Author Topic: win32:killapp-w detection.  (Read 30488 times)

0 Members and 1 Guest are viewing this topic.

maugrimx

  • Guest
win32:killapp-w detection.
« on: June 11, 2010, 06:12:04 PM »
the file wich is detected is c:/hp/bin/endprocess.exe , does anyone know what this is?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #1 on: June 11, 2010, 06:26:44 PM »
Try a search in this forum (search box in the window) for that malware name or endprocess as this has been discussed recently.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

maugrimx

  • Guest
Re: win32:killapp-w detection.
« Reply #2 on: June 11, 2010, 08:02:20 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?
« Last Edit: June 11, 2010, 08:05:27 PM by maugrimx »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: win32:killapp-w detection.
« Reply #3 on: June 11, 2010, 08:17:50 PM »
Quote
but why is a real threat like ardamax keylogger only detected as a PUP?
You have to buy it, and install it....and you know what it will do. It does not install by itselfe

http://www.ardamax.com/keylogger/
« Last Edit: June 11, 2010, 08:24:41 PM by Pondus »

maugrimx

  • Guest
Re: win32:killapp-w detection.
« Reply #4 on: June 11, 2010, 08:34:34 PM »
sorry, i was just looking at the ardamax website and there was no mention of the keylogger being able to install itself remotely through email anymore as was the case some years ago.

look here http://forum.hosts-file.net/viewtopic.php?f=11&t=549&hilit=ardamax

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: win32:killapp-w detection.
« Reply #5 on: June 11, 2010, 08:39:27 PM »
jepp thats from 2008.....but interesting...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #6 on: June 11, 2010, 08:44:27 PM »
ill just ignore the detection of the win32:killapp-w then after looking at the info about it in other threads on this forum.

but why is a real threat like ardamax keylogger only detected as a PUP?

The problem is one of intent, with tools like this (to stop/kill/end a process), they can be used for good or evil and avast isn't to know the intent. You know from the location and that you have an HP system (presumably) that this is a tool from HP, most likely used if required when doing a restore, etc. So you know it is OK so as you say can ignore it but avast can't as it doesn't have the information you have.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

maugrimx

  • Guest
Re: win32:killapp-w detection.
« Reply #7 on: June 11, 2010, 09:35:12 PM »
yes it is a HP computer.

thanks  :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32:killapp-w detection.
« Reply #8 on: June 11, 2010, 09:47:23 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

maugrimx

  • Guest
Re: win32:killapp-w detection.
« Reply #9 on: June 11, 2010, 10:02:33 PM »
You're welcome, if you accept the risk (not really an issue here) then you can exclude it from on-demand scans, Avast Settings, Exclude, navigate to the folder and select the folder. You will now see the folder in the exclusions, but you don't want to exclude the whole folder, you can modify that entry, changing the /* to /endprocess.exe.

Or perhaps easier copy and paste c:/hp/bin/endprocess.exe into the new window, see image.
just did, works perfectly  :)