KillIt.exe

I am using Avast Internet Security and it has recently picked up a file called ‘KillIt.exe’. I have done some research and found some posts saying that this is a false positive and you should not delete this file. Most of the posts point towards this being a useful file on HP computers but I have a VAIO so cannot see why this would be on my machine now as Avast has never picked it up before.

If I move it to the Virus Chest and it happens to be a file that I need how would I recover it from the chest and move it back to it’s rightful place?

Thanks

Can you upload it to www.virustotal.com and check?
It’s safe on chest and you could restore it later, after checking.

It isn’t a false positive as such, the function that this ‘tool’ carries out is to kill processes, etc. and like any tool it can be used for good or evil and an antivirus can’t determine intent.

You don’t say what the malware name was or if it was called a PUP, Potentially Unwanted Program ?
This is a tool that I believe is in the HP restore partition, yes, no, you didn’t say ?

If so then it isn’t something installed maliciously and can remain, in which case you would want to exclude that file from further scans:

  • In the meantime (if you accept the risk), add it to the avast Settings, Exclusions:
    avast Settings, Exclusions Add and copy and paste the full path into the window.

If you did happen send it to the chest it can be restored if needs be. But I believe that HP restore partition is protected so you probably wouldn’t be able to send it to the chest anyway

To Restore it to its original location, open the avast chest and right click on the file and select Restore.

Ok i have done that and it’s given me a load of results but what am i looking for?

here is the link…

http://www.virustotal.com/analisis/0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1279389991

Seems a PUP, Potentially Unwanted Program, like David said.

Yes Avast does show it as a PUP but i don’t think it’s malicious. just wondering why Avast never picked it up before but does now??

What do you mean with before? Version 4.8? PUP was generally introduced on version 5 only.

What scan was it that you were running ?

As I don’t believe that PUP scanning is set by default in avast 5 for the pre-defined scans, so it looks like you have been tweaking the settings and as Tech said this wasn’t in avast 4.8.

PUPs aren’t malicious, just a Potentially Unwanted Programs and you are the one to decide that, as I said if it is in the HP restore partition (which you didn’t answer) then it is there for a legit purpose. If it were in a different location (again you didn’t answer) it could have been placed their maliciously.

This is why we ask questions to get a better understanding of the detection so we can better advise you.

Hi justinlee,

This is neither a virus or trojan. KillApp.B is a potentially unwanted program. This is a command-line utility to terminate applications. Such utilities have been known to be misused; bundled with trojans for malicious purposes.

If you goto start->run-> and type C:\hp\bin\killit.exe will close all the running applications and will logoff from the computer,

If it came with HP it is OK, restore it from the chest and exclude it from scanning, to make absolutely sure you could upload the executable to virustotal and give us the results,

polonus

VirusTotal results…

http://www.virustotal.com/file-scan/report.html?id=0dfc621ceda95d297c34951272311e1f7f433d07810da65b233bf7241ada68ad-1290371716

What is on virustotal doesn’t matter a jot, as you now know what the process is, a PUP and you know if it is on your system legitimately.

e.g. if you have an HP system and it is in the location pondus mentioned, something despite being asked before you never confirmed its location.

So you have to decide, a) don’t scan for PUPs on your custom scan or b) exclude the file from on-demand scans; of course there is another option let avast move it to the chest/delete it and be done with it, but that isn’t a decision I feel should be taken. That decision is one for you based on the information already give in this topic, we can’t make the decision for you.

I haven’t got a HP system. It’s a Sony Vaio.

You still haven’t said where this file is located as that helps us determine if it is legit as no doubt other makers will probably use this tool also ?

It’s located in C:\HP\BIN\KillIt.exe

Are any of your accessories that go with your machine, like a monitor, printer, scanner, fax, modem, etc. made by Hp?

No, nothing. That is why i find it strange that it is there in the first place.

avast said that this was a virus and i deleted it with avast. now i read that it’s not a virus but an actual hp file. what does this file do and how do i get it back?? thanks.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest (a protected area) and investigate.

Now that it is gone it is history, no copies, not in the recycle bin, gone.

Always best to do the research before deletion, move to chest (the default action) gives you that breathing space.

It can be used during the HP recovery process, if you plan to use the HP recovery process to restore your system to factory setup (generally not a good idea). You may be able to get a copy via the HP web site/support.

is this the reason why i’m not able to do system restore after deleting this file?

I don’t think so. It’s an HP file not a Windows System Restore one…
The blocking of system restore was discussed a lot of time. Unfortunately, without an answer from avast team :cry: