I saw the interesting post about killapps.exe. And thought I would bring up “killwind.exe”. In the past , sometime ago, it was flagged as malware. I mean just the name alerts one much lesss AV. But it turns our killwind.exe is legit.
It is used by HP to acess a HP/Compaq PC for trying to help solve problems. The person who wrote it was trying to find a name for the program and decided on that moniker, so he says.
Yeah I got two here, Killit.exe & killwin.exe. I just leave them quarantined. If I need help theres plenty of other places to get it.
Well on second thought I just remembered that you might want to just leave them and omit these from being scanned by your AV/AT because atleast killit helps with programs that aren’t reponding, and your trying to shut them down.
Ok well I was wrong for leaving these in quarantine since they are perfectly legit for HP, Which is what I use.
“Potentially unwanted tool does not means that the tool is malicious. It’s only flagged as potentially unwanted because it can close applications. I would let it alone, as it’s part of HP recovery tools.”
Sorry to say, at least as far as BOClean goes, the only option is to exclude these utilities if BOClean is detecting them. There are rules for inclusion of certain “utilities” that might otherwise be legitimate in the BOClean detection routines - most important of which is whether any such utilities are able to be run “hidden” on a machine either by their own design, or lack of a means of notification to the user when they ARE hidden. A simple popup message box that cannot be intercepted suffices. In the case of this and other “program killers” they are often used in “pseudo rootkits” and other malware to disable necessary parts of the system and other security programs in order to let malware do its job. When actually intended by the end user, BOClean allows you to exclude any such programs so that BOClean will leave it alone unless it shows up somewhere else as a result of a second copy controlled by malware. We’ve had to do this with quite a few utilities over the years unfortunately. Our exclusion methodology protects against “ne’er-do-wells” trying to exclude malware from BOClean externally and that makes this option the best compromise for all situations. Sadly, the “bad guys” take advantage of claims of “false positives” which allows them to use legitimate stuff to hide their activities, and that’s why we nail these if they don’t have their own means of ALWAYS notifying the user when they run.