Help Killit.exe Malware, Spyware or Useful?

D

Drax

Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
Hidden folder. Ad-Aware didn't find it but, Panda Anti-Virus lists it
as Malware or a Hacking Tool. Now I ran killit through Google and
many people say it came with their computer and was put there by HP.

Is killit.exe Malware or part of an HP program?

TIA
 
S

Sanjaya

Drax said:
Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
Hidden folder. Ad-Aware didn't find it but, Panda Anti-Virus lists it
as Malware or a Hacking Tool. Now I ran killit through Google and
many people say it came with their computer and was put there by HP.

Is killit.exe Malware or part of an HP program?

TIA
Click to expand...

Info found at
http://pcpitstop.invisionzone.com/lofiversion/index.php/t108737.html

<quote>

these items:
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe

....Are bundled with HP and some Compaq computers in the original sysem configuration.
The specific .exe functions listed are part of what is known as BACKWEB, a utility that allows HP to
"push" content onto the user's machine when the user visits the HP site for updates. There is
considerable debate over the "legitimacy" of BackWeb type functions. Used strictly with HP, they are
probably "safe" for the user even though the user may receive some unwanted advertising content.

My concern is that any BackWeb utility on your machine can potentially be used for more nefarious
purposes if and when a bad-guy is able to place other malware onto your computer.

HP will tell you that BackWeb and its associated files are "necessary" for stable function of your
computer and that removing them could compromise your ability to download needed updates from HP. My
experience tells me otherwise. You will still be able to get any update HP has to offer, and of
course the Microsoft Updates for your operating system come to you directly from MS, and will not be
influenced if you decide to remove this decidedly deceptive "bloatware" (BackWeb) from HP.

<unquote>
 
D

David H. Lipman

From: "Drax" <[email protected]>

| Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
| Hidden folder. Ad-Aware didn't find it but, Panda Anti-Virus lists it
| as Malware or a Hacking Tool. Now I ran killit through Google and
| many people say it came with their computer and was put there by HP.

| Is killit.exe Malware or part of an HP program?

| TIA


Please submit a sample of "killit.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 
D

Drax

From: "Drax" <[email protected]>

| Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
| Hidden folder. Ad-Aware didn't find it but, Panda Anti-Virus lists it
| as Malware or a Hacking Tool. Now I ran killit through Google and
| many people say it came with their computer and was put there by HP.

| Is killit.exe Malware or part of an HP program?

| TIA


Please submit a sample of "killit.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
Click to expand...

Does this scan only check for Viruses becuse my Google search of
killit.exe showed most people view it as Malware or Spyware not a
Virus? The scan results say nothing about the file being Malware or
Spyware?

Results of a file scan

This is a report processed by VirusTotal on 05/05/2006 at 23:25:34
(CET) after scanning the file "KillIt.exe" file.
AntivirusVersionUpdateResult
AntiVir6.34.0.2404.20.2006no virus found
Avast4.6.695.005.05.2006no virus found
AVG38605.05.2006no virus found
Avira6.34.1.5805.05.2006no virus found
BitDefender7.205.05.2006no virus found
CAT-QuickHeal8.0005.05.2006no virus found
ClamAVdevel-2006042605.05.2006no virus found
DrWeb 4.3305.05.2006no virus found
eTrust-InoculateIT23.72.005.05.2006no virus found
eTrust-Vet12.4.219405.04.2006no virus found
Ewido3.505.05.2006no virus found
Fortinet2.71.0.005.04.2006ProcKill
F-Prot3.16c05.0
 
D

David H. Lipman

From: "Drax" <[email protected]>

| On Fri, 05 May 2006 11:17:30 GMT, "David H. Lipman"
| said:
|> Ok my new computer has killit.exe in the C:\HP\BIN folder which is a
|> Hidden folder. Ad-Aware didn't find it but, Panda Anti-Virus lists it
|> as Malware or a Hacking Tool. Now I ran killit through Google and
|> many people say it came with their computer and was put there by HP.
|> Is killit.exe Malware or part of an HP program?
Click to expand...
|
| Does this scan only check for Viruses becuse my Google search of
| killit.exe showed most people view it as Malware or Spyware not a
| Virus? The scan results say nothing about the file being Malware or
| Spyware?
|
| Results of a file scan
|
| This is a report processed by VirusTotal on 05/05/2006 at 23:25:34
| (CET) after scanning the file "KillIt.exe" file.
| AntivirusVersionUpdateResult
| AntiVir6.34.0.2404.20.2006no virus found
| Avast4.6.695.005.05.2006no virus found
| AVG38605.05.2006no virus found
| Avira6.34.1.5805.05.2006no virus found
| BitDefender7.205.05.2006no virus found
| CAT-QuickHeal8.0005.05.2006no virus found
| ClamAVdevel-2006042605.05.2006no virus found
| DrWeb 4.3305.05.2006no virus found
| eTrust-InoculateIT23.72.005.05.2006no virus found
| eTrust-Vet12.4.219405.04.2006no virus found
| Ewido3.505.05.2006no virus found
| Fortinet2.71.0.005.04.2006ProcKill
| F-Prot3.16c05.0

Any file can be named anything so a Google search is insufficient to come to a conclusion.
Submitting a sample to Virus Total is testing THAT file.

This report is incomplete, it appears to be a clean file in terms of viruses and Trojans.
However ...
Fortinet2.71.0.005.04.2006ProcKill

That is idicativie that it is a Procedure Kill utility. Such a utility is NOT malware in
itself but it is flagged because it may be used in a malicious way.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why does Panda Anti Virus not detect trojans or rootkits?? 2
Five Steps to Ditching Malware 1
Virus and spyware help? 3
LocusSoftware malware 20
SafetyDefender MalWare 6
SafetyDefender MalWare 10
Spyware...Malware...and Security OH MY! 7
BearWare Comprehensive Security Plan 32

Top