Highlighted
kkay59
2 Iron

dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

>>>dell backup recovery\components\dbrupdate\hstartexe was spotted as a threat with my ESET NOD32 av.  I could not find the exact file.  I was in the Dell Backup and Recovery folders.  I scanned the whole folder with Malwarebytes and found nothing.  But ESET believes it is a variant of Win32/HiddenStart.

Location is

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe

I hope this is a false positive.  Anyone else had this problem?

0 Kudos
5 Replies
joe53
5 Rhenium

RE: dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

I can't answer your question, but you might want to check out this thread:

What's the use of HStart in Dell computers? http://en.community.dell.com/support-forums/software-os/f/3526/p/19436721/20053470.aspx

I don't have hstart.exe (or Dell Backup and Recovery) on any of my Dell computers using XP or Win 7. Probably because I uninstall all Dell software that comes pre-installed (I've never found any of  it useful).

But others have uploaded a file named hstart.exe to VirusTotal for testing by multiple virus scanners, and you can see one such result here:
https://www.virustotal.com/en/file/3e857094c9d89b31676477ce7d8d523f94c767f3cb0769dae99af76b3c4e004b/...

As you can see, ESET considered it a variant of  Win32/HiddenStart there also. Other scanners found it suspicious also; many others did not.

As long as your system is working well, I don't think you need to worry.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
kkay59
2 Iron

RE: dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

Thank you!  When I tried to find it, it didn't show.  ESET NOD32 said my machine was clean.  But then I clicked check potentially unsafe applications, that is when it was found the first time, last night.  I scanned it also with Malwarebytes, and it did not show a virus, or problem.  So, I had ESET scanner on pause, trying to find what this was.  I was afraid it was a false positive, so I hit pause, until I could find more.  I could not find anything more on here, I guess I didn't hit just the right search.  Finally last night, I just let ESET clean the file.  ESET also has a problem with the CCleaner.exe file, but if you scan it without that box ticked, it does not show a problem.  It also does not like PhotoScape.  I downloaded another CCleaner file and it said it was clean.  I am going to check that box again, for unsafe applications today, and see what it does.  It wants to clean, or delete.  If I just typed in hstart.exe in windows explorer, nothing comes up.  (this was as soon as I saw the scan in progress, and it was marked a threat.  Thank you again for these links.  I guess there is a vulnerability with this in Backup and Recovery. 

0 Kudos
ky331
6 Indium

RE: dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

"But then I clicked check potentially unsafe applications, that is when it was found..."

The problem with many installers --- including CCleaner (Standard version) --- is that they include offers for "bundled-software" such as Google Chrome, Google Toolbar, McAfee/Symantec scanners, ASK toolbar &etc.   Users have to be very careful running these installers, especially to UNcheck any PRE-checked boxes for programs they don't want to include.

Fortunately, in CCleaner's case, they also offer a SLIM version on their Builds Page, which does NOT include any bundled software http://www.piriform.com/ccleaner/builds

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
kkay59
2 Iron

RE: dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

I ticked the box enable detection for potentially unsafe applications in ESET NOD32.  I usually kept it at unwanted or suspicious applications.  I am very careful on running installers, because of extra software they have set up to install with the original software you checked.  I have been using CCleaner for many years.  I do not use all of the features.  Mainly I use it for cookies only.  I clean the cookies, but the cookies I need, are not deleted.  Thank you for the link to the slim build.  I will check that out. 

0 Kudos
7 Gold

RE: dell backup recovery\components\dbrupdate\hstartexea virus, or is this false positive?

But then I clicked check potentially unsafe applications, that is when it was found the first time, last night. 

Perhaps it was the file name that ESET was flagging. It is up to the user to make a decision at that point. Considering that the file was installed as a component of a Dell application, I wouldn't be concerned.
 
What is a potentially unwanted application?
http://kb.eset.com/esetkb/index?page=content&id=SOLN2629


Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos