pskill

Viruses and worms
1

Can someone help me please? I’m very “green” - first time I’ve used this forum but I’m desperate! I’ve just done a scan and found I have PSKILL malware - is that a virus? It came up about 4 times. Avast says it couldn’t be deleted - what can I do???

2

Will these help?
http://forum.avast.com/index.php?topic=23164.0
http://forum.avast.com/index.php?topic=23079.0
http://forum.avast.com/index.php?topic=22979.0
http://forum.avast.com/index.php?topic=11225.0
http://forum.avast.com/index.php?topic=12405.0

If a virus is replicant (coming and coming again) or you can’t delete it (access denied), you should:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, ewido or Spyware Terminator (trojan removers). :slight_smile:
3

Hello sarah4

PSKILL is an unwanted application, also you can find some informations by clicking on the links
http://www.sophos.com/security/analyses/pskill.html
http://vil.nai.com/vil/content/v_99921.htm

4
This detection is an application type, for a "potentially unwanted application". The program can terminate processes on local or remote WinNT or Win2K systems. This tool was built for use by administrators to do remote system administration.

The current command-line scanner detects such applications with the additional /PROGRAM switch, as does VirusScan 7 (via configuration pages).

However, this application has been used by many trojans, such as the Egghead trojan for malicious purposes.

http://vil.nai.com/vil/content/v_99378.htm

Follow the instructions from tech for cleaning trojans

5

Thanks to those who have replied I shall get to work now and see what I can do - appreciate you all taking time to help.

6

Hello sarah4 :slight_smile:

You are welcome :wink:
Anyway if the above informations dont help you to clean your computer post the problem again.

7

I don’t know whether to laugh or cry!! I have followed lots of the advice. I’m running XP by the way. First off removed all the restore points and re-booted. Ran CCleaner 3 times to get rid of all temporary files. (It’s so clear what to do with IE but I’m using Firefox and find it more confusing deleting temp. ciles, but I’m sure CCleaner did the job.) Ran Avast again and Malware still there. Tried to get rid of them but got error messages “Error occurred during moving file to Chest.” Downloaded and ran Ewido which said “No Malware found” Hallelujah I thought - ran Avast again to check - still the same ones came up (PSKILL.EXE) Downloaded and ran A-SQUARED SECURITY that also said ‘No suspect files detected during the scan.’ Ran Avast again - still said there was Malware present and the same error message when putting in the Chest. Ran A-SQUARED again but this time in “Deep” mode - still said there was no Malware. Checked with Avast - and guess what - still telling me PSKILL is there and still the same Error messages when I try and move. What else can I do???

8

Hi sarah,

PsKill is a program available from Sysinternals designed to terminate running processes

http://www.sysinternals.com/utilities/pskill.html

It is not an inherently evil program. It can be used for legitimate purposes like killing running spyware, or it can be used against you by other, malicious programs. The latter is the reason many security programs report it as “riskware”.

Where does avast! say the file is? Can you post the full path?

9

OK sarah4 :slight_smile:

PSKILL is an unwanted application
However, this application has been used by many trojans, such as the Egghead trojan for malicious purposes.

I asked you to follow the insructions from tech in a case there is a trojan on your cpu.

I would suggest to you to go in one of this forums and ask help there, you will have to download HijackThis and save it in its own folder. If you go to http://www.landzdown.com/index.php
post your problem in "HijackThis Logs"forum together with a log, or if you decide to go to this forum http://www.geekstogo.com/forum/index.php post your problem in to “Malware Removal - HiJackThis Logs Go Here” forum, before posting you will find instructions on how to post HiJackThis log, follow the instructions post the log and wait for further instructions.

Read the tutorial before downloading and installing HijackThis:
Tutorial - http://www.tomcoyote.org/hjt/#introduction
Download HiJacktThis - http://www.download.com/HijackThis/3000-8022_4-10379544.html

Good luck ! :wink:

10

On the other hand, afaik, CCleaner includes it in their installer and Xoftspy includes it in their uninstaller. Also, some computer manufacturers preinstall programs of this type (for example KILLWIND on HP/Compaq machines) for use by their tech support people.

So the term usually applied is potentially unwanted program, with removal of the word “potentially” left to the discretion of the user.

EDIT: There’s an interesting thread on the CCLeaner Forum here

http://forum.ccleaner.com/index.php?showtopic=4759

11

Thanks SNOWHITE for the HIJACK THIS suggestion - I will go down that road, but unfortunately I’m away for the weekend now - so can’t get down to it until Monday - thanks a lot for help. I’ll report back later.

12

You are welcome sarah :wink:

13

Hi again,
Well thanks for everyone’s help. I went to the Landzdown site and all was explained. It seems PSKILL is a freeware command line prog. which can be malicious but in my case it’s used by my computer if I were to restore back to it’s “factory settings” (which I have done on a couple of occasions.) So it’s just used in that restoration process. This person went on to say that they had a Packard Bell computer and the very same thing gets flagged up. My computer is a Packard Bell - so more reassurance there. It seems Avast wouldn’t remove it because the specific folder has very restricted permissions on it. So finally I’m finally reassured and very many thanks to everyone. (I also picked up more useful info. on CCleaner from all your suggestions, so thanks for that too.)
Sarah
ps I don’t know why the folder icon appears yellow and ‘open’ - can I signify that my query is complete now?

14

:slight_smile: Hi Sarah :

 The person who advised you on the Landzdown forums
 is one of the BEST, a very experienced malware fighter.
 However, he did not notice that you are 2 Updates
 behind in your Sun Java program, which is a serious
 security risk. Therefore, you should uninstall that Sun
 Java version and to get the latest version, go to :
 www.majorgeeks.com/download4648.html .