Help Killit.exe Malware, Spyware or Useful?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
Hidden folder.  Ad-Aware didn't find it but, Panda Anti-Virus lists it
as Malware or a Hacking Tool.  Now I ran killit through Google and
many people say it came with their computer and was put there by HP.  

Is killit.exe Malware or part of an HP program?

TIA

Re: Help Killit.exe Malware, Spyware or Useful?


Quoted text here. Click to load it

Info found at
http://pcpitstop.invisionzone.com/lofiversion/index.php/t108737.html

<quote>

these items:
Potentially unwanted tool:Application/HideWindow.A Not disinfected
C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected
C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected
C:\hp\bin\Terminator.exe

...Are bundled with HP and some Compaq computers in the original sysem
configuration.
The specific .exe functions listed are part of what is known as BACKWEB, a
utility that allows HP to
"push" content onto the user's machine when the user visits the HP site for
updates. There is
considerable debate over the "legitimacy" of BackWeb type functions. Used
strictly with HP, they are
probably "safe" for the user even though the user may receive some unwanted
advertising content.

My concern is that any BackWeb utility on your machine can potentially be used
for more nefarious
purposes if and when a bad-guy is able to place other malware onto your computer.

HP will tell you that BackWeb and its associated files are "necessary" for
stable function of your
computer and that removing them could compromise your ability to download needed
updates from HP. My
experience tells me otherwise. You will still be able to get any update HP has
to offer, and of
course the Microsoft Updates for your operating system come to you directly from
MS, and will not be
influenced if you decide to remove this decidedly deceptive "bloatware"
(BackWeb) from HP.

<unquote>



Re: Help Killit.exe Malware, Spyware or Useful?


| Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
| Hidden folder.  Ad-Aware didn't find it but, Panda Anti-Virus lists it
| as Malware or a Hacking Tool.  Now I ran killit through Google and
| many people say it came with their computer and was put there by HP.

| Is killit.exe Malware or part of an HP program?

| TIA


Please submit a sample of "killit.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Help Killit.exe Malware, Spyware or Useful?

On Fri, 05 May 2006 11:17:30 GMT, "David H. Lipman"

Quoted text here. Click to load it

Does this scan only check for Viruses becuse my Google search of
killit.exe showed most people view it as Malware or Spyware not a
Virus?  The scan results say nothing about the file being Malware or
Spyware?

Results of a file scan

This is a report processed by VirusTotal on 05/05/2006 at 23:25:34
(CET) after scanning the file "KillIt.exe" file.
AntivirusVersionUpdateResult
AntiVir6.34.0.2404.20.2006no virus found
Avast4.6.695.005.05.2006no virus found
AVG38605.05.2006no virus found
Avira6.34.1.5805.05.2006no virus found
BitDefender7.205.05.2006no virus found
CAT-QuickHeal8.0005.05.2006no virus found
ClamAVdevel-2006042605.05.2006no virus found
DrWeb 4.3305.05.2006no virus found
eTrust-InoculateIT23.72.005.05.2006no virus found
eTrust-Vet12.4.219405.04.2006no virus found
Ewido3.505.05.2006no virus found
Fortinet2.71.0.005.04.2006ProcKill
F-Prot3.16c05.0

Re: Help Killit.exe Malware, Spyware or Useful?


| On Fri, 05 May 2006 11:17:30 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| Does this scan only check for Viruses becuse my Google search of
| killit.exe showed most people view it as Malware or Spyware not a
| Virus?  The scan results say nothing about the file being Malware or
| Spyware?
|
| Results of a file scan
|
| This is a report processed by VirusTotal on 05/05/2006 at 23:25:34
| (CET) after scanning the file "KillIt.exe" file.
| AntivirusVersionUpdateResult
| AntiVir6.34.0.2404.20.2006no virus found
| Avast4.6.695.005.05.2006no virus found
| AVG38605.05.2006no virus found
| Avira6.34.1.5805.05.2006no virus found
| BitDefender7.205.05.2006no virus found
| CAT-QuickHeal8.0005.05.2006no virus found
| ClamAVdevel-2006042605.05.2006no virus found
| DrWeb 4.3305.05.2006no virus found
| eTrust-InoculateIT23.72.005.05.2006no virus found
| eTrust-Vet12.4.219405.04.2006no virus found
| Ewido3.505.05.2006no virus found
| Fortinet2.71.0.005.04.2006ProcKill
| F-Prot3.16c05.0

Any file can be named anything so a Google search is insufficient to come to a
conclusion.
Submitting a sample to Virus Total is testing THAT file.

This report is incomplete, it appears to be a clean file in terms of viruses and
Trojans.
However ...
Fortinet2.71.0.005.04.2006ProcKill

That is idicativie that it is a Procedure Kill utility.  Such a utility is NOT
malware in
itself but it is flagged because it may be used in a malicious way.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline