Killapps.exe - reported by a2

[szc]

Yes, that's from Wilders forum I gave link for in my first post in this thread:

I've searched all over the net and found this thread at Wilders forum:
http://www.google.ca/search?q=cache:g8LVPWp3MwsJ:www.wilderssecurity.com/showthread.php%3Ft%3D13039%26goto%3Dnextnewest+what+is+killapps.exe&hl=en

This Killapps.exe located in Windows/System32 subfolder is not sofware used for the control of certain applications... As I mentioed before, there is also Kill.ini file (part of this Killapps.exe) and it lists all Creative applications. I also wrote about that. See here:

http://forum.avast.com/index.php?topic=10465.msg89143#msg89143

Second problem... Sound Blaster Audigy is completely different product, much better than SoundBlaster Live! Value. I don't have Audigy, but still have that file... it came withy latest driver updates from official Creative website.

I sent that sample to developers of a2, and we'll see from there. Most likely I will never receive answer from them, because that's what I've heard from some people that used to send some samples before... maybe, this time will be different, but that's still just maybe...

Cheers !

[bob3160]

Sasha
According to that info, what you have is a false positive from a2. It's not the first one. and i'm sure there will be others.

[szc]

Yes it really looks like that, but it's maybe better to wait... we'll see when I receive info from a2 team. For now, I just removed that file from System32 folder (I have backup)...

Cheers !

[bob3160]

I just rename a suspicious file. exe=xee,  com=moc, bat=tab, etc etc.
Can't run what doesn't exist.

[szc]

Yes I know, but I don't want it to physically exist on my HD if it's something suspicious, especially if it's some file that I don't even use. My sound card works great even without all those applications installed. Creative Mp3 player, 100% not needed, anyway I use WinAMP, Creative mixer good, but almost all those options and features you get with default Windows Mixer. Creative Rack in general, complete waste of HD space. The only real thing you need, are tose drivers...

I have backup and original installation CD, so if something goes wrong (and I'm 100% sure it won't, because so far nothing is complaining about that file), I know what I have to do... however, I make backups of my whole system every week on Fridays, so one short visit to Ghost won't cost me anything, haha 

[Spyros]

Andreas Haak's (a²) response about KILLAPS.EXE:
http://forum.emsisoft.com/viewtopic.php?t=2459

[igor]

If they think about detecting mIRC or FTP servers, then of course they should detect most versions of Outlook/Express and Internet Explorer, too - it's much bigger risk IMHO.

[szc]

Yes, Igor is right... I don't think this is a right way to handle things... tomorrow, they will detect whole Windows OS telling us that there are potential "holes", great exploiting possibilities... OK, maybe it's possible that killapps.exe can be used by some other party to control (turn off) antiviruses and firewalls. but IMHO, a2 should detect those things if they are infected, not telling us what is possible risk. Everything is possible risk today, even walking in the street, breathing, driving in planes and cars...

[bob3160]

With that approch, why not just kill the computer?
That would then eliminate the potential of either receiving or spreading malware.
A program that protects you from harm but requires an Einstein to operate isn't much
good for the average computer user. IMHO

[szc]

Exactly Bob, and at the end it turned out that killapps.exe is in fact nothing else than little utility provided by Creative and it's used by the Creative setup to terminate active applications before installing/uninstalling Creative software... something like, kill the process so I (installation process) can rewrite them, and be sure that they are not in use in that particular moment...

I just put them back in System32 subfolder...

[toadbee]

I think the detection by a2 (and kaspersky) is excellent. If nothing else - most of us just learned a thing or two 

Quoting andreas:

The problem is that the same application is used by several scripts and trojans out there to terminate anti-virus software and firewalls

That sounds like a fact, and therefor a valid detection IMO.

[szc]

OK, true... but, why then a2 don't report IE, Outlook Express or any other application ? As Igor said, those can be easily used to compromise security of our systems... not to mention million of other little anonymous programs that can be used against the user...

I don't need any program telling me that something is wrong with very legitimate file just because it has in it's database that that particular program can be used for something else... this one is not infected and that way, can't be used to compromise my system. Why then alarming people and bringing all that confusion. As I said before, it should report if something malicious is found, otherwise I don't wanna see any reports about it... I'm sorry, but just my humble opinion...

[toadbee]

OK, true... but, why then a2 don't report IE, Outlook Express or any other application ? As Igor said, those can be easily used to compromise security of our systems... not to mention million of other little anonymous programs that can be used against the user...

I don't need any program telling me that something is wrong with very legitimate file just because it has in it's database that that particular program can be used for something else... this one is not infected and that way, can't be used to compromise my system. Why then alarming people and bringing all that confusion. As I said before, it should report if something malicious is found, otherwise I don't wanna see any reports about it... I'm sorry, but just my humble opinion...

And i respect your opinion 
The difference is most people not only understand the risks of IE and Lookout, but they also are aware that they're installed on their machine. In this case you are made aware of something you didn't even know you had,  and after explanation - you know now that there are known nasties that exploit that exe. making it your call if you want that on your harddrive.

What I do fully agree with is that A2 should make it clear - "hey don't panic - we're just letting you know". 

[szc]

Exactly, wonderful explanation !

I agree, it should be something like: "...hey we found some suspicious file, for now nothing is wrong with it, but there is a huge possibility for exploiting that file in the future..."

That would be great, but I guess, we can't have everything "delivered" in front of our nose...

Yes, you're 100% right, I wasn't aware at all that I have that file on my HD untill a2 alarmed me... it's just, they should really rephrase those reports sometimes.

Cheers !

[lee16]

Does not the a2 forum have a place for suggestions?
Could you not ask for this to be added?

--lee