Jump to content
darth

killwind.exe

Recommended Posts

hello. some av and antispyware programs flag killwind.exe as malware. some do not. i hear its part of hp remote acess to your computer. superantispyware does not flag it. avast does. this confuses me as i use both of these programs. compaq presario-xp home= svc pk2. thanks darth.

Share this post


Link to post
Share on other sites
hello. some av and antispyware programs flag killwind.exe as malware. some do not. i hear its part of hp remote acess to your computer. superantispyware does not flag it. avast does. this confuses me as i use both of these programs. compaq presario-xp home= svc pk2. thanks darth.

Please submit the sample to samples AT superantispyware.com

Share this post


Link to post
Share on other sites

thanks for reply. i will try and find it in c/hp/bin at least thats where avast says it is. never made a submission to superantispyware before could you give me a few tips on how to do so. thanks darth.

Share this post


Link to post
Share on other sites
thanks for reply. i will try and find it in c/hp/bin at least thats where avast says it is. never made a submission to superantispyware before could you give me a few tips on how to do so. thanks darth.

Simply e-mail us the file to samples AT superantispyware.com :)

Share this post


Link to post
Share on other sites

I have send that file and KillIt.exe to Antivir because i thought it was false positives since its on hp computers where its preinstalled.. (both files is located in "C:\hp\bin")

i got this answer..

Thank you for your recent inquiry.

We want to inform you that the file you have sent us will be tagged as 'APPL'.

It is not a false positive. Please, note that the categorization 'APPL' is not

caused by malicious code (inside the file). These tools are a matter of

so-called "monitoring applications". These applications will allow anybody (e.g.

an administrator) to record information (changes) about your system during a

session for security reasons.

In order to protect the user against any kind of malpractice, we inform him

about these installed tools.

The detection of 'APPL' can be excluded from a virus scan in the configuration.

Attachment(s) you sent:

-KillWind.exe

-KillIt.exe

I actuelly also have a screenshot from virustotal about the files: Here

if you want i can send the files to SAS to.. (together with a 3rd file antivir is starting to say is malware/'APPL' to (also located in "C:\hp\bin")...)

Share this post


Link to post
Share on other sites

thanks lasse88, for the additional info regarding killwind.exe. you been a great help. yes i would like that regarding sending it to sas. i dont have any experience yet in copying and pasting etc. darth

Share this post


Link to post
Share on other sites

Hi folks, some info. on killwind.exe. I also have a Compaq and have this file. Over the years on this machine I have had installed Norton Internet Security, ZoneAlarm Pro with Anti-Virus, Spyware Doctor, CounterSpy, a host of the usual 'freebies'; Spybot S&D, Adaware, and currently KAV6 and SASPro, (now being on Vista also Windows Defender, but it is is now turned off).

The first security program ever to flag this up as a potential threat was KAV, which I only started using in December 2006, so previous to that I was totally oblivious to it. Also KAV detects this only when I have the option checked to include 'Riskware'.

I did a lot of googling about this when it was first brought to my attention and it is there for the purpose that darth has posted with originally, HP will use it to gain remote access to the PC if required for technical support. However it can potentially be 'taken over' and its use 'abused' by malware, hence it will be detected as 'Riskware'.

If your HP PC is now out of the initial one year warranty, and you have not purchased an extended warranty, you are not entitled to remote access support from HP and the killwind.exe becomes obsolete so to speak and apparently you can just delete it.

Mine is out of warantity a while and I haven't deleted it, being a bit nervous of deleteing a file that came with the PC incase I bring the whole thing down! (Might experiment with that one sometime before I am due a reformat and reinstall). I would maybe consider contacting HP direct first to check before deleting it, (provided the PC is no longer under an HP warranty).

I currently have it added to the 'trusted zone' in KAV for my full system scans but not for the on-access file scanner. My reasoning on this is that if I go into c/hp/bin the file scanner gives me an alert for killwind as 'riskware'. As I don't access that location regularly, if I get an alert on it at any other time I reckon I can then be suspicious. (To date I have not received an alert at any other time).

If any of the 'security experts' out there have any thoughts on my handling of this have any comments I do appreciate them, as since finding out about it, it's presence does make me slightly nervous sometimes.

Sorry I have no links to post to direct info. I had found on this but I recently cleaned up my 'favorites' and as it is now a relatively old issue for me I cleared them out. :(

Share this post


Link to post
Share on other sites
thanks lasse88, for the additional info regarding killwind.exe. you been a great help. yes i would like that regarding sending it to sas. i dont have any experience yet in copying and pasting etc. darth

i was actuelly talking to SUPERAntiSpy, but ok i can send that file to SAS to, no reason that you send 1, and i send 2, when i can send all 3 at the same time..

but i wait for SUPERAntiSpy to reply if he wants all 3 files..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...