# PsKill?



## burcu (Mar 26, 2005)

This is a problem that my friend is having and I couldn't figure out what to do with it. She uses AVG 7.1 Anti-Virus software. When she runs it, the program finds the following 4 files as "potentially harmful program PsKill"

*PsKill.exe * C:\system volume information\_restore{B96F6340-C130-4B60-A7FA-79E41C2CFC6F}\A0001303.INS:\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE

*A0001303.INS * C:\system volume information\_restore{B96F6340-C130-4B60-A7FA-79E41C2CFC6F}\A0001303.INS

*PsKill.exe * C:\system volume information\_restore{B96F6340-C130-4B60-A7FA-79E41C2CFC6F}\A0001304.INS:\C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE

*A0001304.INS * C:\system volume information\_restore{B96F6340-C130-4B60-A7FA-79E41C2CFC6F}\A0001304.INS

Norton with all its updates can't find them, ADaware cannot find them either. I have checked out the Norton website and the closest information there is related to Backdoor.Hale and Backdoor.EggHead...

What exactly are they? How can we get rid of them?

Thanks


----------



## Resolution (Sep 17, 2005)

You have some infected files in your System Volume Information folder. This is where your restore points for System Restore are kept. The best way to get rid of infected files here is to purge/remove the restore points. You can do this by turning System Restore off, and then turning it on again. 

You will also have to remove the offending files and folders from your file system also. It would be best if you allowed the boys and girls on the HijackThis log help forum to assist your friend, because she may have other infections. 

Tell your friend to download HijackThis. Unzip it to a permanent location and run the program. Click where it says "Do a system scan and save a log file", *but don't fix anything yet*. Copy and paste the contents of the log file to the HijackThis Log Help  forum (not this forum). The analysts there will scan the log file and help your friend remove the infection.


----------



## burcu (Mar 26, 2005)

*Thanks*

I will do that and see what happens...


----------



## johnwill (Sep 26, 2002)

PSKILL is not a virus or malware, it's just being targeted because it has potential uses that way.


----------



## Resolution (Sep 17, 2005)

Never question Norton! :smile: 

It might not be a virus, but if the owner of the computer didn't personally put it there, then it doesn't belong on the system.


----------



## FlyingFin (Nov 4, 2005)

Resolution said:


> Never question Norton! :smile:
> 
> It might not be a virus, but if the owner of the computer didn't personally put it there, then it doesn't belong on the system.


Aye, and if Norton doesn't find anything, it is not considered a severe enough threat. Sure, if you don't have the AntiSpyware edition (or 2006), you won't find any adware/spyware either. But since Adaware couldn't find it, I'd say just leave it there or remove it manually if you don't recognize where it's from.


----------



## burcu (Mar 26, 2005)

*Solved*

Thanks all...


----------



## bahsg (Feb 7, 2006)

What did you do to solve the problem?


----------



## KarenSweet (Apr 24, 2006)

I have PsKill.exe on my pc, i have a packard bell system and SMART RESTORE uses it , if i delete it it is difficult to format or create backup cd's. As long as you have a good firewall and use caution and common sense i dont see it as harmful


----------



## johnwill (Sep 26, 2002)

Like I said, it's not malware, it just can be used that way. :smile:


----------



## jean.cheesman (May 9, 2006)

*PSKill*

Hi Folks, 

I joined here looking to solve the problem of suddenly seemingly infected by PsKill too, I was in a panic!

As with some earlier posts here too I had this problem come up with a Packard Bell System which I had for the last two years been running with Norton Anti-Virus Software on one of my newer 'puters and when this ran out, package deal when I bought this 'puter, I had added my trusted AVG 7.1. Ran scan and Duh!!!

Those same infected files! And could not Delete!



Resolution said:


> You have some infected files in your System Volume Information folder. This is where your restore points for System Restore are kept. The best way to get rid of infected files here is to purge/remove the restore points.
> 
> I checked through all the earlier posts on this and got myself out of panic mode and was so easy!
> 
> ...


----------

