cancel
Showing results for 
Search instead for 
Did you mean: 

Potentially Unwanted Program-RemAdm-PSKill

McAfee has been telling us about this "Potentially Unwanted Program-RemAdm-PSKill for at least a year. We have Windows XP and have just installed Service Pack 3 and now it looks like we have 2 of these programs, according to our last scan. The Program Characteristics state that it was built for use by administrators to do remote system administration.

Is this something Windows needs to do our updates? If not, it looks like we need to get rid of it because it's been used by trojans for malicious purposes.

Thanks,
upthecreek
6 Replies
Highlighted
melboy
Level 7
Report Inappropriate Content
Message 2 of 7

RE: Potentially Unwanted Program-RemAdm-PSKill

where is mcafee detecting this (paths/files)?
Grif
Level 10
Report Inappropriate Content
Message 3 of 7

RE: Potentially Unwanted Program-RemAdm-PSKill

UpTheCreek,

It may be a false positive depending on the file and it's name, especially if you're using an HP/Compaq computer or you have Virtual Network Computing installed..

Please see the link below for another old discussion about this issue if the file is named "Killwind.exe..

http://community.mcafee.com/showthread.php?t=217980&highlight=RemAdm-PSKill

http://community.mcafee.com/showpost.php?p=81169&postcount=2

In addition, there is a new definitions release for today, Saturday, which may fix or cause the problem, Definitions # 5421.. Have you updated to the newest defintions?

Hope this helps.

Grif

RE: Potentially Unwanted Program-RemAdm-PSKill

Thank you for your help on this.

McAfee found these 2 records in the file name C:\hp\bin\killwind.exe as was also noted in the 2002 correspondence. We had 1 record long before we updated to sp2, and then sp3 late last month. We are using an HP Pavilion. Would Windows or HP have added the 2nd one? If we delete them, will HP be able to send necessary updates?

Where would I update to the newest definitions? I don't think I've ever heard of that.

Sorry to ask so many questions.....lots to learn

Thank you,
upthecreek
Grif
Level 10
Report Inappropriate Content
Message 5 of 7

RE: Potentially Unwanted Program-RemAdm-PSKill

As stated in one of the links I provided above, Killwind.exe is an HP program which allows HP to connect directly to a PC while it is online so that it can "push" content and program updates. Generally, you don't need those HP updates as I uninstall the HP Updates program from all the HP comps I take care of.. The Killwind.exe program has nothing to do with Windows Updates and primarily is used for remote control when needed by HP..

It's your choice as whether to keep Backweb, etc. on your machine.. And the detection has nothing to do with Service Pack 2 or Service Pack 3.. It may have something to do with an enhanced detection on Killwind.exe but as you see by reading the link I provided from 2003, this issue has been around a while.

As to updating to the newest definitions, you haven't told us which version of McAfee you're using, but generally, you can RIGHT click on the McAfee icon in the lower right corner, choose "Update Now"..

Hope this helps.

Grif

RE: Potentially Unwanted Program-RemAdm-PSKill

Grif,

Thanks for your reply and your patience.

We are using McAfee VisusScan Plus with SiteAdvisor (Security Center 9.0, VisusScan Version 13.0, DAT Version 54360000, Personal Firewall Version 10.0, SiteAdvisor Version 2.9) purchased and installed approximately 8.11.09 and we have all the current updates. Just checked it this morning. Do we need more than this?

So, it sounds like all we need to do is delete Backweb from the Control Panel and run the newest Ad-Aware 6 spyware removal tool.

Will this stop all the strange looking attempted unsolicited connections to our computer and pings (whatever that is)?.....or is this a separate issue?

Thanks again,
upthecreek
Grif
Level 10
Report Inappropriate Content
Message 7 of 7

RE: Potentially Unwanted Program-RemAdm-PSKill

Well, there is no "silver bullet" which prevents and removes all spyware, etc. .. And Ad-Aware 6 is an old version of the that particular program (they're on Ad-Aware 2008 right now), PLUS it's not as effective as other tools are now.. SuperAntispyware, Malwarebytes, and a few others.

And yes, for most users, uninstalling Backweb should work fine.

Hope this helps.

Grif