Avast Found a Threat Please Help

The 1st one is a False positive, I've had that for a year or so. But the 2nd one under D:\ is new infection. Is this a False positive or what should I do? I just clicked "close" button since I don't want to put it inside the chest since I don't know if it's a FP or not. After clicking "close" button, this message popped up on my screen saying " to finish clean up process we recommend running boot time scan i.e. restarting the computer and letting avast scan all your data before windows starts. You want to schedule boot time scan and do it now?" But I just clicked no button because I was gonna do it later on. here's the link of the screen shot. Also, when avast was scanning, I was away from my computer and I think it was doing it under sleep mode or hibernation mode, not really sure which..the screen was black and the tower button was blinking. Do you think I should be ok about that part?

http://img.photobucket.com/albums/v210/nami05/infectionavast.jpg

 

The first one is just a PUP. It's detecting some HP (Hewlett-Packard) component. If you're using a HP computer i't perfectly fine.

However for the second one i'd have to see what it is. Bud judging by the name alone it's again a part of some HP component which might be a false positive. I suggest you report the false positive via Virus Chest for this one. The PUP detected component, that one is a correct detection so you have to either disable PUP detection or place it on exclusion list...

 

It may not be a false positive.You can upload the files to virus total to see what other scanner have to say.

 

Generally speaking you can upload samples to virustotal.com to see detections, or something like the Anubis sandbox analyser to see how they behave:
www.virustotal.com
http://anubis.iseclab.org/

I'm on my netbook, so can't quite make out the extension in that screenshot.

If in doubt, run a Malwarebytes scan, check your autoruns, etc.

 

How do I use virustotal and put that file on there? I don't know how to use virus total.

 

It's easier than posting a screenshot.

Go to www.virustotal.com, press Browse, find the file in explorer, then upload.

If the file is in quarantine/virus chest, you would have to release it from this state first or you won't find it.

 

Also, I have an iPhone and I'm worried if I have a virus in my iPhone and when I synced it to my computer on iTunes, it gave my computer a virus. Can iPhones give virus to computer? What should I do? I'm worried maybe that's what it happened.

 

The PUP detection is a correct detection judging just by looking at the name of file and the detection. Besides, i've seen it before.
The second one, again belongs to HP and considering the first detection is correct with very high probability i'd say the second one is a false positive. I don't know of any file infector that would infect .inp extension...

 

So they are both FPs? Also if the second one is on the D drive what would be the best way to find it if it is on the D drive for virus total? Would that be the recovery partition? Do you think that could be infected? Also would it be the same as if your going through your C drive I suppose. If I am not right please correct. Also she is quite worried about putting them in the chest because a FP she had once messed up the computers booting ability and she does not want to put it in the chest for now in case that happens again. Would it be ok since they might be FPs to put them in the chest, not restart and then submit them as FPs if VT does not detect anything? If its in the chest and we do not restart for the FP submitting it should be ok right and not affect anything even though its a part of HP? Update its NOT the Iphone since its still there when she unplugs it. So is it the CD drive than? But she has nothing in the CD drive so what the heck is it? Do you think it came from the Iphone or not? She is worried that she got it from using the Safari app on her phone.

 

Run Norton Power Eraser. It will check the reputation of the file and figure out if it is somehow capable of being loaded by the operating system.

 

Roger that.

 

Scan your computer or the suspicious files with Dr. web cure it . This is a standalone application and free for personal use.

 

I can't find the file. How can I find it and upload it on Virustotal?

 

I'll say it again. The first one is most probably (with a high probability if he's using a HP computer) NOT a false positive. PUP is a Potentially Unwanted Programs setting which is disabled by default due to it's grey area of operation. PUP's can be considered safe if they are doing for what they were originally intended, but they can also be harmful if they are used in combination with other software to make things that were not its primary operation.

The detection is called:
PUP:KillApp-W [PUP]

Actual apllication is called:
KillIt.exe

Is it just me who sees a similarity here and considering there is one, the detection is perfectly justifiable and for what it was meant. A PUP detection.
Those who don't understand the meaning and usage of PUP's, i recommend that you disable this feature in avast! (it's disabled by default just because of this very reason).

The second one is just a false positive. It happens sometimes.

 

I'm confused. Is it still a False Positive? Because I found this:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Qhost.AY

it's saying it's a dangerous there.

 

False Positive.
Your D: Partition is the restore partition for HP.

 

So when she puts these FPs in the chest for sending to Avast as an FP will she be ok while they are in there? They are part of the recovery partiton so will it do any harm while they are in the quarantine? We are going to submit them as FPs to get fixed but since they are a part of HP's computer will it do any harm having them there while we fill in the reports and then re release them?

 

Soofly wants me to get an FP on Avast as well so I can put it in the chest and tell her how to submit it. I will NOT submit mine. Is there any way I can make a file/folder that Avast will detect?

 

If she puts the second one in the chest, you will not have a problem until you decide to do a factory state restore. Then, it will fail unless you restore the file from quarantine first. As to your second post, you will first have to unhide protected system files before you will see it on the D: partition. Then scan it with avast or virus total

 

My friend is trying to help and he cannot find the recovery partition for Windows 7. Where can he go to in order to find recovery partition in his Windows 7 computer?

 

Depends on what brand of computer. Dell is ctl +f11, toshiba F8 repeatadly, asus is F9. Find out what he has and check on-line.

 

i turned the pups off and it seems like it didnt detect the FPS once i did that..should i just keep it that way?

 

RejZoR said "Those who don't understand the meaning and usage of PUP's, i recommend that you disable this feature in avast! (it's disabled by default just because of this very reason)". So the answer is yes.

 

Ok. Thank you.