Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: GUNxSPECTRE on June 05, 2010, 07:44:40 PM
-
I did a scan and one threat was found:
"C:\hp\support\flexroot\burnbootv\Killit.exe"
I've read around the forums and saw variations, but I have no clue what it does. Some say it's for HP products like printers and stuff and other say that it's part of a vital system function.
Should I move it to the chest or repair it?
-
Rescan with free Mbam to get a second opinion.
http://www.malwarebytes.org/mbam.php
asyn
-
What was the malware name given to Killit.exe ?
Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?
If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.
I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?
I doubt it has anything to do with the system or it would be in a system folder.
-
What was the malware name given to Killit.exe ?
Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?
If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.
I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?
I doubt it has anything to do with the system or it would be in a system folder.
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"
-
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"
So, it's up to you, if you still want to remove it, as it's no real threat to your system... ;)
asyn
-
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"
So, it's up to you, if you still want to remove it, as it's no real threat to your system... ;)
asyn
My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?
-
My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?
I would leave it as it is, as HP wouldn't dare to infect users...
asyn
-
<snip>
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"
That is one of the issues of selecting the PUP option, many of theses tools, can be harmful if used maliciously, so avast is flagging them. When choosing the PUP option, you really have got to have a good understanding of what is on your system and if it is there legitimately (which appears top be the case here). So I would suggest you deselect the PUP option, effectively setting it back to the defaults.
<snip>
My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?
It shouldn't create a problem if removed as the only implication of it not being there is that HP couldn't use it if they were trying to use recovery, etc. But you should leave it in the original location.
-
10 to 1 that is a false positive. I would leave the file where it is and
send it to Avast virus lab. HP original files are very often detected as
malware when they are not.
Bo
-
It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.
-
It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.
I fully agree with Dave.
asyn
-
@davidR/Asyn, Sorry but I don't agree with you because if the file is REAL
then Avast should fix the detection. Sometimes AV companies like Avast
detect files like this one that "potentially " can have some danger and don't
change the detection. Well, I can live with that but most users end up
deleting files that might be needed in the future.
When I was using Avira they detected 12 original HP files in my computer
and after all it was done 11 of them were fix, so I excluded the one left.
I never moved them from the original place and to me its easy to know a
real virus from a false positive but as both of you guys know that is not the
case for most users.
Avast up to this point has not detected anything on my PC and probably
never will because I never get infected. When I saw this thread yesterday
I scanned my HP folders and there were no FP detections at all. The file
Killit is not on my PC but HP has a bunch of files with ugly names like that
one and if you are a HP owner and start deleting all the HP original files that
your AV detects you ll end up with functions becoming useless.
Bo
-
Strange but i dont got this kind of file name on mine... :o
I scanned the folder and no threat.
Also no virus in my chest...
-
@DavidR, sorry Dave I forgot. I also don't agree with you that the user
should "deselect the PUP option, effectively setting it back to the defaults".
That its completely wrong because if a user does that REAL malware
can penetrate his computer because PUP is not selected to be scanned
or detected by the AV. If the user does that and goes to a page infected
by a rogue, then whats gonna happen is that his computer will be infected
by that rogue.
Anyway, he should send the detection to Avast and if its not fixed he should
excluded it from being detected.
Bo
-
Anyway for PUP its up to the user for if he want it or no.
Like me i did select it in all shields and settings. Because i dont know in any way if there a PUP and its a real virus so i could verify it via virustotal or google for about the files or come here.
-
Mr Agent, if you are a HP owner like me you have to be extra careful when your
AV detects something on that folders or on HP updates folder.
Bo
-
Sincerly i never had a detection of avast! in my hp folders. Otherwise my action is set to move to chest first and if its a false positive i could restore it by doing no damage.
And of course dont worry for me. But thx for warn me its alway good too ;)
avast! has no alot false positive. But we dont know its alway nice to verify throught some virus scan. ;D
-
Mr. Agent I always verify with Jotti/Virus total but if I was you and a HP
file is detected I would not even move it from its original location, unless
the file its a real virus. When HP files on my computer have been detected
I always go to the file to see the dates so in less than 5 minutes I know its
a FP.
I am going to tell you a little story. Three months ago some AV like Kaspersky
and Avira detected a bunch of files in the HP recovery folder. Anybody that
deleted those files without realizing that they are FP ended up with a useless
recovery function. I am not one of them and hopefully neither you.
Bo
-
Well that why avast! has for first action "Move to chest" so if a fps is occured then the user can restore it by go in the chest and click restore.
Otherwise i never had problem with HP or avast! or any of my products that i use now. If its happen i will try to know how to resolve it dont worry. ;)
-
There just a file that have been detected by Malwarebytes for me that im really wondering and dont got respond so i said i dont take chance and i did ignore it.
But avast! dont detect it or Windows Defender so i dont have to worry. ;D
Malwarebytes has some false positive so that why i shouldnt recommand it to the users that dont know so much in computer. ;)
Also the file has no been used for like 4 years so yeah i never take a chance for if im never sure. Otherwise i could destroy my pc. Also we need to understand that if its wanted to destroy my pc that file then its would already do it long time ago lol.
-
Mr.Agent can you give me the name/location of the file detected by MBAM.
Bo
-
Its not important and you wont find it about it in internet and i checked it with virustotal and all came up clean so its indeed a false positive but mbam said something to me for why they dont corrected the fps. So i dont care i did put it on ignore so dont worry too much for me mate. I know what im doing. ;)
Edit : I did find KillIt.exe and indeed avast! flagged it as PUP i hope they correct it soon otherwise i do ignore it now.