Author Topic: win32:killapp-w detection.  (Read 26426 times)

0 Members and 1 Guest are viewing this topic.

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
win32:killapp-w detection.
« on: June 11, 2010, 06:12:04 PM »
the file wich is detected is c:/hp/bin/endprocess.exe , does anyone know what this is?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71672
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #1 on: June 11, 2010, 06:26:44 PM »
Try a search in this forum (search box in the window) for that malware name or endprocess as this has been discussed recently.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 37.0.2, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
Re: win32:killapp-w detection.
« Reply #2 on: June 11, 2010, 08:02:20 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?
« Last Edit: June 11, 2010, 08:05:27 PM by maugrimx »

Online Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26589
Re: win32:killapp-w detection.
« Reply #3 on: June 11, 2010, 08:17:50 PM »
Quote
but why is a real threat like ardamax keylogger only detected as a PUP?
You have to buy it, and install it....and you know what it will do. It does not install by itselfe

http://www.ardamax.com/keylogger/
« Last Edit: June 11, 2010, 08:24:41 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
Re: win32:killapp-w detection.
« Reply #4 on: June 11, 2010, 08:34:34 PM »
sorry, i was just looking at the ardamax website and there was no mention of the keylogger being able to install itself remotely through email anymore as was the case some years ago.

look here http://forum.hosts-file.net/viewtopic.php?f=11&t=549&hilit=ardamax

Online Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26589
Re: win32:killapp-w detection.
« Reply #5 on: June 11, 2010, 08:39:27 PM »
jepp thats from 2008.....but interesting...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71672
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #6 on: June 11, 2010, 08:44:27 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?

The problem is one of intent, with tools like this (to stop/kill/end a process), they can be used for good or evil and avast isn't to know the intent. You know from the location and that you have an HP system (presumably) that this is a tool from HP, most likely used if required when doing a restore, etc. So you know it is OK so as you say can ignore it but avast can't as it doesn't have the information you have.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 37.0.2, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
Re: win32:killapp-w detection.
« Reply #7 on: June 11, 2010, 09:35:12 PM »
yes it is a HP computer.

thanks  :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71672
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #8 on: June 11, 2010, 09:47:23 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 37.0.2, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline maugrimx

  • Full Member
  • ***
  • Posts: 107
Re: win32:killapp-w detection.
« Reply #9 on: June 11, 2010, 10:02:33 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
just did, works perfectly  :)