HP/Compaq Malware?? Trojan.Killapp.30208.A1

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mattinsocal8911, Dec 3, 2006.

  1. mattinsocal8911

    mattinsocal8911 Private E-2

    Hi Guys its Me again, I am having problems with Trojans of unknown origin called Trojan.Killapp.30208.A1 (from Bitdefender online scan). I believe this is from HP/Compaq preinstalled from the factory and is located in the C:\hp\bin.
    Bitdefender reported the infection has been removed or quarantined(by Trend Micro I think)
    A-squared free trojan scanner idents them as Trojan.Win32.RC5_Dropper.e located in the C:\hp\bin\CorelWP\src\intro.exe
    Riskware.Risktool.Win32.PsKill.p located in the C:\hp\bin\Killwind.exe.
    Adware.WildTangent.a located in C:\Program files\Wildtangent\apps\wtkernal0100.dll plus all the adware that goes with wild tangent and that I need to remove as soon as I get instructions on complete removal (registry included).
    Please advise me on these issues. Thank You.
    Ps this is a Compaq Presario S4210nx P-4 at 2.4GHz and 760 MB of ram
    Hard drive Seagate St380012A 80 GB
    Mobo is ASUSTeK Computer INC P4G533LA REV 1.xx Bus clock: 100megahertz
    Windows XP SP1 updated to SP2 (build 2600)
     

    Attached Files:

    mattinsocal8911, Dec 3, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Ignore all reports about these HP files. They are false positives!


    Look for it in Add/Remove programs and uninstall it. Otherwise allow whatever found it to fix. Since you did not attach any logs, I don't know who reported this to you. The logs you attached don't show any problems and these are not all the logs that are required in the READ ME. If you ran CounterSpy as requested in the READ ME, it may have removed WildTangent for you.
     
    chaslang, Dec 4, 2006
    #2
  3. mattinsocal8911

    mattinsocal8911 Private E-2

    Here is Spybot s report and AVG spyware was a substitute for counterspy I thought. Will attach panda and hijack this later

    ps internet explrer is acting really strange -gets really busy and stops responding till I shut it down. thanks
     

    Attached Files:

    mattinsocal8911, Dec 4, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    CounterSpy is the first choice unless it cannot be run for some reason. NO HijackThis logs should be posted unless the completer READ & RUN ME has been followed and all other logs requested should be attached first.

    Your Spybot logs shows that you did not fix anything??? Why not?

    Did you look in Add/Remove programs as I already suggested and uninstall anything related to WildTangent. Or WT Games or WT GameChannel as they like to hide themselves as.
     
    chaslang, Dec 4, 2006
    #4
  5. mattinsocal8911

    mattinsocal8911 Private E-2

    OK Sorry about the mixup. Here are the requested logs. I will try to post the Spybot log showing changes if allowed. Uninstalled all wild tangent programs as requested. Now on to Corel word perfect where another problem was found. I am realizing this wordperfect program is beyond any recovery efforts is this correct???(trial that is locked) Thanks:)
     

    Attached Files:

    mattinsocal8911, Dec 5, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure what you are trying to tell me but issues with WordPerfect are not topics for the Malware Forum.

    Are you having any malware problems at this time?

    Note: There is no reason to have HijackThis automatically run at startup.
     
    chaslang, Dec 6, 2006
    #6
  7. mattinsocal8911

    mattinsocal8911 Private E-2

    The Corel Word Perfect Program is a trial version which is now missing one of its parts and may not function. If there was any merit to this program, it is probably gone now. I understand there may be another forum where I may submit this question about corel WP and if so where?
    The only malware problems that I am aware of were the wild tangent programs which I uninstalled.(2) There is a folder that may have been restored while I ran a checkdisk or maybe it was always there I dont know. I guess I just delete it now.
    BTW I need to run a chkdsk and disk defrag really bad. I have some windows updates to install and then I am done I guess thank you for all your help.
    As for the Hijack this running at startup I guess I just configure it not to do that correct? Thanks again bye
     
    mattinsocal8911, Dec 6, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Software Forum, but make sure you clearly define exactly what you problem is. But if you are going to post a message saying your trial ran out and you are still trying to use it for something, don't bother. If you want to use the program now after the trial period has ended, you will need to purchase it.

    Chhdsk does not restore folders.

    You're welcome. Yes you changed the configuration settings on HijackThis to run at startup.
     
    chaslang, Dec 7, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds