Killapps.exe/Trojan.win32.killproc.i

Discussion in 'malware problems & news' started by JPM, Dec 19, 2004.

Thread Status:
Not open for further replies.
  1. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    Hello,

    Yesterday as I was doing a virus scan on my system KAV popped up and said that KillApps.exe was infected with a trojan or I guess is a trojan. The warning said trojan.win32.killproc.i. I scanned the file with TDS-3 and also NOD32 and neither of those show anything. I also have BOClean running resident and it has never popped up regarding this file. I had scanned my system two days ago with KAV and it did not say anything at that time so I am wondering if this could be a false positive that was introduced with the latest DB update from Kaspersky? I googled the file name in question and I found one reference to it being a trojan but also a few that say it's a safe file. Anyone else with KAV seeing this in the last few days?

    Thanks in Advance
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I don't use KAV but i'm sure if u sent the file to them, they could tell u if it is a FP or not.



    snowbound
     
  3. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    I had already sent it off to them. I was just seeing if anyone else had come across this. I will post the answer when I receive their reply.


    Peace
     
  4. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    Well they replied (very quickly I might add) and said the FP had already been fixed and to download the latest DB updates. I checked again and I already had the latest update but the file still shows as being infected. Sooooo, I sent them another email and we shall see :)
     
  5. hutzelmann

    hutzelmann Guest

  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Were you using extended data bases? The only time I tried using extended sigs, KAV went ahead and deleted Terminate.exe, which is a legitimate prog in HP machines. Maybe KAV doesn't like files called 'kill' or 'terminate', especially when their function is to halt other progs!

    Actually, Killproc.exe is a legitimate Microsoft prog (depending on file path!), but I really don't know about Killapps.exe one way or the other.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,896
    Location:
    SW. Oklahoma
    the first time I ran a scan with mcafee it deleted both apps. that is when I researched them and found this
     

    Attached Files:

    Last edited: Dec 21, 2004
  8. hutzelmann

    hutzelmann Guest

  9. Sk4i

    Sk4i Guest

    Any word on this file - my system has picked it up a few times now and I'm trying to figure out what it does. A quick Google seems to indicate it's some sort of Trojan.

    Also I found the creators site [ I think ] http://www.killapps.com/

    I use Kaspersky Personal 5 with Extended DB's, however I remember it picking this file up awhile ago while running on Standard if I'm not mistaken.
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    There seems to be at least two different things here:-

    a) Creative Labs' Audigy sound card uses 2K_XP/Drivers/COMMON/killapps.exe. See here for details:- http://www.soundcard-drivers.com/drivers/58/58954.htm

    b) Killapps - which is sofware used for the control of certain applications. See here:- http://www.killapps.com/screenshots.htm

    c) Clearly, if the above two things do not apply, then we have to think in terms of malware.

    The most likely explanation is the Audigy sound card.(see here:- http://research.pestpatrol.com/Analyses/2004-03-02_212212.asp).

    Eliminate this possibility before considering anything else. It is not unknown for the heuristics of an AV to misinterpret the veracity of a prog designed to halt other processes.
     
  11. me_again

    me_again Guest

    lol !!!

    panda av reports it's an hacking tool, what ever it is. it's not located in the driver files of my sound card :d lol

    destroy it and be happy
     
  12. i ment the killapp's

    :) lol :d :d:d
     
  13. xlliz

    xlliz Guest

    The problem is, after this killapps.exe was deleted, I never be able to manage the system service,view stop and the like functions were lost.
     
  14. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.