin\KillWind.exe
C:\hp\bin\Terminator.exe

{QUOTE-> I don't see it in task manager and it does not show up on HJT as a running process (which again does not make sense). <-QUOTE}
If it has an auto-start entry it will be running at boot-up, but if it shuts down again (having performed its task) it will vanish from TM. That doesn't explain why it is not accessible after it stops running though - try removing the autostart and reboot into safe and see what happens.

{QUOTE-> If it has an auto-start entry it will be running at boot-up, but if it shuts down again (having performed its task) it will vanish from TM. That doesn't explain why it is not accessible after it stops running though - try removing the autostart and reboot into safe and see what happens. <-QUOTE}

I was able to boot into safe mode and copy the exe file to a USB drive, but still can't "upload" it. I browse to the location of the file, hit sumbit and it does nothing.

{QUOTE-> I was able to boot into safe mode and copy the exe file to a USB drive, but still can't "upload" it. I browse to the location of the file, hit sumbit and it does nothing. <-QUOTE}

http://www.virustotal.com/metodos.html

OK - I sent it - will update when I get a response

Based on this I would say its a FP

Complete scanning result of "AutoPlay.exe", processed in VirusTotal at
08/03/2007 16:05:36 (CET).

[ file data ]
* name: AutoPlay.exe
* size: 36864
* md5.: b47dd684b79b4d8887bfe75abae1037a
* sha1: 07be38f83df83d257adb0a4d91225f968cfe31ee

[ scan result ]
AhnLab-V3 2007.8.3.0/20070803 found nothing
AntiVir 7.4.0.57/20070803 found nothing
Authentium 4.93.8/20070802 found nothing
Avast 4.7.1029.0/20070802 found nothing
AVG 7.5.0.476/20070802 found [Generic4.BO]
BitDefender 7.2/20070803 found nothing
CAT-QuickHeal 9.00/20070803 found nothing
ClamAV 0.91/20070803 found nothing
DrWeb 4.33/20070803 found nothing
eSafe 7.0.15.0/20070731 found nothing
eTrust-Vet 31.1.5029/20070803 found nothing
Ewido 4.0/20070803 found nothing
F-Prot 4.3.2.48/20070802 found nothing
F-Secure 6.70.13030.0/20070803 found nothing
FileAdvisor 1/20070803 found nothing
Fortinet 2.91.0.0/20070803 found nothing
Ikarus T3.1.1.8/20070803 found nothing
Kaspersky 4.0.2.24/20070803 found nothing
McAfee 5089/20070802 found nothing
Microsoft 1.2704/20070803 found nothing
NOD32v2 2436/20070803 found nothing
Norman 5.80.02/20070803 found nothing
Panda 9.0.0.4/20070803 found nothing
Prevx1 V2/20070803 found nothing
Rising 19.34.40.00/20070803 found nothing
Sophos 4.19.0/20070801 found nothing
Sunbelt 2.2.907.0/20070803 found nothing
Symantec 10/20070803 found nothing
TheHacker 6.1.7.161/20070803 found nothing
VBA32 3.12.2.2/20070801 found nothing
VirusBuster 4.3.26:9/20070803 found nothing
Webwasher-Gateway 6.0.1/20070803 found nothing