Avast 4.6 says : Win32:Trojan-gen. {VC}" has been found

I just happened to perform a Ad-Aware scan on my computer, and my resident avast scanner warned me about killapps.exe, which i then deleted( i actually meant to clock another button, but i missed, deleting it instead .

Usually when i get any virus/trojan etc. warning i quickly obtain new online banking codes, just to be safe, but this time im pretty sure i have been running the resident shield all the time, and besides im too lazy to change codes again.

Avast logged the following in Warning.log:
29-03-2005 22:53:06 1112129586 SYSTEM 204 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\killapps.exe" file.

I have been unable to find any information on this Trojan, but ive seen other references to killapps.exe as RiskWare, apparently because it allows other programs to shutdown processes like AV programs.

I just want to be sure that it isnt a key logger of some sort.

I have already started a full scan of my HD's and nothing seems to show up, and i dont want to change codes unless there is actually a reason to do so.

Hope this is the correct forum to ask this question, otherwise i apologize.

 

Have a look at these two threads:-

https://www.wilderssecurity.com/showthread.php?t=59067

http://forum.emsisoft.com/viewtopic.php?t=2459

 

Thanks alot, i guess it wasnt as bad as i thought then.

 

If the file was installed by Creative Labs' Audigy sound card, you have no reason to worry at all. Note that Avast's log warning says:-

Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\killapps.exe"

It does not say you have the Trojan, merely that you have a 'Sign' of it due to the characteristics of the killapp.exe file. In the first thread I gave above the poster was using KAV which found the file as riskware due to similar characteristics with Trojan.win32.killproc.i. In fact this is the same family of trojans as Win32:Trojan-gen; it is just different AV companies giving different names to the same thing - see here:-

http://www.virusbtn.com/perlbin/vgrep/vgrep.cgi?terms=Trojan.win32.killproc&product=0&offset=15

 

I dont have an audigy card, but i do have a SB Live! Value card which uses the same unified driver package and after deleting killapps.exei had to reinstall the Soundblaster driver so i guess its highly probable that this is the cause. I have also run Panda active scan and a full Avast scan, which found nothing(well actually Avast found Panda and went totally ape with Virus warnings due to the Panda virus pattern file
For good measure im now also running a Trend Micro scan.
For this type of warning i would expect the file to listed as RiskWare or something like that as the file is not malignant in itseld, it is just vulnerable to abuse.

Thanks for the explanation.

 

The SoundBlaster card is also by Creative Labs (same as Audigy) - so no problem.

The reason why Avast and some of the others, are not finding KillApps.exe specifically as 'Riskware' is that they don't find riskware at all! What is happening is that the heuristics of the AVs are noting the potential function of the file (to close other progs) and flagging it as a possible trojan.

It is only certain progs, such as A2, that can correctly identify the file as non-malware riskware.