Killapps.exe/Trojan.win32.killproc.i

Discussion in 'malware problems & news' started by JPM, Dec 19, 2004.

Thread Status:
Not open for further replies.
  1. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    Hello,

    Yesterday as I was doing a virus scan on my system KAV popped up and said that KillApps.exe was infected with a trojan or I guess is a trojan. The warning said trojan.win32.killproc.i. I scanned the file with TDS-3 and also NOD32 and neither of those show anything. I also have BOClean running resident and it has never popped up regarding this file. I had scanned my system two days ago with KAV and it did not say anything at that time so I am wondering if this could be a false positive that was introduced with the latest DB update from Kaspersky? I googled the file name in question and I found one reference to it being a trojan but also a few that say it's a safe file. Anyone else with KAV seeing this in the last few days?

    Thanks in Advance
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I don't use KAV but i'm sure if u sent the file to them, they could tell u if it is a FP or not.



    snowbound
     
  3. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    I had already sent it off to them. I was just seeing if anyone else had come across this. I will post the answer when I receive their reply.


    Peace
     
  4. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    Well they replied (very quickly I might add) and said the FP had already been fixed and to download the latest DB updates. I checked again and I already had the latest update but the file still shows as being infected. Sooooo, I sent them another email and we shall see :)
     
  5. hutzelmann

    hutzelmann Guest

  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Were you using extended data bases? The only time I tried using extended sigs, KAV went ahead and deleted Terminate.exe, which is a legitimate prog in HP machines. Maybe KAV doesn't like files called 'kill' or 'terminate', especially when their function is to halt other progs!

    Actually, Killproc.exe is a legitimate Microsoft prog (depending on file path!), but I really don't know about Killapps.exe one way or the other.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    the first time I ran a scan with mcafee it deleted both apps. that is when I researched them and found this
     

    Attached Files:

    Last edited: Dec 21, 2004
  8. hutzelmann

    hutzelmann Guest

  9. Sk4i

    Sk4i Guest

    Any word on this file - my system has picked it up a few times now and I'm trying to figure out what it does. A quick Google seems to indicate it's some sort of Trojan.

    Also I found the creators site [ I think ] http://www.killapps.com/

    I use Kaspersky Personal 5 with Extended DB's, however I remember it picking this file up awhile ago while running on Standard if I'm not mistaken.
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    There seems to be at least two different things here:-

    a) Creative Labs' Audigy sound card uses 2K_XP/Drivers/COMMON/killapps.exe. See here for details:- http://www.soundcard-drivers.com/drivers/58/58954.htm

    b) Killapps - which is sofware used for the control of certain applications. See here:- http://www.killapps.com/screenshots.htm

    c) Clearly, if the above two things do not apply, then we have to think in terms of malware.

    The most likely explanation is the Audigy sound card.(see here:- http://research.pestpatrol.com/Analyses/2004-03-02_212212.asp).

    Eliminate this possibility before considering anything else. It is not unknown for the heuristics of an AV to misinterpret the veracity of a prog designed to halt other processes.
     
  11. me_again

    me_again Guest

    lol !!!

    panda av reports it's an hacking tool, what ever it is. it's not located in the driver files of my sound card :d lol

    destroy it and be happy
     
  12. i ment the killapp's

    :) lol :d :d:d
     
  13. xlliz

    xlliz Guest

    The problem is, after this killapps.exe was deleted, I never be able to manage the system service,view stop and the like functions were lost.
     
  14. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
Thread Status:
Not open for further replies.