[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Rkill Processes to terminate

Posted on 2014-01-06
6
Medium Priority
?
1,133 Views
Last Modified: 2014-01-06
A client was infected by PUPs.  I can't get a clean rkill log.  Everything is good but it says -

Checking for processes to terminate:

 * C:\windows\SysWOW64\PSIService.exe (PID: 2368) [WD-HEUR]
 * C:\windows\system32\ThpSrv.exe (PID: 3000) [WD-HEUR]
 * C:\Windows\System32\ThpSrv.exe (PID: 4528) [WD-HEUR]

Any concern or correction?
Thanks,
Mags
0
Comment
Question by:Mags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Accepted Solution

by:
aadih earned 2000 total points
ID: 39760877
All the three processes seem to be legitimate.

No harm if you terminate these processes, however.
0
 

Author Comment

by:Mags
ID: 39760888
Thanks...what does the "PID: #" and "WD-HEUR" mean?
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 2000 total points
ID: 39760901
PID = Process ID.

WD-HEUR (clearly a RKill term): I do not know what it stands for (a trojan in rkill's eyes).

Why don't you also scan with Malwarebytes Antimalware (free) just to gain some peace of mind?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:Mags
ID: 39760931
Did that as well as SAS, AdwCleaner, Hitman Pro, JRT...last MBAM was clean.  
Computer is running well.  Anything else I should run?

Thanks for your assistance,
Mags
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 2000 total points
ID: 39760936
No. Your PC is clean. Make a restore point. And enjoy using it and worry not.
0
 

Author Closing Comment

by:Mags
ID: 39760954
Thanks for the reminder on the restore point!!  I'll clear the infected ones first!!  Have a good one,  I appreciate your help!
Happy New Year!
Mags
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question