Report Trojans?

Viruses and worms
1

Recently I have discovered 2 Trojans on 3 of my computers, Trojan.Startpage and Trojan.Killapp. I am suspecting that they have been there for quite some time.
I have been using Avast free edition on all of my computers, however avast did not recognize them. I discovered them by using several of the other on-line av scanners. My question is this… when we discover Trojans or viruses that avast overlooks should we report our findings to you?

2

Hi Gidget,

For Trojan Startpage, consider this information, to establish this infection is there:
http://www.symantec.fr/avcenter/venc/data/trojan.startpage.i.html

Trojan killapp is used by hackers to disable anti-virus software, and delude detection:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453084838

Delete the exe file of kilapp.

Upload the files that are infected to jotti or virustotal to see if they are real infections or FP’s. If real use the above removal information.

polonus

3

Thank you for your response. Yes I am sure that they were there and infected. After reading your advice
and tips, I went to the Jotti page and Ewido, Dr Web,Fortinet, and VBA32 all found the killapp as positive,
as well as Bit Defender. Panda also reported 2 additional files with possible killapp. Norton, Avast, Trendmicro
were negative on the killapp. Norton discovered the StartPage as well as Bit Defender, Avast reported negative.

We have been using Avast for about a year and we really like it. Even though it did miss these two
Trojans, I will continue to use Avast but I have learned to use some of the online scanners as well, just as a
precautionary, for as it was stated, no one program can catch everything. That’s why I wondered if we should
report trojan/virus that Avast overlooks, so that they may possibly be added to Avast’s protection in the future.
I do have reason to believe that these trojans have been there a long time.

I had already followed Norton’s StartPage removal instructions, and I have to admit that after hours of research,
the only thing I could find about removing Killapp was to delete the file, turn off restore, restart your computer, and
then renable restore with a full av scan afterwards. The bad part is not knowing what files had been changed or
deleted after picking these things up. Normally if I pick up a trojan, I try to determine what each one normally effects,
and then I automatically format my hard drive and restart all over again. It’s usually easier than spending hours trying
to fix it, only to find that the effects of it are still there. You might find the following information interesting, so please
bear with me.

I own 3 Compaq computers, 2 were purchased on Aug 11, 2003 at different stores with both being different model
numbers. The third I purchased in 2005 through the HP site and customized it. The two I bought in 2003
both have the StartPage and the Killapp trojans, while the third carried just the Killapp. All had the same trojan in the
same file locations. I’ve always liked Compaq because of the recovery discs that makes it very easy to format your
hard drive and do a full system restore, which normally fixes the problem. I always make them as soon as windows
setup completes and before doing anything else, so that I have clean recovery discs, in case of emergencies.

I first tried the above, choosing to reformat the hard drive and a full system recovery. After windows setup the trojans
were still there. I tried the same thing again, making sure there was no telephone or internet connected, to insure
that nothing additional was coming into the computer. Still there. I scanned all of my recovery discs with avast and
norton and they found nothing. I viewed each disc to see if the files I was finding on my computer were on the discs, they
were not there. The Startpage infected file was in C:hp\region\EN_US-ie and the Killapp was in C:hp\bin\Terminator.exe. I then
realized that the StartPage file that was infected was a result of the Trojan and not the Trojan itself as it imitates a
legitimate windows file, therefore making it impossible for me to find it, since I’m not a computer whiz. At that point I
borrowed a windows xp disc and used it to delete all partions, format the hard drive, and once again used my recovery
discs. Trojans still there. I downloaded power max, deleted all partions, did a low level format, ran my discs, and had the
same results. I installed a new hard drive, ran my discs…still there. I ordered a new recovery kit from hp to insure that
I had clean discs. It’s interesting to note that the 2 machines I bought in 2003 (each had both trojans), use the same
recovery kit. Once again I deleted all partions, did a low level format, and ran the new discs from HP… the trojans
were still there. Again I deleted all partions, did a low level format, but this time I forgot the recovery discs and just installed
Windows XP. So far it has scanned clean with Avast, Norton, and Bit Defender. ( Bit Defender is the av program that originally detected both trojans, Norton missed Killapp.) I believe I may have finally got rid of both of them!

I tend to think that my computers may have been infected when I bought them,(since my recovery discs were the first things
done with the computers) and that the recovery discs purchased from Hp may also be infected.(Part # 5069-5087) Since AVG
and Avast were the only av programs I ever ran on my computers, and neither could detect these trojans, is it possible that these may have been on my machine undiscovered all this time? I may be wrong, but everything seems to point to that, especially when
I used a new hard drive that the factory could not put an undeletable hidden partion on. It makes me wonder if there are other infected Compaq’s out there, or whether mine is just an isolated case. I am in no way trying to put HP down, but I must say my curiousity has got the better of me.

I would be very interested to know if other compac owners were finding these trojans located in:

(must view hidden folders) or scan with Bit Defender and Norton. ( Avast, at present, does not detect.)
Trojan.StartPage C:hp\region\EN_US-ie
Trojan.Killapp C:hp\bin\Terminator.exe

4

Hi I found today on my HP Pavillion PC the Trojan killapp
the Online Virus Scanner Bitdefender removed the infected File
C:\hp\bin\terminator.exe

my question: where can a find or download the clean version of this file “terminator.exe”,what is the purpose of this file.

Avast didn´t find this trojan
a read on this forum that it could be already by the beginning on my PC.

thanks for the support
PS sorry but english is not my native language

5
my question: where can a find or download the clean version of this file "terminator.exe",what is the purpose of this file.
I wouldn't even consider trying to find a 'clean' version of a file I didn't know anything about. So a google search for terminator.exe would be a good place to start [url]http://www.bleepingcomputer.com/forums/lofiversion/index.php/t37905.html[/url]. Based on your path it would appear to be for an HP product, printer/scanner, etc. ?

It is quite possible that this is a tool to kill a process/application that under normal circumstances is legitimate but could also be used for malicious purposes, defining which is the problem.

Your English is fine.