Author Topic: KillIt.exe  (Read 20199 times)

0 Members and 1 Guest are viewing this topic.

Offline justinlee

  • Poster
  • *
  • Posts: 400
KillIt.exe
« on: July 17, 2010, 07:25:12 PM »
I am using Avast Internet Security and it has recently picked up a file called 'KillIt.exe'. I have done some research and found some posts saying that this is a false positive and you should not delete this file. Most of the posts point towards this being a useful file on HP computers but I have a VAIO so cannot see why this would be on my machine now as Avast has never picked it up before.

If I move it to the Virus Chest and it happens to be a file that I need how would I recover it from the chest and move it back to it's rightful place?

Thanks
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: KillIt.exe
« Reply #1 on: July 17, 2010, 08:01:03 PM »
Can you upload it to www.virustotal.com and check?
It's safe on chest and you could restore it later, after checking.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: KillIt.exe
« Reply #2 on: July 17, 2010, 08:04:19 PM »
It isn't a false positive as such, the function that this 'tool' carries out is to kill processes, etc. and like any tool it can be used for good or evil and an antivirus can't determine intent.

You don't say what the malware name was or if it was called a PUP, Potentially Unwanted Program ?
This is a tool that I believe is in the HP restore partition, yes, no, you didn't say ?

If so then it isn't something installed maliciously and can remain, in which case you would want to exclude that file from further scans:
- In the meantime (if you accept the risk), add it to the avast Settings, Exclusions:
avast Settings, Exclusions Add and copy and paste the full path into the window.

If you did happen send it to the chest it can be restored if needs be. But I believe that HP restore partition is protected so you probably wouldn't be able to send it to the chest anyway

To Restore it to its original location, open the avast chest and right click on the file and select Restore.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline justinlee

  • Poster
  • *
  • Posts: 400
Re: KillIt.exe
« Reply #3 on: July 17, 2010, 08:11:15 PM »
Ok i have done that and it's given me a load of results but what am i looking for?

here is the link...

http://www.virustotal.com/analisis/0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1279389991
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: KillIt.exe
« Reply #4 on: July 17, 2010, 08:26:33 PM »
Seems a PUP, Potentially Unwanted Program, like David said.
The best things in life are free.

Offline justinlee

  • Poster
  • *
  • Posts: 400
Re: KillIt.exe
« Reply #5 on: July 17, 2010, 08:30:40 PM »
Yes Avast does show it as a PUP but i don't think it's malicious. just wondering why Avast never picked it up before but does now??
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: KillIt.exe
« Reply #6 on: July 17, 2010, 08:38:38 PM »
Yes Avast does show it as a PUP but i don't think it's malicious. just wondering why Avast never picked it up before but does now??
What do you mean with before? Version 4.8? PUP was generally introduced on version 5 only.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: KillIt.exe
« Reply #7 on: July 17, 2010, 08:49:22 PM »
Yes Avast does show it as a PUP but i don't think it's malicious. just wondering why Avast never picked it up before but does now??

What scan was it that you were running ?

As I don't believe that PUP scanning is set by default in avast 5 for the pre-defined scans, so it looks like you have been tweaking the settings and as Tech said this wasn't in avast 4.8.

PUPs aren't malicious, just a Potentially Unwanted Programs and you are the one to decide that, as I said if it is in the HP restore partition (which you didn't answer) then it is there for a legit purpose. If it were in a different location (again you didn't answer) it could have been placed their maliciously.

This is why we ask questions to get a better understanding of the detection so we can better advise you.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: KillIt.exe
« Reply #8 on: July 17, 2010, 11:45:04 PM »
Hi justinlee,

This is neither a virus or trojan. KillApp.B is a potentially unwanted program. This is a command-line utility to terminate applications. Such utilities have been known to be misused; bundled with trojans for malicious purposes.

If you goto start->run-> and type C:\hp\bin\killit.exe will close all the running applications and will logoff from the computer,

If it came with HP it is OK, restore it from the chest and exclude it from scanning, to make absolutely sure you could upload the executable to virustotal and give us the results,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline justinlee

  • Poster
  • *
  • Posts: 400
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: KillIt.exe
« Reply #10 on: November 25, 2010, 05:10:20 PM »
What is on virustotal doesn't matter a jot, as you now know what the process is, a PUP and you know if it is on your system legitimately.

e.g. if you have an HP system and it is in the location pondus mentioned, something despite being asked before you never confirmed its location.

So you have to decide, a) don't scan for PUPs on your custom scan or b) exclude the file from on-demand scans; of course there is another option let avast move it to the chest/delete it and be done with it, but that isn't a decision I feel should be taken. That decision is one for you based on the information already give in this topic, we can't make the decision for you.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline justinlee

  • Poster
  • *
  • Posts: 400
Re: KillIt.exe
« Reply #11 on: November 30, 2010, 12:28:16 AM »
I haven't got a HP system. It's a Sony Vaio.
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: KillIt.exe
« Reply #12 on: November 30, 2010, 01:19:04 AM »
You still haven't said where this file is located as that helps us determine if it is legit as no doubt other makers will probably use this tool also ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline justinlee

  • Poster
  • *
  • Posts: 400
Re: KillIt.exe
« Reply #13 on: November 30, 2010, 10:33:38 AM »
It's located in C:\HP\BIN\KillIt.exe
Windows 7 Home Premium (64-bit) SP1,
Intel Core i5-2410M @2.30GHz, 6GB RAM
AvastFree Antivirus & ZoneAlarm Free.

SafeSurf

  • Guest
Re: KillIt.exe
« Reply #14 on: November 30, 2010, 10:39:11 AM »
Are any of your accessories that go with your machine, like a monitor, printer, scanner, fax, modem, etc. made by Hp?