 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
 ·Verizon Online DSL
1 edit | KillWind.exe Trojan - Avast false positive? I have an HP box with my own retail copy of XP on it. When I reformatted in early November, I moved an HP hidden folder onto my C:\ drive from the previous HP OEM XP installation that had been on it. The idea behind this was part of a plan to make an n-Lite OEM installation disc while using my XP retail files for the most part.
That ain't gonna work, I've come to believe, but that's beside the point.
I'm sure I've opened up that HP folder before since putting it on the drive. But just a while ago I opened it up and got a trojan warning from Avast about the 'KillWind.exe' file when I hovered the mouse over it. This file is not new, and this file was included as part of HP's OEM installation, I'm certain of it.
As you can see from the screenshot, the file hasn't been modifiied since 2001, either.
Apparently it has something to do with 'BackWeb' and/or delivering HP updates to the machine.
A 'POS' file maybe, but a trojan??
This has gotta be a FP, doesn't it? |
|
| Heres what i found for that
»forums.mcafeehelp.com/viewtopic.php?t=14539
hope this helps |
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| Thanks. I already know pretty much exactly what it is-- a POS.
There's a difference however, between a POS and a legitimate Win32Trojan malware file.
I've done Avast scans on this machine since that file has been on there, but all of a sudden it's identified as a trojan, even though it hasn't been modified in six years.
I'm virtually dead-certain it's a FP, but on the other hand, I wouldn't mind a little confirmation, either.  |
|
 antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | reply to AB
Submit it to Avast. They probably won't respond to you, but it may be cleared up in the next few updates. F/P's like this, especially with older files, pop up now and then. I had a similar thing happen on an old file that had been scanned hundreds of times, and even though I never got a reply the next update stopped flagging the file.
fwiw
--
"Baby, will you eat that there snack cracker in yer special outfit for me?"
"When all you have is a hammer, everything looks like a nail!"
|
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| said by antiserious:Submit it to Avast. They probably won't respond to you, but it may be cleared up in the next few updates. F/P's like this, especially with older files, pop up now and then. I had a similar thing happen on an old file that had been scanned hundreds of times, and even though I never got a reply the next update stopped flagging the file. fwiw Worth plenty. Thanks for the info, I appreciate it, AS.
I gotta figure it almost can't not be a FP.
That whole HP folder basically has to go anyway. It's not part of my current installation. 78MB of stuff I don't need.
But I'm going to put that file back after a couple of more updates just to see if it still flags it.
And come to think of it-- having Avast flag 'POS files' doesn't seem like such a bad idea, anyway. |
|
antiseriousThe Future ain't what it used to bePremium
join:2001-12-12
Scranton, PA | You probably know already that KillWind is part of HP's Backweb crapfest©. They're not the only vendor to use this 'support tool', but A/V-A/T's frequently flag things like these because they appear similar to spyware on the surface. Sometimes their signatures trip new 'nasty defs' and sometimes the old defs slip in and out of updates. I'll bet that's what happened here.
©=possibly a useful tool for some vendors to troubleshoot for novices and e-virgins, but totally superfluous for a DSLR member-in-good-standing. 
--
"Baby, will you eat that there snack cracker in yer special outfit for me?"
"When all you have is a hammer, everything looks like a nail!"
|
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| said by antiserious:You probably know already that KillWind is part of HP's Backweb crapfest©. They're not the only vendor to use this 'support tool', but A/V-A/T's frequently flag things like these because they appear similar to spyware on the surface. Sometimes their signatures trip new 'nasty defs' and sometimes the old defs slip in and out of updates. I'll bet that's what happened here. Yep, wouldn't be surprised.
Thanks again! 
I don't know if 'member in good standing' includes me or not, though. |
|
