AntiVir detection, help appreciated

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
On Wednesday night, I downloaded Avira AntiVir onto the XP rig Terry uses. It carried out a scan at the time, which came up "clean" and I then set it up to do a daily scan at 5 am.

Today, it threw up an alert after scanning, reporting:
Object "hpqishc09.exe" then Detection: "TR/Dldr.Small.apnl" which it suggests might be a trojan.

My hunch is that this is probably just something to do with HP (our printers) but Googled and also searched the AntiVir website in case I'm wrong.

I couldn't find anything "definitive" so, do you think this could be the AV's heuristic setting throwing up a false positive? Would appreciate your opinion please guys :nod:

(Just to be clear, originally the XP rig was protected by AVG and ZA.... yes I know :rolleyes: but they had always kept that rig clean and trouble-free. The reason for uninstalling them, was that following an update, it became impossible to load webpages. A bit of scouting revealed that others were having the same probs. There was a suggestion that there was a bit of a conflict going on between the two apps, so I uninstalled both - after first disconnecting from the internet. Antivir is currently working with Windows own Firewall, but this is only until I decide which third-party firewall to go with.)

Sorry this is a bit lengthy, but just trying to provide sufficient info :)
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
What directory is the hpqishc09.exe file in TC? I can't find anything by googling that file, however there are similar named ones for HP printer drives like you suggest.

You could always upload it to http://www.virustotal.com and see if any other AV scanners detect anything. If they do, can you post the alternative virus names as I can't find much on "TR/Dldr.Small.apnl" either.

Hopefully it will turn out to be a false positive :)
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Thanks for the speedy reply Ian. :)

Oops! Sorry, didn't realise that when I hover over "Detection" an info box which comes up which states:

C:\Program Files\HP\Digital Imaging\bin\hpqisc09.exe
Is the TR/Dldr.Small.apnl Trojan Action: Move to quarantine.
and:
C:\Program Files\HP\Digital Imaging\{3E3866744-10FA-44b2-98C9-DF7A270DECB3}\util\common\hpqisc09.exe
Is the TR/Dldr.Small.apnl Trojan Action: Move to quarantine.
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
It probably is a false positive, but if you upload it to virustotal.com to confirm that will let you know. If a few others flag it up as a virus then it would be worth looking in to it more.
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Thanks again Ian :thumb:

I have just been trying your recommendation of uploading the file... but each time I try to browse to it, I get a "file does not exist" message.

Will keep trying.........oh rats! Now the blasted cursor has disappeared :( Somehow I've a feeling this is not going to be my day, lol.
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
Hehe, I know what you mean - it's never just one thing that goes wrong ;)

It could be that the file has been moved to quarantine already - if that is the case, it would be interesting to see if your HP stuff still works.
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Ian Cunningham said:
It could be that the file has been moved to quarantine already - if that is the case, it would be interesting to see if your HP stuff still works.

Yes, I wondered that too... in fact, I ran a Trend Micro Housecall scan just now, and that came up clean too. So looks like you're right.

Right now, the HP printer which was connected is offline - meaning I disconnected it a few months ago - so can't test it (if you could see the "spaghetti" at the rear of our desk, you would know why I'm not venturing back there to re-connect!! Lol We had plans to shift things around... but that's another story :rolleyes: )

It probably wouldn't matter too much if AntiVir "killed" the files, because I could always reinstall the HP software if things didn't work when the printer is eventually reconnected. ( Meanwhile all printing is done via the Vista rig.)

"Found" the cursor again btw ...

Thank you again for all your help Ian, much appreciated :thumb: :D
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top