?
Solved

Rkill Processes to terminate

Posted on 2014-01-06
6
Medium Priority
?
1,240 Views
Last Modified: 2014-01-06
A client was infected by PUPs.  I can't get a clean rkill log.  Everything is good but it says -

Checking for processes to terminate:

 * C:\windows\SysWOW64\PSIService.exe (PID: 2368) [WD-HEUR]
 * C:\windows\system32\ThpSrv.exe (PID: 3000) [WD-HEUR]
 * C:\Windows\System32\ThpSrv.exe (PID: 4528) [WD-HEUR]

Any concern or correction?
Thanks,
Mags
0
Comment
Question by:Mags
  • 3
  • 3
6 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 2000 total points
ID: 39760877
All the three processes seem to be legitimate.

No harm if you terminate these processes, however.
0
 

Author Comment

by:Mags
ID: 39760888
Thanks...what does the "PID: #" and "WD-HEUR" mean?
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 2000 total points
ID: 39760901
PID = Process ID.

WD-HEUR (clearly a RKill term): I do not know what it stands for (a trojan in rkill's eyes).

Why don't you also scan with Malwarebytes Antimalware (free) just to gain some peace of mind?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 

Author Comment

by:Mags
ID: 39760931
Did that as well as SAS, AdwCleaner, Hitman Pro, JRT...last MBAM was clean.  
Computer is running well.  Anything else I should run?

Thanks for your assistance,
Mags
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 2000 total points
ID: 39760936
No. Your PC is clean. Make a restore point. And enjoy using it and worry not.
0
 

Author Closing Comment

by:Mags
ID: 39760954
Thanks for the reminder on the restore point!!  I'll clear the infected ones first!!  Have a good one,  I appreciate your help!
Happy New Year!
Mags
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question