i scanned my computer and it found 6 malaware all with the same infection, infection= Win32-Pskill-E[Tool]
4 were found in C:\System Volume Information_restore
1 was found in C:\WINDOWS\RESTORE.INS\C:\DEMCUST\TOOLS\WIN32\PSKILL.EXE
1 was found In: C:\WINDOWS\system\RESTORE.INS\C:\DEMCUST\TOOLS\WIN32\PSKILL.EXE
My operating system is windows XP home edition.
If i try to delete it the following error occurs- Error occurred during file deleting. there are no more files.
If i try to move it to the chest the following error occurs. - Error occurred during moving file to chest. There are no more files.
If i try to repair it the following error occurs. - error occurred during file repair.
What should i do. any help will be much appreciated.
‘System Restore’ area is protected from anyone or any software gaining access to files stored there. You’ll need to temporarily disable System Restore to get rid of those files… reboot… then create new “restore points”. Once you’ve done that, all files stored in the ‘System Restore’ area are deleted – including any malware. See below:
About System Restore:
Windows uses System Restore to restore files on your computer in case they become damaged. System Restore is enabled by default. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System volume information folder. These folders are updated when the computer restarts. If the computer is infected with a virus, the virus could be backed up in these folders.
Repairing System Restore:
By default, Windows prevents System Restore from being modified by outside programs. Because of this, any repair attempts made by an AV (Anti-Virus) product will fail. To work around this, you must disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System volume information folder. You must then run a full system scan. [/list]
These may be something to do the your system (PC) manufacturer, PsKill.exe is a utility used to kill processes, this has often been used to remove/kill stubborn processes. Some anti-virus tool kits come with this tools to kill a process prior to deleting the file, that processes .exe file can’t be removed whilst the process is running. So as I have already said you need to identify what placed/installed the [tool].
I also think your path is incorrect C:\WINDOWS\system\RESTORE.INS\C:\DEMCUST\TOOLS\WIN32\PSKILL.EXE.
I believe it should be C:\WINDOWS\system\RESTORE.INS\C:[b]O[/b]EMCUST\TOOLS\WIN32\PSKILL.EXE
There are lots of hits on a search relating to OEMCUST\TOOLS\WIN32\PSKILL.EXE, and look like tools installed by the OEM (Original Equipment Manufacturer) system builder. Who made/built your system ?
The fact that it also related to RESTORE.INS this could be something to do with the ability to restore your system back to how it was when it was built using a recovery partition image.
Yes, Packard Bell is the OEM and you are the CUST(omer) that the path may relate too, so it is possible that they have a means of restoring your system to its factory default, that may include the pskill.exe tool. The fact that you can’t delete things in this area would seem to support this is somehow protected.
I have no way of telling if this is correct, that is something that you would need to check in your documentation of Packard Bell.
The other strange thing is the path, C:\WINDOWS\system\RESTORE.INS\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE restore.ins is usually associated with a file name with a file type and anything after that would indicate it is an archive file. So again I suspect this may a restore installation file containing lots of other files/tools to help in this restoration of your system, but that is all it is supposition as I know nothing about Packard Bell systems.
How big is the c:\windows\system\restore.ins file ?
If you right click on it and select Properties, does it give any useful information ?
You may need to show hidden files and folders to be able to do this as it is in a system folder.
I can’t check the size or properties because i can’t move it to the chest. although here’s some information that might help:
I do have a floppy disk which restores the computer in case of system failure and i have used it once.
I can't check the size or properties because i can't move it to the chest.
You don’t need to move it to the chest, using windows explorer, navigate to the c:\windows\system\restore.ins file.
Well that floppy isn’t large enough to do anything other than initiate the process, there has to be something on your system, probably a hidden partition with other things possibly in the restore.ins file.
They are very big, so the could well be used to restore your system, but why the same restore.ins is in more than one location is weird. I think windows is screwing up the file type naming, whilst .ins might well be Internet communication settings, I strongly doubt that is what these files are.
What happened to the one in c:\windows\system you are showing c:\windows\restore I assume this is a typo ?
Did you right click on the file and select properties ?
This usually returns more information that what you have give which can be obtained in explorer. However it could simply be the creator of the restore.ins file may not have included any additional information.
Unfortunately none of this gets to your problem with a detection, is it to be ignored or acted on, yes there are way to get past the protection and delete the file but that could ruin your day if you ever needed it. Personally I don’t think you have a problem because of its location I doubt it was installed maliciously but I can’t say that with and degree of certainty.
I think you are going to have to consult your system documentation or contact the retailer.
I was just about to make a new post on it but thought I would keep it in this thread.
This is the message I get:
C:\WINDOWS\RESTORE.INS\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE [L] Win32:Pskill-E [Tool] (0)
During the file delete, error occurred: There are no more files
C:\WINDOWS\system\RESTORE.INS\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE [L] Win32:Pskill-E [Tool] (0)
During the file delete, error occurred: There are no more files
And I have had this problem for quite awhile (at least since August). (I had switched system restore off, but when I turn it on again, same problem)
I ran TrendMicro scan and am going to do another scan with Symantec, but no other scans pick it up.
PSKILL.EXE is a tool that can be used for good or bad so if it is part of your OEM restore sector or a known tool that you use then it can safely be added to the ignore list
I’ve decided to ignore this problem because it hasn’t seemed to have effected the P.C.
But thanks to everyone for there input. If anyone does have a good way of dealing with it please post it in. Again thanks for the help.
See this http://forum.avast.com/index.php?topic=24846.msg203549#msg203549 about excluding the file from scanning otherwise when you do an on-demand scan it will be detected again, interrupting the scan and waiting for your input. So you don’t want to ignore as avast won’t allow you to ignore, take action and exclude it from scans.