Results 1 to 5 of 5

Thread: false positive for hpdiags.exe

  1. #1
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Default false positive for hpdiags.exe

    * Operating System=in sig -windows xp home sp3

    * Browser and Version=Internet Explorer 7, FireFox 3

    * Version of Spybot S&D and Date of the latest update: 1.6 with latest updates as of 12/2/08 ( i know updates come tomorrow, sorry i reported so late; i just found it yesterday.)

    * where did the false positive occur: in internet explorer 7 using hp system check tool. Problem occurred with teatimer.

    Ok, i use the laptop system health utility provided by hp, its available on there website here.

    When i went to run the tool like always, (by clicking scan my system) teatimer popped up and stated the following: spybot has encountered and terminated a process that is listed as part of malicious software.

    Then says: process id: 3428
    filename: hpdiags.exe
    found in: c:/docume``1\user\locals``1\temp\hi...then trails off.
    identified as: ZombieRat

    Thats the info it gives me. I chose never tell me again and let it run; as i know darn well that it is perfectaly legit tool that checks your computers health and state of drives, memory etc. It's a Diagnostic tool. Screenshot is attached and i recommend a look at it. I have never had this happen before when i was on this website. Thanks for any help you can offer.
    Last edited by 129260; 2008-12-03 at 05:42.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    this is really odd, since the ZombieRat detection rules do not fit in here at all (they are very very specific).
    I tried to recreate your issue anyway and was not able to until I made new rules that specifically detected the hpdiags.exe.

    I think there are 2 points we need to check:

    - Version of hpdiags.exe
    we may have gotten different hpdiags.exe based on our locations and/or computers.
    The one I got has the following properties filesize=69632,md5=967E3EA1C9E45E2077BE48AF6903129B
    and was located in: c:\documents and settings\user\local settings\temp\HPISPz

    - Version of Teatimer
    current public file version of Teatimer is 1.6.3.25
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Lightbulb I have the latest version of teatimer...

    So i am really stumped on this one.....I know the tool will only run on a compaq or hp computer. Maybe that is the reason why you could not reproduce it..hmm..i don't know. As shown in the screenshot, the message occurred from teatimer after the hardware tests were finished....when i get home i will double check on the file size of the file, and i will also try to have it happen again. I will also double check that i have the latest version of teatimer, but i am positive i have it. Anyway's, i will get back to you and let you know further on this issue. Thanks for the help yodama!
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  4. #4
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Lightbulb strange.....

    i did the recent updates, including all the updates available today, and now it is no longer happening. Thats awesome haha. So ya, just thought i would report that, i don't know if the updates fixed the issue, or if it was a one time thing that caused it. Its weird, but ya, thanks for everything.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    thanks for your feedback
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •