Is This a FP That I Found On Avast?

Discussion in 'other anti-virus software' started by sooflymami, Jul 24, 2010.

Thread Status:
Not open for further replies.
  1. sooflymami

    sooflymami Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    361
    It detected this file C:/hp/bin/Killlt.exe but I didn't know what to do, or what to click on and I didn't want to quarantine it since I didn't want anything bad to happen to my computer(I had bad experience when I quarantined a file before)..do you think that file is a FP? I do have a hp computer. What should i do? and also, I'm using the latest version or Avast and I don't see anywhere where it says to report avast as a FP or anything. But What should I do??
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    Same link I found last night Soofly. :D
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    That is a false positive. I also have an HP computer, don't have that file but
    I seen it detected before by Avast. You are absolutely right not moving it to
    the chest but you should submit it to the Virus lab. Go to "maintenance" and
    open the "virus chest". Do a right click on the Virus chest and select "add",to
    add a copy of the detected file, then submit it to the Virus lab.
    I know Avast is not going to change the detection because it considers Killit
    a potentially unwanted program so you should make a exclusion.

    Bo
     
  5. progress

    progress Guest

    There's a good chance that an AV kills your data nowadays - you don't need real malware :D

    "Great" trend :rolleyes:
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    If the computer is HP, it really is easy for that to be so. I remember that
    around February Avira( I was using Avira then) and others detected about
    8 files in the HP Recovery folder. They were FP and since it was on a Friday
    it took a couple of days to be fixed because Avira dont usually updates
    during the weekends.
    Users that deleted those files have today a useless Recovery function
    that will not work if its ever needed. I don't mind false positives but HP
    owners that have no idea that HP original files are often detected as PUP
    do have a problem when they delete the files and find out later that they
    have committed an error.
    Killit is a original HP file and in my opinion it should not be detected by Avast
    but the detection wont be changed because they consider it potentially
    dangerous.

    Bo
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    Should TC turn off PUP? It seems like that would help.
     
  8. sooflymami

    sooflymami Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    361
    Should I turn the pups off? Does anyone know if turning off the pups would be better?
     
    Last edited: Jul 30, 2010
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I don't do it and I don't think you should. Just be aware that some HP files
    are detected by Avast as PUP and don't worry about it. If you turn off PUP,
    then you wont get any protection against Rogues. As it is that protection
    is bad so if you turn it off, then no rogues would be detected at all.

    Bo
     
  10. i_g

    i_g Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    133
    That's nonsense, of course - why would you think so?
    Rogues are ordinary malware, PUPs something completely different (security testing / hacking tools, password breaking tools, FTP/IRC/Remote control clients... simply something that you may have on your computer on purpose - but if it appears there without your knowledge, it implies something bad may be happening - such as an undetected malware, or a malicious user, (ab)using these tools to compromise your computer). I kinda doubt anybody would really want to have a Rogue AV installed on the computer... so classifying it as a PUP is out of question.
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Look you might call it nonsense but I don't believe what's being considered
    a PUP by Avast is clear cut. I do remember when I used Avira that it was
    very clearly specified that you needed to turn on protection against PUP
    in order to be protected against rogues. So, you do what you want and I
    do the same, but here I am just trying to help sooflymami figure out that
    killit is a false positive. In my opinion files like Killit should not be detected
    as PUP because they are files that come from the factory but I understand
    the reason why they are detected so it does not bother me when they do
    get pointed as potentially dangerous.

    Bo
     
  12. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    bo elam,
    A PUP is well defined. It is clearly up to the user whether to leave it installed or not. (In this case, following advice, it should be clear to leave it.)
    The detection is there so a user may have the ability to detect a legitimate program installed without knowledge or consent (say, by a suspicious partner, a parent etc.)

    A rogue is a totally different beast, and clearly malicious, and detected by the normal shields as soon as the definitions are added for it.

    What Avira might have convinced you a PUP is, is not relevant in this context. I'm not even sure it's accurate. Take that as you will.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Tarq57, on Avira you need to select "Fraudulent software"in order to be
    protected against rogues, so my memory was bad. Please read this thread
    at Avast, as an example,so you know why I felt that the PUP needs to
    be selected in order to be protected against rogues.

    http://forum.avast.com/index.php?topic=60234.0

    Bo
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    If it's detected as PUP, then it's not a false positive. And it's quite clearly defined for avast!.

    PUP are programs that can be legit or they can be also used for bad stuff.
    Rogues are always detected as [Trj] or [Adw] or [Spy]. They are NEVER detected under [PUP]. Because they are only bad and nothing else.
     
  15. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Actually, bo elam, that thread gives the opposite indication.
     
Loading...
Thread Status:
Not open for further replies.