Author Topic: I got a "Threat"  (Read 11119 times)

0 Members and 1 Guest are viewing this topic.

GUNxSPECTRE

  • Guest
I got a "Threat"
« on: June 05, 2010, 07:44:40 PM »
I did a scan and one threat was found:

"C:\hp\support\flexroot\burnbootv\Killit.exe"

I've read around the forums and saw variations, but I have no clue what it does.  Some say it's for HP products like printers and stuff and other say that it's part of a vital system function.

Should I move it to the chest or repair it?
« Last Edit: June 05, 2010, 07:55:35 PM by GUNxSPECTRE »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: I got a "Threat"
« Reply #1 on: June 05, 2010, 07:48:34 PM »
Rescan with free Mbam to get a second opinion.
http://www.malwarebytes.org/mbam.php
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89002
  • No support PMs thanks
Re: I got a "Threat"
« Reply #2 on: June 05, 2010, 08:00:01 PM »
What was the malware name given to Killit.exe ?

Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?

If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.

I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?

I doubt it has anything to do with the system or it would be in a system folder.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GUNxSPECTRE

  • Guest
Re: I got a "Threat"
« Reply #3 on: June 05, 2010, 08:04:18 PM »
What was the malware name given to Killit.exe ?

Is the location you posted correct as I suspect it should be C:\hp\support\flexroot\burnbootv\KillIt.exe ?

If so it is likely to be an HP tool that can be used for both good or evil (killing something, process, etc.) and an AV isn't able to determine intent.

I also suspect that you have tweaked your scan settings to include PUPs (Potentially Unwanted Programs) of which this could be one ?

I doubt it has anything to do with the system or it would be in a system folder.

Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs. 

The status is : "PUP: Win32:KillApp-W [PUP]"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: I got a "Threat"
« Reply #4 on: June 05, 2010, 08:11:10 PM »
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.  
The status is : "PUP: Win32:KillApp-W [PUP]"

So, it's up to you, if you still want to remove it, as it's no real threat to your system... ;)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

GUNxSPECTRE

  • Guest
Re: I got a "Threat"
« Reply #5 on: June 05, 2010, 08:13:16 PM »
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs.  
The status is : "PUP: Win32:KillApp-W [PUP]"

So, it's up to you, if you still want to remove it, as it's no real threat to your system... ;)
asyn


My MBAM, found no problems. 
I heard that it could create problems if I removed it.  Should I try and repair it?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: I got a "Threat"
« Reply #6 on: June 05, 2010, 08:25:41 PM »
My MBAM, found no problems. 
I heard that it could create problems if I removed it.  Should I try and repair it?

I would leave it as it is, as HP wouldn't dare to infect users...
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89002
  • No support PMs thanks
Re: I got a "Threat"
« Reply #7 on: June 05, 2010, 09:17:36 PM »
<snip>
Yeah, sorry, I forgot the "\hp\" part in the name, and I did set the scan to look for PUPs. 

The status is : "PUP: Win32:KillApp-W [PUP]"

That is one of the issues of selecting the PUP option, many of theses tools, can be harmful if used maliciously, so avast is flagging them. When choosing the PUP option, you really have got to have a good understanding of what is on your system and if it is there legitimately (which appears top be the case here). So I would suggest you deselect the PUP option, effectively setting it back to the defaults.

<snip>

My MBAM, found no problems. 
I heard that it could create problems if I removed it.  Should I try and repair it?

It shouldn't create a problem if removed as the only implication of it not being there is that HP couldn't use it if they were trying to use recovery, etc. But you should leave it in the original location.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bo.elam

  • Guest
Re: I got a "Threat"
« Reply #8 on: June 06, 2010, 08:01:33 AM »
10 to 1 that is a false positive. I would leave the file where it is and
send it to Avast virus lab. HP original files are very often detected as
malware when they are not.
Bo
« Last Edit: June 06, 2010, 08:03:43 AM by bo.elam »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89002
  • No support PMs thanks
Re: I got a "Threat"
« Reply #9 on: June 06, 2010, 03:28:41 PM »
It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: I got a "Threat"
« Reply #10 on: June 06, 2010, 03:34:21 PM »
It isn't an FP when the OP specifically selected PUPs as part of the scan and this would be considered a PUP based on what it does, read my first reply as this is all about intent and the fact the OP selected this option in the scan.

I fully agree with Dave.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

bo.elam

  • Guest
Re: I got a "Threat"
« Reply #11 on: June 06, 2010, 06:27:35 PM »
@davidR/Asyn, Sorry but I don't agree with you because if the file is REAL
then Avast should fix the detection. Sometimes AV companies like Avast
detect files like this one that "potentially " can have some danger and don't
change the detection. Well, I can live with that but most users end up
deleting files that might be needed in the future.
When I was using Avira they detected 12 original HP files in my computer
and after all it was done 11 of them were fix, so I excluded the one left.
I never moved them from the original place and to me its easy to know a
real virus from a false positive but as both of you guys know that is not the
case for most users.
Avast up to this point has not detected anything on my PC and probably
never will because I never get infected. When I saw this thread yesterday
I scanned my HP folders and there were no FP detections at all. The file
Killit is not on my PC but HP has a bunch of files with ugly names like that
one and if you are a HP owner and start deleting all the HP original files that
your AV detects you ll end up with functions becoming useless.
Bo


Mr.Agent

  • Guest
Re: I got a "Threat"
« Reply #12 on: June 06, 2010, 06:29:17 PM »
Strange but i dont got this kind of file name on mine... :o

I scanned the folder and no threat.

Also no virus in my chest...
« Last Edit: June 06, 2010, 06:31:12 PM by Mr.Agent »

bo.elam

  • Guest
Re: I got a "Threat"
« Reply #13 on: June 06, 2010, 06:39:08 PM »
@DavidR, sorry Dave I forgot. I also don't agree with you that the user
should "deselect the PUP option, effectively setting it back to the defaults".
That its completely wrong because if a user does that REAL malware
can penetrate his computer because PUP is not selected to be scanned
or detected by the AV. If the user does that and goes to a page infected
by a rogue, then whats gonna happen is that his computer will be infected
by that rogue.
Anyway, he should send the detection to Avast and if its not fixed he should
excluded it from being detected.
Bo


Mr.Agent

  • Guest
Re: I got a "Threat"
« Reply #14 on: June 06, 2010, 06:41:57 PM »
Anyway for PUP its up to the user for if he want it or no.

Like me i did select it in all shields and settings. Because i dont know in any way if there a PUP and its a real virus so i could verify it via virustotal or google for about the files or come here.