McAfee has been telling us about this "Potentially Unwanted Program-RemAdm-PSKill for at least a year. We have Windows XP and have just installed Service Pack 3 and now it looks like we have 2 of these programs, according to our last scan. The Program Characteristics state that it was built for use by administrators to do remote system administration.
Is this something Windows needs to do our updates? If not, it looks like we need to get rid of it because it's been used by trojans for malicious purposes.
McAfee found these 2 records in the file name C:\hp\bin\killwind.exe as was also noted in the 2002 correspondence. We had 1 record long before we updated to sp2, and then sp3 late last month. We are using an HP Pavilion. Would Windows or HP have added the 2nd one? If we delete them, will HP be able to send necessary updates?
Where would I update to the newest definitions? I don't think I've ever heard of that.
As stated in one of the links I provided above, Killwind.exe is an HP program which allows HP to connect directly to a PC while it is online so that it can "push" content and program updates. Generally, you don't need those HP updates as I uninstall the HP Updates program from all the HP comps I take care of.. The Killwind.exe program has nothing to do with Windows Updates and primarily is used for remote control when needed by HP..
It's your choice as whether to keep Backweb, etc. on your machine.. And the detection has nothing to do with Service Pack 2 or Service Pack 3.. It may have something to do with an enhanced detection on Killwind.exe but as you see by reading the link I provided from 2003, this issue has been around a while.
As to updating to the newest definitions, you haven't told us which version of McAfee you're using, but generally, you can RIGHT click on the McAfee icon in the lower right corner, choose "Update Now"..
We are using McAfee VisusScan Plus with SiteAdvisor (Security Center 9.0, VisusScan Version 13.0, DAT Version 54360000, Personal Firewall Version 10.0, SiteAdvisor Version 2.9) purchased and installed approximately 8.11.09 and we have all the current updates. Just checked it this morning. Do we need more than this?
So, it sounds like all we need to do is delete Backweb from the Control Panel and run the newest Ad-Aware 6 spyware removal tool.
Will this stop all the strange looking attempted unsolicited connections to our computer and pings (whatever that is)?.....or is this a separate issue?
Well, there is no "silver bullet" which prevents and removes all spyware, etc. .. And Ad-Aware 6 is an old version of the that particular program (they're on Ad-Aware 2008 right now), PLUS it's not as effective as other tools are now.. SuperAntispyware, Malwarebytes, and a few others.
And yes, for most users, uninstalling Backweb should work fine.