If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Malware Program?
Anyone knows about: KillAndClean.exe. I got this as a persistent pop-up
after getting a virus and Trojan. Is it genuine or rogue. Thanks in advance. -- cogito ergo sum |
#2
|
|||
|
|||
Malware Program?
This seems to be a new variant of malware - I suggest that you take it to
one of the specialist forums.... Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_R...:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine.blogspot.com/ http://www.elephantboycomputers.com/...moving_Malware When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here.** (thanks to PABear for the listing! -- Noel Paton (MS-MVP 2002-2006, Windows) Nil Carborundum Illegitemi http://www.crashfixpc.com/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "PAT (Paul)" wrote in message ... Anyone knows about: KillAndClean.exe. I got this as a persistent pop-up after getting a virus and Trojan. Is it genuine or rogue. Thanks in advance. -- cogito ergo sum |
#3
|
|||
|
|||
Malware Program?
From: "PAT (Paul)"
| Anyone knows about: KillAndClean.exe. I got this as a persistent pop-up | after getting a virus and Trojan. Is it genuine or rogue. Thanks in advance. | -- | cogito ergo sum Please find; C:\Program Files\KillAndClean\KillAndClean.exe Then, submit a sample of "KillAndClean.exe" to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition, unless told otherwise, Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... ?subject=SCAN When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#4
|
|||
|
|||
Malware Program?
"David H. Lipman" wrote in message
... From: "PAT (Paul)" | Anyone knows about: KillAndClean.exe. I got this as a persistent pop-up | after getting a virus and Trojan. Is it genuine or rogue. Thanks in advance. | -- | cogito ergo sum Please find; C:\Program Files\KillAndClean\KillAndClean.exe Then, submit a sample of "KillAndClean.exe" to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition, unless told otherwise, Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... ?subject=SCAN When you get the report, please post back the exact results. Hi, David - don't often see you in here! -- Noel Paton (MS-MVP 2002-2006, Windows) Nil Carborundum Illegitemi http://www.crashfixpc.com/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's |
#5
|
|||
|
|||
Malware Program?
Sent the file and here are the results????
STATUS: FINISHEDComplete scanning result of "KillAndClean.exe", received in VirusTotal at 06.07.2006, 03:09:47 (CET). Antivirus Version Update Result AntiVir 6.34.1.37 06.06.2006 no virus found Authentium 4.93.8 06.06.2006 no virus found Avast 4.7.844.0 06.06.2006 no virus found AVG 386 06.06.2006 no virus found BitDefender 7.2 06.07.2006 no virus found CAT-QuickHeal 8.00 06.06.2006 no virus found ClamAV devel-20060426 06.07.2006 no virus found DrWeb 4.33 06.07.2006 no virus found eTrust-InoculateIT 23.72.30 06.07.2006 no virus found eTrust-Vet 12.6.2244 06.06.2006 no virus found Ewido 3.5 06.06.2006 no virus found Fortinet 2.77.0.0 06.06.2006 suspicious F-Prot 3.16f 06.06.2006 no virus found Ikarus 0.2.65.0 06.06.2006 no virus found Kaspersky 4.0.2.24 06.07.2006 no virus found McAfee 4778 06.06.2006 no virus found Microsoft 1.1441 06.07.2006 no virus found NOD32v2 1.1582 06.06.2006 no virus found Norman 5.90.17 06.06.2006 no virus found Panda 9.0.0.4 06.06.2006 no virus found Sophos 4.05.0 06.06.2006 no virus found Symantec 8.0 06.07.2006 no virus found TheHacker 5.9.8.155 06.05.2006 no virus found UNA 1.83 06.06.2006 no virus found VBA32 3.11.0 06.06.2006 no virus found Aditional Information File size: 808960 bytes MD5: 032ade2a5ee17f01d944c1f86d5b7b0b SHA1: b1798200dd8643be307486f9b9bc17c48b329ffb VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. -- cogito ergo sum "David H. Lipman" wrote: From: "PAT (Paul)" | Anyone knows about: KillAndClean.exe. I got this as a persistent pop-up | after getting a virus and Trojan. Is it genuine or rogue. Thanks in advance. | -- | cogito ergo sum Please find; C:\Program Files\KillAndClean\KillAndClean.exe Then, submit a sample of "KillAndClean.exe" to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition, unless told otherwise, Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... ?subject=SCAN When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#6
|
|||
|
|||
Malware Program?
From: "Noel Paton"
| Hi, David - don't often see you in here! | Hi Noel: Always looking for the malware and other such posts here. I rarely make new posts but occasionally reply. Especially if I can bug Figgs or something like that. :-) -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#7
|
|||
|
|||
Malware Program?
From: "PAT (Paul)"
| Sent the file and here are the results???? | snip | Fortinet 2.77.0.0 06.06.2006 suspicious snip This could be something new. I suggest seeing if it can be uninstalled via the control panel applet; Add/Remove Programs. If it doesn't have an Add/Remove Programs line item it is loaded in the Registry via a Run location. Download and execute HiJack This! (HJT) and it will generate a report. http://www.spywareinfo.com/~merijn/files/HijackThis.exe In HiJack This, find the following line.. O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe" Put a check in the box on the left side and then click on "Fixed checked". Reboot the PC. This will keep the program from being reloaded upon startup and then after you reboot you can manually remove the folder "C:\Program Files\KillAndClean" and its files. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#8
|
|||
|
|||
Malware Program?
lol Careful now Dave you could be asking for trouble g
Joan David H. Lipman wrote: snip Especially if I can bug Figgs or something like that. :-) |
#9
|
|||
|
|||
Malware Program?
From: "Joan Archer"
| lol Careful now Dave you could be asking for trouble g | Joan | | David H. Lipman wrote: snip Especially if I can bug Figgs or something like that. :-) | She owes me some GIFs so... -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#10
|
|||
|
|||
Malware Program?
Hi all,
Thank you for answering. Since I really dont need another anti-malware program, decided to get rid of it. It had an uninstall, so used that. It was in the add/remove in the control panel which disappeared, and the file did the same, and no sign of pop ups, double checked with Avast and all ok. So thats that. Cheers. -- cogito ergo sum "David H. Lipman" wrote: |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
After IE closing slow program open | PeteV | General | 21 | February 10th 06 10:37 PM |
TV tuner card program complains about "Invalid Class String" | Herbert Chan | General | 1 | January 14th 06 10:48 PM |
Need Help Initializing Excel Spreadsheet Program | jb999 | General | 6 | November 11th 05 04:05 AM |
Gary S. Terhune, please read | Alan Seltzer | General | 17 | October 18th 05 06:16 AM |
Folder Named [C:\Program] Opens Automatically on Start | Ted Belben | General | 2 | September 16th 04 11:39 PM |