Have you heard of a trojan virus called "killap3"? Experienced problems with a new laptop and the folks we bought it from say that they ran diagnostics on the hardware and it checks out o.k. They say the computer has a "trojan virus called killap3 (a generic)" and that it will cost us $130.00 to remove it and also to optimize the computer. We've been careful with this computer since purchased and immediately installed NIS when we got it. Live updates, scans, full system scans with NIS have never shown a problem but computer has had some difficulties following an initial full backup that crashed (was attempting to do a full backup to dvds when it failed to complete the backup about 2/3-3.4 of the way through). Because of the way the store talked in a derogitory manner about Norton, I wanted to hear what others had to say and see if we can get some help via Norton rather than give another $130 to a store that won't fix our problems after having this new laptop for only 3-4 months. Given the kind of service they give, I'm not so sure they are the best buy, if you get my drift. Help with "killap3" (if there really is such a thing!)? Computorer was bogging down and internet explorer sometimes crashed or wouldn't close and the only way to close it was through task manager with repeated attempts to close down. Norton scans show no problems. Any thoughts or help?
There is some discussion about killapps.exe on various forums. It should belong to a Creative Labs Soundcard. Its purpose to close down any open applications prior to uninstalling the sound card. Kaspersky identifies it as a worm, and ASquared identifies it as a trojan.
I would suggest that the best way to ensure that your machine is clean is to visit one of these free malware removal forums for a check. They are all very experienced and very good at what they do. Bleeping may have a longer wait time than the others. If it turns out to be a Windows error problem, they will assist you with that as well.
www.bleepingcomputer.com
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/
Thanks for the suggestion at these other locations. I guess I was expecting to hear of some help available directly through Norton for this, so I’m surprised at being directed to these other locations? I’ll try to do some research on killapps.exe - the exact name “killap3” was the one writeen down and given us by the store geek where we bought the laptop. I’ve attempted to look it up here on the Norton site and couldn’t find any reference to “killap3”.
I don't find it on Google, which makes one wonder where the repair guys found it. The removal forums use special tools that are not safe to use on an open forum like this one. On the four forums suggested, only qualified people are allowed to assist users with problems.
This is a user to user forum rather than support, so the kind of help that you were hoping for is not readily available here. Rather, we send users to where the best help is available. Symantec also has a virus removal service, but it is also a fee-based service, and we do not know if you are infected or not.
Thanks delphenium for your replies. I’m trying tDo find out if we are really infected/have a problem or not after being told what we were. Repeated scans with Norton show no problem. I’ve not done a system restore yet but somehow suspect a problem with the OS after having a full system backup crash (that was when problems started seemingly or about that time). Tempted to do a system restore to an older restore point and see if we still have problems, but have never done before. I was hoping to see if there was somewhere I could go on Norton and get some support assistance, especially since we were told that this was a trojan virus and the name of it was “killap3”. As you said, there is no other mention of it anywhere. The store where we bought this laptop said that they wanted $130 to remove any infection, restore OS, and “optimize” the laptop. I want to be sure I’m not being fleeced by a store for services not needed.
donnier,
delphinium has explained why we do refer people elsewhere ....
Please do not attempt a system restore without getting help here since we know from user experience that system restore can actually break Norton (and probably other applications) by restoring some files back to a date and condition that other parts of Norton does not expect since it has more recent data! It can be dealt with but I'd rather you knew before than after!
Let's see if there are any indications of infection by having you run at least one free application that is good at detecting malware that may get past the security net -- that can happen because sometimes it is unwittingly invited in by the user trying to say No Thanks!
Download and install the free version of Malwarebytes [Make sure you click on that Download Free Version on the left] -- it will take you to a third party site like MajorGeeks but that is OK and safe to use], click on its Update button to make sure it is fully uptodate in its definitions and then run it for a full system scan which may take some time. When finished have a look at the log which you can access through it's menu bar and it will indicate possible malware situations although there is some malware that cannot be detected except by the sort of people delphinium first referred you to -- they will work with you on the basis that only they do so at that time and that you do exactly what they say, not taking any shortcuts (something we all love to do ....).
You can post a copy of the log here in the forum if you wish.
Check to see if anyone has more detailed instructions or other suggestions for you but since apparently noone can find internet references to it as a dubuious file I'd follow your instinct and not pay a third party (not even Norton) to try to remove it.
Thanks, Hugh! I've downloaded and ran Malwarebytes and first did a "quick scan". Here's the log of that below. I'm going to run a full scan since the quick scan came back with a clean report. Any other thoughts at this point are welcome!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5990
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/8/2011 12:54:23 PM
mbam-log-2011-03-08 (12-54-22).txt
Scan type: Quick scan
Objects scanned: 167770
Time elapsed: 9 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Next did the full scan as was suggested - also came back clean. Here's the log file from Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5990
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/8/2011 2:51:39 PM
mbam-log-2011-03-08 (14-51-39).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 317108
Time elapsed: 1 hour(s), 41 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
That's encouraging ....
Given that no-one has heard of malware with the name you quote -- and the nearest Norotn can come is:
http://www.symantec.com/security_response/writeup.jsp?docid=2002-071813-0943-99
Trojan.KillAV is a Trojan horse that tries to terminate and/or remove any antivirus software that is running on the computer.
I would have thought you could rule out infection.
Maybe if you amplified a bit about << Experienced problems with a new laptop [ ... ] but computer has had some difficulties following an initial full backup that crashed (was attempting to do a full backup to dvds when it failed to complete the backup about 2/3-3.4 of the way through).>> plus give us some information about the computer and system:
Here's my boilerplate ....
To get you the best advice, would you give us some more information about your system:
What version of Windows are you using including Service Packs and whether 32 bit or 64 bit as well as the Name and Version ID of the Norton product that you are using -- Help or Support / About is where that is, in the format of nn.nn.nn.nnn
If you have the COMCAST version of Norton 360 / Security Suite and not the normal commercial version please be sure to tell us.
If you get any error messages please give the exact wording of them as well as any other background that could be helpful.
Please tell us what security software came pre-installed on the computer and how you obtained and installed the "Norton" that is now there -- did you buy it from the Norton OnLine Store or from a store or ......
What are the problems that you see at present apart from the crash while making the recovery media?
Can you give me the exact make and model of the computer -- not the serial number but the bunch of letters and numbers that go with the name and narrow down which one it is. I can then look up some background.
Part of the problem is that we don't know what scanner the repair guys used to identify the evil "killap3." It could still easily be a false postive particularly with both MBAM and Norton not reacting to it.
Hugh & delphinium - thanks for trying to help us out with this. This is an HP G62 Notebook laptop running an AMD Athlon II P340 Dual Core processor with 3 GB of RAM and a 64 bit system running Windows 7 Home Premium O.S. Computer running extremely slow at times now - programs take a long time to load. When I take a look at system "performance" (using Norton Internet Security 2011 which has been installed on the machine from the time we got it) there is a "wmpnetwk.exe" program that is constantly running about 1/2 of the system memory or more. The laptop is linked to the internet via WIFI (linksys router). Today I've also run Norton's "Power Eraser" on this thing and the scan did not detect any problems. ??? Thanks for trying to help me get to the bottom of this. This laptop has never allowed me to do a fully system backup (crashed each time when I tried) and at times when I've attempted to bring up Media Center I've had problems that it wouldn't load properly (but it did fine just now for some reason). All Windows 7 and NIS updates are current and have been kept current. At times the laptop seemingly runs fair (but slow) and then at other times it just barely creeps along. Sure would like to know if the problem is an as yet undetected virus or if there is a corrupt file problem somewhere in Windows, etc. that is bogging us down? Thanks guys!
OK -- nothing wrong with that laptop -- I'd got the impression it was an old one and it looks as if it only ever came with WIndows 7 32 or 64.
Apart from any housekeeping on the system I'd be inclined to go to the HP Support website and check for updates to see if you have them:
In particular I see this performance related one that includes some Microsoft fixes:
Essential System Updates Released 2011-01-21
Thanks for the reply, Hugh! I haven't checked for any HP updates, so I plan to give that a try as well. Am also in the process of trying to delete temp files from the temp folder and may go through and attempt to work through the program startups one by one if other things don't work - sound reasonable? We have about 239 GBs of free space on the C drive yet (out of 281). Thanks for your suggestions and help as I try to sort this out!
Those helping you here are pro's (I have a simpler view as Im not a pro) so I just wanted to say...did you verify the start up menu thru' msconfig is a light one? HP loads their pc's w/ lots of programs many you dont need running all the time my sisters pc was so very very slow till we weedled out which ones to turn off awhile back.
That and deleted programs of toolbars and add ons that were not needed.
Well..back to pro's, youre in good hands :)
(i wish I could say which programs we turned off start up but I wouldnt know w/ out seeing her pc and I dont see her often, I dont have an hp sorry)
To cleanup from time to time I use the facility built into Windows and then I don't have to search for where the various folders are located ...
Open WIndows Explorer / Computer [ WINKEY + E ]
Right mouse click on a drive and select Properties TAB
Click on DiskClean button
After it analyses, look at what is checked/unchecked and decide your selection. I always uncheck Cookies if it's checked since I'm not bothered about them, I need some for logging in and it's all I can do to get Norton to leave them alone <g>
With some troubleshooting going on I'd leave System Logs if that is checked and When In Doubt, Leave It Out .... More people get into trouble through tidying up Windows than do by leaving it alone!
Artfreak has a good point on checking startup [ msconfig ] and the amount of stuff HP loads (they are not alone) and if you find you need something you can always check it again since changing msconfig does not delete anything.
wmpnetwk.exe is Windows Media Player. It seems to want to spend a great deal more time on the internet than I do. I rarely use it as I prefer Winamp and have it blocked from accessing the net on my machine. You may require it.
Some laptops are not set up well for cooling. It may be that the length of time to run a full system scan generates enough heat to shut it down. If you notice that the machine is getting hot, you may find that sitting it up on something to allow more airflow through the vents will allow it to complete a scan. Defragging it can cause the same heating and crash if that is the issue.
Have a look in Windows event viewer under system and applications to see what warnings or errors are noted.
This suggestion from Hugh seems to have done the trick! I had already done all the updates from HP (I thought) using the HP Advisor/HP Updater and had supposedly all the latest updates (wrong!). Seeing your note, Hugh, I also checked and downloaded and installed that essential update via the link you posted. I figured "what the heck; if it was an essential update that had already installed fine, but if not, then perhaps that was part of the problem". Sure enough, after doing that everything now seems to have smoothed out and be working fine! Somehow this essential update had not previously installed! So now, after lots of other scanning I've ruled out virus/malware problems, and I've also greatly reduced the things starting up on the machine. Things seem to be smooth now - hope it lasts! Thanks, guys!
WOW! I'm glad that helped. Robots have their limitations ..... I'd check out the network updates too but maybe make a system image first if you have the utility to do that.
For the benefit of others here's the HP Description:
Released: 2011-01-21
Description: This package installs Microsoft fixes and enhancements for the Microsoft Windows Operating Systems, as well as providing other fixes and enhancements that are specific to the supported notebook models. These fixes and enhancements are required to improve the performance of these notebook models.
It sounds to me like something that I remember not that long ago in Windows Updates --I remember one that referred to performance.
Kill1, 2, 3, 3b-f, 4, 6, 7, 8, 9 are all self-defense tests run by Matousec.com. All Matousec's test are available for public dissemination.
If they were left on a PC hard drive, many malware scanners could identify them as malware. All Matousec's tests exhibit live virus signatures and the like but have their delivery and payload mechanisms disabled.
donziehm wrote:Kill1, 2, 3, 3b-f, 4, 6, 7, 8, 9 are all self-defense tests run by Matousec.com. All Matousec's test are available for public dissemination.
If they were left on a PC hard drive, many malware scanners could identify them as malware. All Matousec's tests exhibit live virus signatures and the like but have their delivery and payload mechanisms disabled.
Showing my ignorance here but what does this have to do with the OP's problem .... Does it relate in some way or is it in the wrong thread? If the latter we can get it moved, I think <g>