AntiVir detection, help appreciated

[Taffycat]

On Wednesday night, I downloaded Avira AntiVir onto the XP rig Terry uses. It carried out a scan at the time, which came up "clean" and I then set it up to do a daily scan at 5 am.

Today, it threw up an alert after scanning, reporting:
Object "hpqishc09.exe" then Detection: "TR/Dldr.Small.apnl" which it suggests might be a trojan.

My hunch is that this is probably just something to do with HP (our printers) but Googled and also searched the AntiVir website in case I'm wrong.

I couldn't find anything "definitive" so, do you think this could be the AV's heuristic setting throwing up a false positive? Would appreciate your opinion please guys

(Just to be clear, originally the XP rig was protected by AVG and ZA.... yes I know but they had always kept that rig clean and trouble-free. The reason for uninstalling them, was that following an update, it became impossible to load webpages. A bit of scouting revealed that others were having the same probs. There was a suggestion that there was a bit of a conflict going on between the two apps, so I uninstalled both - after first disconnecting from the internet. Antivir is currently working with Windows own Firewall, but this is only until I decide which third-party firewall to go with.)

Sorry this is a bit lengthy, but just trying to provide sufficient info

 

[Ian]

What directory is the hpqishc09.exe file in TC? I can't find anything by googling that file, however there are similar named ones for HP printer drives like you suggest.

You could always upload it to http://www.virustotal.com and see if any other AV scanners detect anything. If they do, can you post the alternative virus names as I can't find much on "TR/Dldr.Small.apnl" either.

Hopefully it will turn out to be a false positive

 

[Taffycat]

Thanks for the speedy reply Ian.

Oops! Sorry, didn't realise that when I hover over "Detection" an info box which comes up which states:

C:\Program Files\HP\Digital Imaging\bin\hpqisc09.exe
Is the TR/Dldr.Small.apnl Trojan Action: Move to quarantine.
and:
C:\Program Files\HP\Digital Imaging\{3E3866744-10FA-44b2-98C9-DF7A270DECB3}\util\common\hpqisc09.exe
Is the TR/Dldr.Small.apnl Trojan Action: Move to quarantine.

 

[Ian]

It probably is a false positive, but if you upload it to virustotal.com to confirm that will let you know. If a few others flag it up as a virus then it would be worth looking in to it more.

 

[Taffycat]

Thanks again Ian

I have just been trying your recommendation of uploading the file... but each time I try to browse to it, I get a "file does not exist" message.

Will keep trying.........oh rats! Now the blasted cursor has disappeared Somehow I've a feeling this is not going to be my day, lol.

 

[Ian]

Hehe, I know what you mean - it's never just one thing that goes wrong

It could be that the file has been moved to quarantine already - if that is the case, it would be interesting to see if your HP stuff still works.

 

[Taffycat]

It could be that the file has been moved to quarantine already - if that is the case, it would be interesting to see if your HP stuff still works.

Yes, I wondered that too... in fact, I ran a Trend Micro Housecall scan just now, and that came up clean too. So looks like you're right.

Right now, the HP printer which was connected is offline - meaning I disconnected it a few months ago - so can't test it (if you could see the "spaghetti" at the rear of our desk, you would know why I'm not venturing back there to re-connect!! Lol We had plans to shift things around... but that's another story )

It probably wouldn't matter too much if AntiVir "killed" the files, because I could always reinstall the HP software if things didn't work when the printer is eventually reconnected. ( Meanwhile all printing is done via the Vista rig.)

"Found" the cursor again btw ...

Thank you again for all your help Ian, much appreciated