Author Topic: Killapps.exe - reported by a2  (Read 24425 times)

0 Members and 1 Guest are viewing this topic.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Killapps.exe - reported by a2
« on: January 19, 2005, 02:58:17 PM »
I just started scann process with a2, and at the end of scan, I've got report that one file is classified as malware. The name of the file is KILLAPPS.EXE and it's located in Windows/System32 subfolder (WindXP Pro SP2). I've searched all over the net and found this thread at Wilders forum:
http://www.google.ca/search?q=cache:g8LVPWp3MwsJ:www.wilderssecurity.com/showthread.php%3Ft%3D13039%26goto%3Dnextnewest+what+is+killapps.exe&hl=en

Some of them are saying that file belongs to some specific SoundBlaster cards (Audigy etc.), but I don't have Audigy, my SoundBlaster model is SB Live! Value. I've also found out that some antiviruses are recognizing that file as malware, but after double checking by developers, they all agreed that it's just a false positive.

I would really like to hear Alwil's opinion, as we all know, to whome to trust if not to our host, hehe... is there any chance I can send that file to someone for further checking ?

Note: Never ever had any problems with my system in the past, it's working flawlesly, but I'm just wondering what's the story with that file... I don't like to have anything that I don't know what's the purpose of it.

Here is the screenshot from a2...

Cheers !
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

toadbee

  • Guest
Re: Killapps.exe - reported by a2
« Reply #1 on: January 19, 2005, 03:25:59 PM »
I would really like to hear Alwil's opinion, as we all know, to whome to trust if not to our host, hehe... is there any chance I can send that file to someone for further checking ?

Note: Never ever had any problems with my system in the past, it's working flawlesly, but I'm just wondering what's the story with that file... I don't like to have anything that I don't know what's the purpose of it.

Here is the screenshot from a2...

Cheers !

You should have it tested here for a second opinion -
http://virusscan.jotti.dhs.org/

If you suspect a false positive - be sure to let Mr. Haak know over there at the a2 forum as well  ;)



Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #2 on: January 19, 2005, 03:46:18 PM »
I've got this (see attachment)... it looks like it's non-destructive, but still, I don't know why is it classified as malware... it comes from very good and respected sound card manufacturer...  ???

Btw, thanks for the link... great !
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #3 on: January 19, 2005, 05:20:00 PM »
Any thoughts Alwil ? Any opinion would be greatly appreciated.

I mean, it sounds so weird... characterized as Malware, but non-destructive malware... Malware is something like abbreviation from Malicious Software, if I'm not wrong... malicious is very close to destructive in these terms, so what shoudl I do when a2 asks me ? Completely delete the file or something else ? Biggest problem is 'cause I can't find anything about the purpose of that file on Creative web site...
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Killapps.exe - reported by a2
« Reply #4 on: January 19, 2005, 05:28:10 PM »
Well, according to the name, it sounds like a tool to kill other application. While some people may consider is "dangerous" (which is probably why it's reported by KAV), it's rather strange - you could report the Task Manager the same way.

toadbee

  • Guest
Re: Killapps.exe - reported by a2
« Reply #5 on: January 19, 2005, 05:37:31 PM »
If I'm getting it right (which only happens now and again  ;D )
Riskware is legitimate software that can be used
to do harm.

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #6 on: January 19, 2005, 05:38:08 PM »
Well, according to the name, it sounds like a tool to kill other application. While some people may consider is "dangerous" (which is probably why it's reported by KAV), it's rather strange - you could report the Task Manager the same way.

Yeah, it's really strange... why would any part of Creative Sound Blaster software package, like to "kill" some other processes ? Really strange...
I may try to completely erase it (uninstall Creative applications), clean the registry, and then reinstall it from the scratch... just to see what's going to happen...
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

FastGame

  • Guest
Re: Killapps.exe - reported by a2
« Reply #7 on: January 19, 2005, 10:28:31 PM »
Hmmm my a2 doesn't find Killapps.exe. in my creative drivers  ???

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #8 on: January 19, 2005, 10:50:21 PM »
Most likely not the same sound card. Mine is SB Live! Value... (quite different than normal SB Live!). Killapps.exe is located in Windows/System32 subfolder, not uder default Creative folder.

Also, there is another file that comes with that one, and it's called Kill.ini
Here are contents of that file:

[KILL.B]
audiohqu.exe
rcman.exe

[KILL.A]
ahqrun.exe
ctltray.exe
ctltask.exe
ctplay2.exe
surmix2.exe
rcenter.exe
adgjdet.exe
mplayer2.exe
rcman.exe
cthelper.exe


As we all can see, those applications are Creative applications, nothing else... so it really looks like false alarm. I just reported it to a2 developers.
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Hopismum

  • Guest
Re: Killapps.exe - reported by a2
« Reply #9 on: January 20, 2005, 12:04:18 AM »
,
« Last Edit: September 07, 2005, 08:41:42 AM by . »

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #10 on: January 20, 2005, 12:21:33 AM »
Sasha.. I have an SB Live Value card on one of my systems here.  Out of curiosity I just checked..  neither of those files exist ..   All creative software is installed.   Weird

I don't know, but this is official Creative web site where I downloaded latest drivers and utilities:
http://us.creative.com/support/downloads/download.asp

File is around 24 Mb...

I have that those drivers at least last 2 months, and never noticed anything unusual with my computer. Everything works perfect. avast! can't find anything weird with that file, that's why I asked if someone wants me to send that file for further checking. a2 is the only one program that reports it as malware, but not destructive malware as they said.

Cheers !

MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Hopismum

  • Guest
Re: Killapps.exe - reported by a2
« Reply #11 on: January 20, 2005, 12:27:29 AM »
,
« Last Edit: September 07, 2005, 08:41:56 AM by . »

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Killapps.exe - reported by a2
« Reply #12 on: January 20, 2005, 12:28:38 AM »
Sasha
ahqrun.exe For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
Stop worrying. It's ok
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6927
Re: Killapps.exe - reported by a2
« Reply #13 on: January 20, 2005, 12:38:12 AM »
Bob, ahqrun.exe is not a problem... file Killapps.exe is the one that a2 reports as malware...

EDIT: Maybe you guys didn't notice, but those files listed and marked in blue color, are just text file, contents of Kill.ini file.

Only one that is suspicious is Killapps.exe
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Killapps.exe - reported by a2
« Reply #14 on: January 20, 2005, 12:54:25 AM »
this is all I can up with:

There seems to be at least two different things here:-

a) Creative Labs' Audigy sound card uses 2K_XP/Drivers/COMMON/killapps.exe. See here for details:- http://www.soundcard-drivers.com/drivers/58/58954.htm

b) Killapps - which is sofware used for the control of certain applications. See here:- http://www.killapps.com/screenshots.htm

c) Clearly, if the above two things do not apply, then we have to think in terms of malware.

The most likely explanation is the Audigy sound card.(see here:- http://research.pestpatrol.com/Anal...3-02_212212.asp).

Eliminate this possibility before considering anything else. It is not unknown for the heuristics of an AV to misinterpret the veracity of a prog designed to halt other processes.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet