Unsolved
This post is more than 5 years old
45 Posts
0
111747
dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?
>>>dell backup recovery\components\dbrupdate\hstartexe was spotted as a threat with my ESET NOD32 av. I could not find the exact file. I was in the Dell Backup and Recovery folders. I scanned the whole folder with Malwarebytes and found nothing. But ESET believes it is a variant of Win32/HiddenStart.
Location is
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe
I hope this is a false positive. Anyone else had this problem?
joe53
5.8K Posts
0
January 13th, 2014 23:00
I can't answer your question, but you might want to check out this thread:
What's the use of HStart in Dell computers? http://en.community.dell.com/support-forums/software-os/f/3526/p/19436721/20053470.aspx
I don't have hstart.exe (or Dell Backup and Recovery) on any of my Dell computers using XP or Win 7. Probably because I uninstall all Dell software that comes pre-installed (I've never found any of it useful).
But others have uploaded a file named hstart.exe to VirusTotal for testing by multiple virus scanners, and you can see one such result here:
https://www.virustotal.com/en/file/3e857094c9d89b31676477ce7d8d523f94c767f3cb0769dae99af76b3c4e004b/analysis/1369211473/
As you can see, ESET considered it a variant of Win32/HiddenStart there also. Other scanners found it suspicious also; many others did not.
As long as your system is working well, I don't think you need to worry.
ky331
3 Apprentice
3 Apprentice
•
15.3K Posts
0
January 14th, 2014 07:00
"But then I clicked check potentially unsafe applications, that is when it was found..."
The problem with many installers --- including CCleaner (Standard version) --- is that they include offers for "bundled-software" such as Google Chrome, Google Toolbar, McAfee/Symantec scanners, ASK toolbar &etc. Users have to be very careful running these installers, especially to UNcheck any PRE-checked boxes for programs they don't want to include.
Fortunately, in CCleaner's case, they also offer a SLIM version on their Builds Page, which does NOT include any bundled software http://www.piriform.com/ccleaner/builds
kkay59
45 Posts
0
January 14th, 2014 07:00
I ticked the box enable detection for potentially unsafe applications in ESET NOD32. I usually kept it at unwanted or suspicious applications. I am very careful on running installers, because of extra software they have set up to install with the original software you checked. I have been using CCleaner for many years. I do not use all of the features. Mainly I use it for cookies only. I clean the cookies, but the cookies I need, are not deleted. Thank you for the link to the slim build. I will check that out.
kkay59
45 Posts
0
January 14th, 2014 07:00
Thank you! When I tried to find it, it didn't show. ESET NOD32 said my machine was clean. But then I clicked check potentially unsafe applications, that is when it was found the first time, last night. I scanned it also with Malwarebytes, and it did not show a virus, or problem. So, I had ESET scanner on pause, trying to find what this was. I was afraid it was a false positive, so I hit pause, until I could find more. I could not find anything more on here, I guess I didn't hit just the right search. Finally last night, I just let ESET clean the file. ESET also has a problem with the CCleaner.exe file, but if you scan it without that box ticked, it does not show a problem. It also does not like PhotoScape. I downloaded another CCleaner file and it said it was clean. I am going to check that box again, for unsafe applications today, and see what it does. It wants to clean, or delete. If I just typed in hstart.exe in windows explorer, nothing comes up. (this was as soon as I saw the scan in progress, and it was marked a threat. Thank you again for these links. I guess there is a vulnerability with this in Backup and Recovery.
Bugbatter
20.5K Posts
0
January 14th, 2014 08:00
Perhaps it was the file name that ESET was flagging. It is up to the user to make a decision at that point. Considering that the file was installed as a component of a Dell application, I wouldn't be concerned.
What is a potentially unwanted application?
http://kb.eset.com/esetkb/index?page=content&id=SOLN2629