Malware? Undetected?

tbtb2

I don't know where is it(the file) from, but it is on my computer and I might be infected....

Is it a malware?

/applications/core/interface/file/attachment.php?id=398" data-fileid="398" rel="">PSKILL.EXE.zip

Niels

Hello kids

The tool itself is legit but can be missused by malware here some information about it:

http://www.microsoft.com/technet/sysintern...ads/PsKill.mspx

and here: http://www.windowsitpro.com/Articles/Artic...43569.html?Ad=1

It is more riskware because someone can kill processes that are running on your pc.

Did you install it? If not delete it.

Regards

Niels

tbtb2

Hello kids

The tool itself is legit but can be missused by malware here some information about it:

http://www.microsoft.com/technet/sysintern...ads/PsKill.mspx

and here: http://www.windowsitpro.com/Articles/Artic...43569.html?Ad=1

It is more riskware because someone can kill processes that are running on your pc.

Did you install it? If not delete it.

Regards

Niels

I don't know where it is from and I did not install or download or try to get any software to kill a process on my PC.

Yesterday, I just use an AV scanner to scan my computer and the scanner reported a file called PSkill.exe stored in C:\OEMCUST\TOOLS\WIN32\PSkill.exe is a malware. I have no idea about the malware. I do not even know the function or the damages it has....

I just wonder whether there is any system/program error if I delete the file. Also, whether there is a threat if I leave it on the path mentioned above.

It was not detected by my Bitdefender scanner.

Thanks for your reply.

alexcrist

Hi kids,

What application is installed in that folder (C:\OEMCUST)? If you know that application (you installed it and you use it), then propably PSKILL.exe is a part of that application. Search the website of that application to see if they offer any explanation about PSKILL.EXE.

As Niels said, it can be used to kill processes. But so is TaskManager and many other small tools (anyone with some programming knowledge can write such a tool in just a few minutes), but that doesn't necessarily mean that they are threats/malware/whatever.

Cris.

Niels

Hello kids

Sometimes your pc vendor has placed this file on your computer to better assist you. HP does that also.

What is your pc manufacturer? I mean Hewlet Packard (HP), Acer,Packard Bell, ... What I found so far that it could be pre-installed on Packard Bell pc's. See here a topic about it : http://forum.packardbell.com/en/viewtopic....ighlight=pskill

http://forum.packardbell.com/en/viewtopic....ighlight=pskill

What I read it used before smart restore is use to kill running processes.

Panda online scan detects them. I also have an hp and it detects also other files as riskware.

Regards

Niels

vlad

OEMCUST appears to be indeed some sort of OEM software package for user assistance (as Niels said).

PSKill (by SysInternals, aquired by MS recently) is an application that kills processes, but then again so is taskkill.exe, which is delivered with every Windows (NT/2K/XP) installation. As it has already been stated, it is not dangereous by itself, and in this particular case, it does not appear to be brought along by malware, so your system is most likely safe. There's no point in deleting it, as the OEM suite might need it.

tbtb2

Hello kids

Sometimes your pc vendor has placed this file on your computer to better assist you. HP does that also.

What is your pc manufacturer? I mean Hewlet Packard (HP), Acer,Packard Bell, ... What I found so far that it could be pre-installed on Packard Bell pc's. See here a topic about it : http://forum.packardbell.com/en/viewtopic....ighlight=pskill

http://forum.packardbell.com/en/viewtopic....ighlight=pskill

What I read it used before smart restore is use to kill running processes.

Panda online scan detects them. I also have an hp and it detects also other files as riskware.

Regards

Niels

Thanks~

my PC vendor is exactly...PackardBell.... looking at the info you post.

Niels

Hello kids

Glad that we could help you. Other vendors marks it as riskware which means that it isn't real malware but it can miss-used.

Regards

Niels