Pskill-E

Hello,
I posted here a week or so ago as my avast stopped working. Some of you were kind enough to offer advice. Things seemed to be ok ish as it suddenly began working again despite me not doing anything, although things do seem sluggish. I have just run an avast scan and it has picked up malware that it advised me to put in the chest.

It said malware was found
C:\WINDOWS\RESTORE.INS\C\OEMCUST\TOOLS\WIN32\PS
then again, this time
C:\WINDOWS\system\RESTORE.INS\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE

malware Win32:Pskill-E (tool)

Can anyone tell me anything about this? What is it? What does it do? What should I do? I have clicked put in chest.

Thank you so very much.

I suggest a forum search for pskill.exe as that has been covered a number of times.

Or a google search for pskill.exe
http://www.sysinternals.com/Utilities/PsKill.html
There may be a number of programs that include this in the program for legit reasons, killing a process to be able to uninstall/update a service file, etc.

The key to this is the [tool] suffix of the malware name as a tool can be used for both god or evil, avast alerts you to this and you have to decide if it is for good (you installed it, etc.) or evil.

Hi idiot :wink:

You can find some informations about pskill if you click this link
http://forum.avast.com/index.php?topic=23676.0

Bottom line is if you have process explorer by Sysinternals it is SAFE

Edit: The files are in your system restore, to get rid of them do this

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

You are such nice people to try and help, but honestly, when it comes to computery stuff I really am such an ignorant person. I did google and also did a search here on this forum, but found the information confusing.
I should say that the avast scan has now finished with the PSkill malware coming up 5 times, each time I clicked to put it in the chest. At the end of the scan it said that “An error occured during moving file to chest.” 5 times. So, if it is still there and I create a system restore point, won’t that be infected?

Also I notice that one of the links you provided was to a woman who said the same as me, and who ended up assuming that it was ok to keep it. She was using a packard bell pc, as I am. But I know that my pc went nuts last week (see my previous post for details) so I think this is bad for sure.

Should I do the system restore thing? Thank you so very much.

My apologies I didn’t read the full path of the location, it looks like a system restore disc as used by the manufacturer instead of giving you a windows disk. In which case it is probably a legitimate tool, what you can do is exclude that file from the scan by doing the following

Right click the Avast icon
Select settings
Select Exclusions
Select browse
Then paste in the following

C:\WINDOWS\RESTORE.INS\C\OEMCUST\TOOLS\WIN32\PS*.*

Then click OK