Solved

Rkill Processes to terminate

Posted on 2014-01-06
6
914 Views
Last Modified: 2014-01-06
A client was infected by PUPs.  I can't get a clean rkill log.  Everything is good but it says -

Checking for processes to terminate:

 * C:\windows\SysWOW64\PSIService.exe (PID: 2368) [WD-HEUR]
 * C:\windows\system32\ThpSrv.exe (PID: 3000) [WD-HEUR]
 * C:\Windows\System32\ThpSrv.exe (PID: 4528) [WD-HEUR]

Any concern or correction?
Thanks,
Mags
0
Comment
Question by:MagsMcKinley14
  • 3
  • 3
6 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 500 total points
ID: 39760877
All the three processes seem to be legitimate.

No harm if you terminate these processes, however.
0
 

Author Comment

by:MagsMcKinley14
ID: 39760888
Thanks...what does the "PID: #" and "WD-HEUR" mean?
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 500 total points
ID: 39760901
PID = Process ID.

WD-HEUR (clearly a RKill term): I do not know what it stands for (a trojan in rkill's eyes).

Why don't you also scan with Malwarebytes Antimalware (free) just to gain some peace of mind?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:MagsMcKinley14
ID: 39760931
Did that as well as SAS, AdwCleaner, Hitman Pro, JRT...last MBAM was clean.  
Computer is running well.  Anything else I should run?

Thanks for your assistance,
Mags
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 500 total points
ID: 39760936
No. Your PC is clean. Make a restore point. And enjoy using it and worry not.
0
 

Author Closing Comment

by:MagsMcKinley14
ID: 39760954
Thanks for the reminder on the restore point!!  I'll clear the infected ones first!!  Have a good one,  I appreciate your help!
Happy New Year!
Mags
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Read about achieving the basic levels of HRIS security in the workplace.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now