Latest A2 update & possible false positive

  sunny staines 20:34 03 May 2005
Locked

just scanned with todays latest update and found two
files called KILLAPS.EXE in windows\system32 file and creative labs file.

I suspect these may be false positives, but could also be nasties anyone else got these results.

I do have an audigy2 sound card

  esbe 21:24 03 May 2005

Have a look here
click here

cheers.

  sunny staines 08:00 04 May 2005

Its not a false positive at all. Its that sort of program that might be used or exploited by malicious software. a² detects many exploitable tools in that way or very powerfull network applications like netcat that can be used in many legal and illegal ways (for example to invisibly bind a shell to a port so attackers can access that shell).

In fact the killapps.exe is used by the Creative setup to terminate active applications before installing/uninstalling Creative software. The problem is that the same application is used by several scripts and trojans out there to terminate anti-virus software and firewalls. Therefore we added detection for it as "Riskware" which means: "This program alone is harmless and might have some applications where its used in a legal way but there are several malcious porgrams out there that use that program to do evil things."

Other examples of Riskware are MIRC or FTP Server versions that are known to have exploits used by several bots (agobot, gaobot etc.). We are thinking about detecting unpatched windows components in that way, too.
Thank you I have pasted below the reply from A2 RE KILLAPPS

Currently the recommended way of handling this alert is ignoring it as long as it was installed by the Creative setup otherwise it might be a good idea to trace back the program that installed it. In version 2 of a² there are exclude functions for that kind of malware and there are functions to deactivate the detection of exploitable software (or dialers or worms or spyware etc.).
_________________
Regards,

Andreas Haak
[a² Team] - Administrator

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

11 best portfolio websites for designers and artists

Office for Mac buying guide: Price, Office 2017 rumours & new features

Comment désactiver les programmes qui s'exécutent au démarrage de Windows 10 ?