We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
luhe lockscreen a
Comments
-
ESET finished scan - detected 2 off Win32/Hiddenstart .A applications - no removal - so am relying on Malwarebytes to do a proper job !!0
-
I wouldn't be worried about the hiddenstart detections. It's probably a legitimate program.
Once again, it's important exactly what was detected (Path/File).
Eset produces a log.
C:\Program Files\ESET\Eset Online Scanner\log.txt
Or
C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
Post the details here.0 -
Nothing detected in either Malwarebytes or ESET
I guess that it was a false positive ?0 -
HiddenStart (hstart.exe) can be used both legitimately and maliciously, which is why ESET may report it. Dell is one that springs to mind that has a legitimate use for it in their DataSafe Local Backup software - using it to hide command windows from being seen on-screen.
http://www.ntwind.com/software/hstart.html0 -
Just run ESET again
It HAS picked up 2 infections as below
[EMAIL="ESETSmartInstaller@High"]ESETSmartInstaller@High[/EMAIL] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=795c9d73b9924440a3f5384ad145afbf
# engine=14319
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-08 03:50:54
# local_time=2013-07-08 04:50:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=2057
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 5416 60429038 0 0
# compatibility_mode=5893 16776574 100 94 18408891 125763704 0 0
# scanned=29043
# found=2
# cleaned=0
# scan_time=4253
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
sh=728B0331B572EE396616BD8DBEF068396AFCBC00 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"0 -
Do you have Family tree maker from ancestry.com installed?0
-
That accounts for the ESET detections.
https://www.virustotal.com/en/file/c63ae72b23e706232554a59377b3b98b4581d19953b3fde1f270f47c66a5fdfb/analysis/
Notice Avast tags it a Potentially Unwanted Program - Win32:HiddenStart [PUP] and ClamAV (look under additonal information), a PUA.
http://www.clamav.net/index.php?s=pua&lang=enPossibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat.The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context.
As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is authorized to do so. However, the same tool can be used to steal passwords from a system.
As it's part of the previously mentioned software (Family Tree Maker), you can rest assured it's not being used maliciously.0 -
That accounts for the ESET detections.
https://www.virustotal.com/en/file/c63ae72b23e706232554a59377b3b98b4581d19953b3fde1f270f47c66a5fdfb/analysis/
Notice Avast tags it a Potentially Unwanted Program - Win32:HiddenStart [PUP] and ClamAV (look under additonal information), a PUA.
http://www.clamav.net/index.php?s=pua&lang=en
As it's part of the previously mentioned software (Family Tree Maker), you can rest assured it's not being used maliciously.
Thanks - but (for future reference) - how did you know that it was family tree maker that caused the false positive ?
I have opened both links above and don't see any reference to my program....0 -
Possibly by googling
setup.res hstart.exe
The first link that comes up for me is an avast thread that mentions Ancestry 2012 in the first post
http://forum.avast.com/index.php?topic=97328.00
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards