killapps.exe

Discussion in 'Trojan Defence Suite' started by broadsword7, Apr 1, 2005.

Thread Status:
Not open for further replies.
  1. broadsword7

    broadsword7 Registered Member

    Joined:
    Feb 16, 2003
    Posts:
    10
    For several months, I have been getting false reports on a file:

    Positive identification: Riskware.Proxy.Hltv
    File: c:\sierra\half-life\hltv.exe

    I sent the files and posted here on it, and was told they are legitimate and that an update would soon take care of them.

    Now, as of April 1, 2005, I'm getting a hit on this file:

    Positive identification: Riskware.Tool.KillApp.b
    File: c:\windows\system32\killapps.exe

    Manual scans with NAV do not detect anything wrong with this file, killapps.exe. It's been on my system for awhile, and I have a CREATIVE sound card. Right-clicking the file does not reveal any specifics on the author.

    Anybody know about this one? And will a future update remove the alarm if it is a legitimate file? And how about the one about htlv.exe?

    Regards,

    Phil
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, you might like tyo submit that file too, just in case! Thanks a lot!
    Looking forward to the results!
     
  3. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I'm also getting the same file...I've tried to read up on it. There seems to be some confusion about whether this is a legit file that has the potential to be used in a harmful way, or if it is ok, or if it is a nasty. I have some more reading to do, but my intuition tells me that it is a false positive. I hope someone with specific knowledge will comment on this soon.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    https://www.wilderssecurity.com/showthread.php?t=59067
    http://www.techsupportforum.com/showthread.php?t=38329
    http://www.soundcard-drivers.com/drivers/58/58954.htm <<see it here in their original software
    166 07-19-01 16:15 2K_XP/Drivers/COMMON/kill.ini
    36864 03-23-01 14:09 2K_XP/Drivers/COMMON/killapps.exe

    Killapps.exe is used by Creative setup to terminate active applications before installing/uninstalling Creative software.
    The problem is that the same application is used by several scripts and trojans to terminate anti-virus software and firewalls.
    Therefore detection for it is added as "Riskware" which means: "This program alone is harmless and might have some applications where its used in a legal way but there are several malcious porgrams out there that use that program to do evil things."

    Both those location would seem legit:
    C:\OEMDRVRS\COMMON\KILLAPPS.EXE <------- Driver location
    C:\WINDOWS\system32\killapps.exe <-------System32 location
     
  5. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Jooske,
    Make it simple for a simple mind like mine. What do I do about this potential threat? It is installed in the location C:/windows/system32/killapps.exe and I do have a Creative sound card. Should I ignore it every time? Or should I delete the file?
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Dallen, At a guess :) If you have ProcessGuard it will alert you firstly if the .exe is changed and secondly what command instigated the process to start.
    As a second line of defence you could add the .exe to TDS3's CRC checkist which would also alert on a change.

    The other part is that if you are changing or updating you soundcard configuration you might expect the .exe to be started but if not then this may be cause for concern.

    HTH Pilli.
     
  7. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi dallen,

    Deleting killapps.exe will cause no problems. It is included in the Creative driver installers and will be placed in \system32 again if missing.

    Nick
     

    Attached Files:

  8. broadsword7

    broadsword7 Registered Member

    Joined:
    Feb 16, 2003
    Posts:
    10
    I just zipped the file and sent it in. Hopefully it will yield something and perhaps if it is a legitimate file we will know.

    Phil
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Gavin explained in the General forum at DiamondCS some about it.
    Best ignore if for the moment.
     
  10. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I think it´s a false positive, isn´t it ?
     
  11. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Well it is but it isn't

    It's what is called a riskware program that has many useful legitimate uses BUT it has been used and is being used by the scumware developers to close or disable antiviruses and other security software to enable them to get their trojans and adware etc on your computer

    IT is correct that TDS should detect it but like all detections of this nature, YOU have the choice of fixing it or ignoring it

    It is perfectly safe to fix as once you have installed your creative or other card that uses it then it isn't needed again until you update drivers which for most of us is never or very very rarely

    However I would always check if you have othe malware found on the computer if you haven't got a creative card

    When TDS 4 comes out hopefully the new exclusions settings will enable users to exclude single files of this nature from detection
     
  12. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Thanks for help.

    I have a Creative card installed in my computer, and I´m sure I don´t have any kind of malware or something.My computer was scanned with Spy Bot, Microsoft AntiSpyware, TDS-3, Trojan Hunter 4.2 and NOD32 2.5 beta.

    Best Regards,

    DonKid.
     
  13. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    So...Are you saying that if I elect to fix it, there will be no ill side effects?
     
  14. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    from everything I have read there should be no ill effects whatsover

    it is only used by creative to stop running processes when it installs the new drivers and it is assumed that with each driver download a new one would be installed along with it

    it doesn't run all the time

    how often do you actually update graphics drivers? unless you are a hardcore gamer or have a problem that an update is supposed to fix
     
  15. Mephisto

    Mephisto Guest

    I ditched mine about 2 weeks ago and have had no problems. Sound still works fine and there are no event log/application errors surrounding this .exe

    Maybe it will rear it's head if i ever try to update the drivers but i seriously doubt it.
     
  16. Mephisto

    Mephisto Guest

    Just on a side note ... I don't trust Creative as far as i could throw them - and thats why i was all to happy to delete this killapps.exe.
    All Creative install drivers stick free.aol.com links and cookies into numerous areas of the users PC - including one into the IE safe zones. As well as about 5 autostart entry's complete with the un-needed running processes into the registry.
     
  17. HiJack

    HiJack Guest

    killapps.exe is a trojan & a hacking tool. I do have a Creative 5.1 sound, sound works fine. Yesterday switched the PC off normally and everything was well, CPU running low, fast PC etc. Switched on today, getting Windows Logon errors, tried to see what is it, nothing, did a Panda Software scan, found killapps.exe and have deleted, did a restart and had problems when loading up due of not finding boot.ini in c:\windows\setup32\*, have talked with a mate and have cleared everything up, done a repair via the winXP and everything works fine.
     
  18. meee

    meee Guest

    if you have a creative audigy card and you're careful about security killapps.exe is likely part of the creative setup. if you're still bugged by it either add it to an exclusion list or just rename it to killapps.exe.disabled
     
  19. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    From KAV support:
    From BitDefender:
     
  20. Nickie

    Nickie Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    11
    On my PC killapps appeared in ...\Windows\system32\ when I installed Audigy 2 ZS (it's on the installation CD). I renamed it to see what happened. Nothing happened, and everything has been running smoothly for a couple of months now, with TDS-3 calling the renamed file riskware at every scan. So I'd say ignore it, if it came with your Audigy card.
     
  21. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Strange because it never happended to me. No warning at all from TDS only from KAV. Then I add it to my exclusion list.
     
    Last edited: May 29, 2005
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I deleted Killapps a long time ago. It has had no ill effects on my system at all.

    bigc
     
Thread Status:
Not open for further replies.