Ogni volta ke accendo il computer, all'avvio di windows mi compare la schermata di invio segnalazione errori perchè microsoft process kill utility ha smesso di funzionare... Cosa potrebbe essere la causa? ho fatto scansioni con diversi programmi (gmer, un anti-malware microsft, spyboot) ma niente di sospetto:mbe:
Dimenticavo, ho winXP sp3, ho formattato 2 sett fa...
Chill-Out
04-11-2009, 16:16
Controlla nel Registro eventi quale processo crasha, dovrenne trattarsi di kill.exe, riporta nel prossimo post l'errore per esteso.
Ecco qua il report
Tipo evento: Errore
Origine evento: Application Error
Categoria evento: (100)
ID evento: 1000
Data: 06/11/2009
Ora: 14.18.37
Utente: N/D
Computer: PC-CASA
Descrizione:
Applicazione che ha provocato l'errore kill.exe, versione 5.0.2134.1, modulo che ha provocato l'errore kill.exe, versione 5.0.2134.1, indirizzo errore 0x000015b1.
Per ulteriori informazioni, consultare la Guida in linea e supporto tecnico all'indirizzo http://go.microsoft.com/fwlink/events.asp.
Dati:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6b 69 6c ure kil
0018: 6c 2e 65 78 65 20 35 2e l.exe 5.
0020: 30 2e 32 31 33 34 2e 31 0.2134.1
0028: 20 69 6e 20 6b 69 6c 6c in kill
0030: 2e 65 78 65 20 35 2e 30 .exe 5.0
0038: 2e 32 31 33 34 2e 31 20 .2134.1
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 31 35 t 000015
0050: 62 31 b1
Grazie x l attenzione:)
xcdegasp
07-11-2009, 16:19
potresti indicare la directory in cui si trova quel file e magari farlo analizzare su virustotal.com e virscan.org ?
in entrambi i casi dopo che è apparsa la tabella con i risultati relativi agli antivirus usati copia l'indirizzo mostrato dal browser e incollalo qui così possiamo vedere anche noi :)
Ecco qua, quello ke mi lascia perplesso è il fatto ke la directory è nei file della scheda di rete atlantis installata in programmi->802.11wireless....->kill.exe
Informazioni addizionali
File size: 10000 bytes
MD5 : 2957e7aad90315f896abd0fb7cdb40bd
SHA1 : 3af62767a60117fff1c092e1a096fbf65506dc8a
SHA256: 3bab8701eca712d0b13e29907430ee8ae822914299608994452f74a6868ac7f0
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2110
timedatestamp.....: 0x37ECB3B9 (Sat Sep 25 13:36:25 1999)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1852 0x1A00 6.09 917e784537645d0a22ad9b50730c462f
.data 0x3000 0x1D274 0x200 0.04 84655263bb09b91c037cefc3e00e351f
.rsrc 0x21000 0x3C8 0x400 3.23 63220e24a004c6aed1f9088bed06d9eb
( 5 imports )
> advapi32.dll: OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA
> kernel32.dll: GetCurrentThreadId, OpenProcess, VirtualAlloc, VirtualFree, GetLastError, ExitProcess, GetCommandLineA, GetCurrentProcessId, CloseHandle, GetCurrentProcess, TerminateProcess
> msvcrt.dll: _initterm, __setusermatherr, __getmainargs, __p__commode, __p___initenv, _XcptFilter, exit, _controlfp, _iob, fprintf, malloc, _exit, toupper, _except_handler3, printf, _strdup, strrchr, strncpy, strncat, __set_app_type, _adjust_fdiv, __p__fmode
> ntdll.dll: isspace, _strupr, tolower, isdigit, strchr, RtlUnicodeStringToAnsiString, NtQuerySystemInformation
> user32.dll: GetWindow, GetWindowThreadProcessId, OpenWindowStationA, SetProcessWindowStation, GetWindowLongA, CloseWindowStation, CloseDesktop, PostMessageA, SetThreadDesktop, OpenDesktopA, GetWindowTextA, GetThreadDesktop, GetProcessWindowStation, EnumWindowStationsA, EnumDesktopsA, FindWindowExA, EnumWindows
( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 192:7PRNgP4vdTsrkLUDyOS46Ccmoo3mBP8q0aTRWcihxW:7PRa4FJOQG3qPtdTRWcihxW
PEiD : InstallShield 2000
RDS : NSRL Reference Data Set
( Topics Entertainment )
Instant Home Design: kill.exe
( The Learning Company Inc. )
Reader Rabbits Toddler: kill.exe
( Dell )
Dell Back-up Dell-installed Programs: kill.exe
( NewTech Infosystems Inc. )
CD-Maker Plus Edition: kill.exe
( Microsoft )
Applications, Platforms: kill.exeApplications, Platforms: kill.exeApplications, Platforms, Servers: kill.exeBackOffice Server 2000: kill.exeBackOffice Server Beta: kill.exeBackOffice Small Business Server: kill.exeDell reinstallation CD W2K SP1: kill.exeDisc 2438.5: kill.exeInternet Explorer: kill.exeInternet Explorer Versions: kill.exeMDSN Disc 2441.2: kill.exeMicrosoft Security Resource Kit: kill.exeMicrosoft TechNet Trial Software 2002 Volume 1: kill.exeMSDN BETA: kill.exeMSDN Development Platform Disc1: kill.exeMSDN Development Platform Disc 1: kill.exeMSDN Development Platform Disc 10: kill.exeMSDN Development Platform Disc 3: kill.exeMSDN Development Platform Disc1: kill.exeMSDN Development Platform Disc1: kill.exeMSDN Development Platform Disc1: kill.exeMSDN Development Platform Disc2: kill.exeMSDN Development Platform Disc2: kill.exeMSDN Development Platform Disc3: kill.exeMSDN Disc 0018: kill.exeMSDN Disc 0527.1: kill.exeMSDN Disc 0527.2: kill.exeMSDN Disc 1550: kill.exeMSDN disc 2390: kill.exeMSDN Disc 2427.1: kill.exeMSDN Disc 2427.2: kill.exeMSDN Disc 2427.3: kill.exeMSDN Disc 2438: kill.exeMSDN Disc 2438.1: kill.exeMSDN Disc 2438.2: kill.exeMSDN DISC 2438.3: kill.exeMSDN Disc 2438.7: kill.exeMSDN Disc 2439: kill.exeMSDN Disc 2439.1: kill.exeMSDN Disc 2439.2: kill.exeMSDN Disc 2439.3: kill.exeMSDN Disc 2439.6: kill.exeMSDN Disc 2439.7: kill.exeMSDN Disc 2440.3: kill.exeMSDN Disc 2440.4: kill.exeMSDN Disc 2441: kill.exeMSDN Disc 2441.1: kill.exeMSDN Disc 2441.5: kill.exeMSDN Disc 2441.6: kill.exeMSDN Disc 2442: kill.exeMSDN Disc 2442.1: kill.exeMSDN Disc 2442.2: kill.exeMSDN Disc 2442.3: kill.exeMSDN Disc 2442.4: kill.exeMSDN Disc 2442.5: kill.exeMSDN Disc 2442.6: kill.exeMSDN Disc 2443: kill.exeMSDN Disc 2443.1: kill.exeMSDN Disc 2443.2: kill.exeMSDN Disc 2444: kill.exeMSDN Disc 2444.1: kill.exeMSDN Disc 2444.3: kill.exeMSDN Disc 2455: kill.exeMSDN Disc 2455.1: kill.exeMSDN disc 2455.2: kill.exeMSDN Disc 2455.4: kill.exeMSDN Disc 2455.6: kill.exeMSDN Disc 2464: kill.exeMSDN Disc 2464.1: kill.exeMSDN Disc 2464.2: kill.exeMSDN Disc 2464.5: kill.exeMSDN Disc 2465: kill.exeMSDN Disc 2465.2: kill.exeMSDN Disc 2465.4: kill.exeMSDN Disc 2465.5: kill.exeMSDN Disc 2466: kill.exeMSDN Disc 2466.1: kill.exeMSDN Disc 2466.2: kill.exeMSDN Disc 2476: kill.exeMSDN Disc 2476.1: kill.exeMSDN Disc 2476.2: kill.exeMSDN Disc 3235: kill.exeMSDN Disc MSDN Index Oct 2000 IE Versions Platform SDK July 2000 Edition: kill.exeMSDN Disc2365: kill.exeMSDN Disc2389: kill.exemsdn Internet Explorer/ windows2000 Server: KILL.EXE, kill.exeMSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: kill.exeMSDN Windows 2000 Advanced Server Disc6: kill.exeMSDN Windows 2000 Professional Disc 3: kill.exeMSDN Windows 2000 Server Disc5: kill.exeMSDN Windows Codename Whistler Personal Beta 1: kill.exePlatforms: kill.exePlatforms, SDK/DDK: kill.exePlatforms, SDK/DDK, Developer Tools: kill.exePlatforms, Servers, Applications: kill.exeWindows: kill.exeWindows: kill.exeWindows: kill.exeWindows: kill.exeWindows: kill.exeWindows 2000: kill.exeWindows 2000 Professional: kill.exeWindows 2000 Professional: kill.exeWindows 2000 Professional - Dell Reinstallation CD: kill.exeWindows 2000 Versions: kill.exeWindows 98 Versions: kill.exeWindows Codename Whistler: kill.exeWindows Codename Whistler: kill.exeWindows Codename Whistler: kill.exeWindows Codename Whistler Debug/Checked Build: kill.exeWindows Logo Hardware Compatibility Test Kit for Windows Millennium: kill.exeWindows XP: kill.exe
xcdegasp
09-11-2009, 15:09
ti avevo chiesto l'url proprio perchè ci serve la tabella dei risultati e di entrambi i siti, se puoi :)
i sospetti sono questi:
_ http://www.siteguard.com/kill.exe/11526064/
_ http://www.threatexpert.com/files/kill.exe.html
ma appunto se non mi dai quei due url di cui necessito non riesco a capire bene...
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.