Announcement

Collapse
No announcement yet.

HS3.exe Avast Virus warning

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    HS3.exe Avast Virus warning

    This morning I was trying to fix the slow webpage loading issue on Windows machines that I see has been discussed in other threads, I rebooted my Homeseer server (Win10) and Homeseer didn't start up.

    After some digging I found that the HS3.exe file had disapeared! I managed to find it in the Avast (free) Virus Chest, where it had been tagged as having an alexa (sp) variant virus.

    I suspected it might be a false positive but to be sure I downloaded the HS3 installer again from the homeseer website, scanned it (clean), ran the installer and selected Repair, checked it put back a HS3.exe file and scanned the exe (clean).
    I then ran it, which prompted me to register again, then had an issue with the BLLAN plugin to do with registering so installed it again from the Plugins section on the web interface, enabled it and all seemed fine again.
    To be certain I rebooted to make sure everything started automatically but again homeseer didn't start and again Avast had moved the HS3.exe back to the Virus Chest.
    I ran out of time to play more alas.

    So I assume that either it is a false positive and that the registration process is changing the signature of the HS3.exe file so when it's next run Avast buries it.
    Or it's getting re-infected from somewhere, possibly network/internet when it starts and reaches out to talk to somethng (I've scanned the entire server with Avast and it found no other files with any infections).

    I could just add it to exceptions but I'd like to see if others have had this first. It should be the latest HS3 version (it updated recently when I rebooted and as mentioned I downloaded the installer again today to repair it) and Avast (free) is the latest program and virus defs. Win10 is up-to-date but the 'Creators' update hasn't come down yet.

    #2
    Did some more poking last night. Extracted the HS3.exe file from the installer to make replacing it easier, it was clean. Copied it to the program folder and ran it, still clean, didn't have to reregister this time. Still had to fix the bllan plugin again but all working and still clean. Closed the console to shutdown homeseer and bam avast spots an idp.alexa.51 infection and chests the exe.
    Repeated this a couple of times then tried some things, used attrib to add read only flag to the exe and on first run, when windows prompts to allow local network access, cancelled the firewall prompt.
    This time on homeseer shutdown all was okay, still okay after a couple of reboots too.
    HSTouch still works but trying the web interface from another computer was blocked by the firewall. While finding the work around no other computer in the house was on and I've scanned the ones that might have been on previously. Still other devices like routers, wifi bridge, hue boxes, iPads etc but they are typically safe.
    I'll try enabling the firewall but leaving the exe read only at the weekend to narrow it down, might have to setup a packet capture to see what hs3 talks to if this is a real infection.

    Comment


      #3
      Over the years with Homeseer 2 went to a dedicated machine and Window Server here and over the years removed / shifted the AV to the firewall. (started with initially removing Norton, then Macafee, then Avast then...cuz they just became fatter than any other software running on the pc and server editions were more money than desktop editions).

      The Windows 10 desktop OS is just that with now resembling and functioning in the same manner as a tablet OS.

      Windows 10 is not meant these days to be a server even though you can make it a server. Personally have disliked jumping many hoops in the OS just to get stuff to run to my liking. For the eye candy the security features are layered and buried deep down in the OS these days. IE: what you don't see will not hurt you .
      - Pete

      Auto mator
      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

      Comment


        #4
        Originally posted by ailean View Post
        ... I could just add it to exceptions but I'd like to see if others have had this first ...
        Avast (free) is indeed finicky. I seem to remember having your issue with HS3 at some point and I am sure I have had it with a plugin (MS insteon).

        That HS3 would get infected after executing is theoretically possible, but unlikely given all the other more rewarding ways to infect.

        The Avast exception bin is my friend.

        Comment


          #5
          Just an obligatory - Me too!

          Just stopping by this thread to put in a 'me too'. Avast is killing my HS3 installation, which I didn't happen to notice, so I downloaded the installer and re-installed, apparently wiping my installation clean.

          So - starting to work on fixing it now, and hoping I can recover the settings. :-(

          I'm mainly posting so others can see it's happening rather frequently at the moment.

          Comment

          Working...
          X