Author Topic: win32:killapp-w detection.  (Read 25724 times)

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
  • Gender: Male
    • Personal Message (Offline)
win32:killapp-w detection.
« on: June 11, 2010, 04:12:04 PM »
the file wich is detected is c:/hp/bin/endprocess.exe , does anyone know what this is?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #1 on: June 11, 2010, 04:26:44 PM »
Try a search in this forum (search box in the window) for that malware name or endprocess as this has been discussed recently.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #2 on: June 11, 2010, 06:02:20 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?
« Last Edit: June 11, 2010, 06:05:27 PM by maugrimx »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21653
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #3 on: June 11, 2010, 06:17:50 PM »
Quote
but why is a real threat like ardamax keylogger only detected as a PUP?
You have to buy it, and install it....and you know what it will do. It does not install by itselfe

http://www.ardamax.com/keylogger/
« Last Edit: June 11, 2010, 06:24:41 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #4 on: June 11, 2010, 06:34:34 PM »
sorry, i was just looking at the ardamax website and there was no mention of the keylogger being able to install itself remotely through email anymore as was the case some years ago.

look here http://forum.hosts-file.net/viewtopic.php?f=11&t=549&hilit=ardamax

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21653
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #5 on: June 11, 2010, 06:39:27 PM »
jepp thats from 2008.....but interesting...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #6 on: June 11, 2010, 06:44:27 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?

The problem is one of intent, with tools like this (to stop/kill/end a process), they can be used for good or evil and avast isn't to know the intent. You know from the location and that you have an HP system (presumably) that this is a tool from HP, most likely used if required when doing a restore, etc. So you know it is OK so as you say can ignore it but avast can't as it doesn't have the information you have.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #7 on: June 11, 2010, 07:35:12 PM »
yes it is a HP computer.

thanks  :)

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #8 on: June 11, 2010, 07:47:23 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
  • Gender: Male
    • Personal Message (Offline)
Re: win32:killapp-w detection.
« Reply #9 on: June 11, 2010, 08:02:33 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
just did, works perfectly  :)

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now