Author Topic: I got a "Threat" (Read 11138 times)

GUNxSPECTRE · « **on:** June 05, 2010, 07:44:40 PM »

I did a scan and one threat was found:

"C:\hp\support\flexroot\burnbootv\Killit.exe"

I've read around the forums and saw variations, but I have no clue what it does. Some say it's for HP products like printers and stuff and other say that it's part of a vital system function.

Should I move it to the chest or repair it?

Asyn · « **Reply #1 on:** June 05, 2010, 07:48:34 PM »

Rescan with free Mbam to get a second opinion.
http://www.malwarebytes.org/mbam.php
asyn

DavidR · « **Reply #2 on:** June 05, 2010, 08:00:01 PM »

What was the malware name given to Killit.exe ?

Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?

If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.

I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?

I doubt it has anything to do with the system or it would be in a system folder.

GUNxSPECTRE · « **Reply #3 on:** June 05, 2010, 08:04:18 PM »

Quote from: DavidR on June 05, 2010, 08:00:01 PM

What was the malware name given to Killit.exe ?

Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?

If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.

I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?

I doubt it has anything to do with the system or it would be in a system folder.

Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.

The status is : "PUP: Win32:KillApp-W [PUP]"

Asyn · « **Reply #4 on:** June 05, 2010, 08:11:10 PM »

Quote from: GUNxSPECTRE on June 05, 2010, 08:04:18 PM

Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"

So, it's up to you, if you still want to remove it, as it's no real threat to your system...

asyn

GUNxSPECTRE · « **Reply #5 on:** June 05, 2010, 08:13:16 PM »

Quote from: Asyn on June 05, 2010, 08:11:10 PM

Quote from: GUNxSPECTRE on June 05, 2010, 08:04:18 PM
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.
The status is : "PUP: Win32:KillApp-W [PUP]"

So, it's up to you, if you still want to remove it, as it's no real threat to your system...
asyn

My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?

Asyn · « **Reply #6 on:** June 05, 2010, 08:25:41 PM »

Quote from: GUNxSPECTRE on June 05, 2010, 08:13:16 PM

My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?

I would leave it as it is, as HP wouldn't dare to infect users...
asyn

DavidR · « **Reply #7 on:** June 05, 2010, 09:17:36 PM »

Quote from: GUNxSPECTRE on June 05, 2010, 08:04:18 PM

<snip>
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.

The status is : "PUP: Win32:KillApp-W [PUP]"

That is one of the issues of selecting the PUP option, many of theses tools, can be harmful if used maliciously, so avast is flagging them. When choosing the PUP option, you really have got to have a good understanding of what is on your system and if it is there legitimately (which appears top be the case here). So I would suggest you deselect the PUP option, effectively setting it back to the defaults.

Quote from: GUNxSPECTRE on June 05, 2010, 08:13:16 PM

<snip>

My MBAM, found no problems.
I heard that it could create problems if I removed it. Should I try and repair it?

It shouldn't create a problem if removed as the only implication of it not being there is that HP couldn't use it if they were trying to use recovery, etc. But you should leave it in the original location.

bo.elam · « **Reply #8 on:** June 06, 2010, 08:01:33 AM »

10 to 1 that is a false positive. I would leave the file where it is and
send it to Avast virus lab. HP original files are very often detected as
malware when they are not.
Bo

DavidR · « **Reply #9 on:** June 06, 2010, 03:28:41 PM »

It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.

Asyn · « **Reply #10 on:** June 06, 2010, 03:34:21 PM »

Quote from: DavidR on June 06, 2010, 03:28:41 PM

It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.

I fully agree with Dave.
asyn

bo.elam · « **Reply #11 on:** June 06, 2010, 06:27:35 PM »

@davidR/Asyn, Sorry but I don't agree with you because if the file is REAL
then Avast should fix the detection. Sometimes AV companies like Avast
detect files like this one that "potentially " can have some danger and don't
change the detection. Well, I can live with that but most users end up
deleting files that might be needed in the future.
When I was using Avira they detected 12 original HP files in my computer
and after all it was done 11 of them were fix, so I excluded the one left.
I never moved them from the original place and to me its easy to know a
real virus from a false positive but as both of you guys know that is not the
case for most users.
Avast up to this point has not detected anything on my PC and probably
never will because I never get infected. When I saw this thread yesterday
I scanned my HP folders and there were no FP detections at all. The file
Killit is not on my PC but HP has a bunch of files with ugly names like that
one and if you are a HP owner and start deleting all the HP original files that
your AV detects you ll end up with functions becoming useless.
Bo

Mr.Agent · « **Reply #12 on:** June 06, 2010, 06:29:17 PM »

Strange but i dont got this kind of file name on mine...

I scanned the folder and no threat.

Also no virus in my chest...

bo.elam · « **Reply #13 on:** June 06, 2010, 06:39:08 PM »

@DavidR, sorry Dave I forgot. I also don't agree with you that the user
should "deselect the PUP option, effectively setting it back to the defaults".
That its completely wrong because if a user does that REAL malware
can penetrate his computer because PUP is not selected to be scanned
or detected by the AV. If the user does that and goes to a page infected
by a rogue, then whats gonna happen is that his computer will be infected
by that rogue.
Anyway, he should send the detection to Avast and if its not fixed he should
excluded it from being detected.
Bo

Mr.Agent · « **Reply #14 on:** June 06, 2010, 06:41:57 PM »

Anyway for PUP its up to the user for if he want it or no.

Like me i did select it in all shields and settings. Because i dont know in any way if there a PUP and its a real virus so i could verify it via virustotal or google for about the files or come here.

Author Topic: I got a "Threat" (Read 11138 times)

GUNxSPECTRE

I got a "Threat"

Asyn

Re: I got a "Threat"

DavidR

Re: I got a "Threat"

GUNxSPECTRE

Re: I got a "Threat"

Asyn

Re: I got a "Threat"

GUNxSPECTRE

Re: I got a "Threat"

Asyn

Re: I got a "Threat"

DavidR

Re: I got a "Threat"

bo.elam

Re: I got a "Threat"

DavidR

Re: I got a "Threat"

Asyn

Re: I got a "Threat"

bo.elam

Re: I got a "Threat"

Mr.Agent

Re: I got a "Threat"

bo.elam

Re: I got a "Threat"

Mr.Agent

Re: I got a "Threat"