How to remove low danger level (2)

I was looking for a rootkit scan and Wiskeyman suggested the PANDA Version.

After I ran that they suggested that I run their NANO SCAN , After that I tried their TOTAL SCAN that took over an hour to run. The results showed that my PC was infected with two LOW DANGER LEVEL ITEMS.

The first one was,
C:\hp\bin\Terminator.exe

The second one was,
C:\hp\bin\Killt.exe

I ran a computer search for each and found them, My question is can I just right click each one and delete the same? I am not certain that I can just delete without maybe doing some other or future damage?

Does anyone have an answer or another route that I can try.

Thanks loonychoons

 

Hi Lenny,

My advice would be:

for the time being do the following:

Create a manual System Restore point.

Copy both .exe's out to removable media.

Then if you want, and I know you worry - delete.

I can't find any definative info on these files - they might be bad but they also might be legitimate HP files.

Either Dave or Geri will look in here and persue this further.

 

I replied to your PM before reading this. Those programs are associated with BackWeb that is commonly installed on HP/Compaq computers. Many in the anti-malware community look on this program as undesirable adware.

http://help.lockergnome.com/security/Help-Killit-exe-Malware-Spyware-ftopict9222.html

http://www.castlecops.com/s1436-hp_center.html

 

Hi Whiskeyman,

I wouldn't have replied if it wasn't Lenny - he's had a history of malware and this was a way to allay his fears and to be able to return to the status quo.

Didn't realize that he PM'd you of course.

 

Thanks guys !!!

Charles: You know me pretty good, and I appreciate your quick answer so that I could cool my heels. Yes, I am known as a worry wort, and I just can not help it. My Wife now and my Mother earlier in my life both said that if I do not have something to worry about that I would not be happy.

Now, I am concerned that I may have upset protocol by posting a general request and then after reading some more of Wiskeyman's posts I sent him a Personal Message, thinking that I might have slighted him ?

Sorry if I made any waves. Thanks to both of you {Charles and Wiskeyman}

P.S. I ran a GOOGLE search on both those Threats, and I am not sure what they are? loonychoons

 

Hi Lenny,

Based on my search, which like yours is ambiguous, I didn't run across any red flags, and based on Whiskeyman's search which identifies these as HP's relatively benign Backweb, do the procedure I outlined and if needed to either uninstall Backweb properly or for some other reason, you can always put the files back on.

In meantime you have some peace of mind.

 

They are legitimate HP files and are there for use by an HP application. They are flagged as riskware or process tools because of the abilities they possess, much like many of the process tools developers use in their specialized malware removal tools. They are no threat to your pc.

 

Thanks Guys.

Well now I can rest easy, For someone like me "Persons may never know" that having backup that is found at{ WindowsBBS.com }is such a support.

Without which, I may never have used and/or enjoyed using my computer as much as I do.

One of the best choices that I have made over the years, was join the WindowsBBS group !!!

Thanks Again loonychoons Lenny Chowns

 

I can't think of anyone being upset about protocol, especially me. Anytime you are concerned about a problem feel free to ask in any manner.

 

Whiskeyman.

First I hope that the whiskey in Whiskeyman is Scott's Whiskey { ooss-k-ava } Gaelic. For water-of-life, Slagh-ar-vaw, Thanks for your help offered, regardless of the manner in which it is requested.

loonychoons


P.S. Sorry Whiskeyman it looks like I have been Spelling Whiskyman without the {H}. I am not the brightest Bulb in the Pack.

 

Totalscan should I click the DISINFECT button?

Hi Guys. Well I ran the Panda rootkit then tried Nanoscan then I ran the TOTALSCAN again.I thought that I would Just ignore the two so-called-threats Terminator & KillIt

Well up came 4 more items I will Copy & Paste the Totalscan results------

C:\System Volume Informat...A969}\RP1255\A0091386.exe

C:\hp\bin\Terminator.exe

C:\System Volume Informat...A969}\RP1255\A0091446.exe

C:\System Volume Informat...A969}\RP1255\A0091424.exe

C:\System Volume Informat...A969}\RP1255\A0091387.exe

C:\hp\bin\KillIt.exe


My question is are these latests items THREATS? Can I just use the PANDA DISISINFECT Button?

Thanks loonychoons

 

I wouldn't recommend it. It will zap the hp tools, and anything infected within system restore points can easily be removed just by clearing the system restore points. Here's what I generally recommend for that.

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


NOTE:: This will remove ALL prior restore points.

An alternative would be to make backup copies of the hp tools and then go ahead and let totalscan remove what it has targeted. Then just put the copies back.

 

Thanks noahdfear.

I appreciate your advice, I really do not think that there is much wrong with my Computer.I do not think that I would have used that DISINFECT BUTTON anyway.

I did wonder what those 4------C:\System Volume Informat...A969}\RP1255\-------are, I think that I will just not use that PANDA TOTALSCAN any more.
As, I do not think that the problems found are all that dangerous?

I will follow you advice , right now ,I have just set a new Restore point. I did run the PANDA Total scan --QUICK SCAN with no faults found.

Thanks again loonychoons