Kill.com
Printed From: Aurora
Category: Aurora Sequencer Software
Forum Name: Installation Issues
Forum Discription: This is the place to discuss issues with installing Aurora
URL: http://www.aurorashow.com/forum/forum_posts.asp?TID=1417
Printed Date: 31 Oct 2024 at 7:15pm Software Version: Web Wiz Forums 9.06 - http://www.webwizforums.com
Topic: Kill.com
Posted By: webbtech
Subject: Kill.com
Date Posted: 11 Sep 2012 at 3:27pm
My anti virus picked up a possible threat...killcom.exe....is this a legit file in Aurora?
------------- Mark Webb
|
Replies:
Posted By: LightsOnLogan
Date Posted: 11 Sep 2012 at 4:02pm
killcom.exe is an Aurora file. It is used to reset all com ports when in d2xx mode. It is typically called when changing serial network settings.
------------- http://www.aurorashow.com/">
|
Posted By: webbtech
Date Posted: 11 Sep 2012 at 6:48pm
Interesting enough though...I hear my anti virus go off with that file and Aurora is not even running.
------------- Mark Webb
|
Posted By: LightsOnLogan
Date Posted: 11 Sep 2012 at 7:20pm
I'm getting a report about this in the beta group as well. Although I'm inclined to believe it is a false positive caught by an update to your virus definitions, I'm going to check it out further to be sure. What antivirus are you using?
------------- http://www.aurorashow.com/">
|
Posted By: webbtech
Date Posted: 11 Sep 2012 at 7:28pm
Avast...sent in a request to advise of a false positive. I also gave them your web site if they want to contact you.
------------- Mark Webb
|
Posted By: BigDPS
Date Posted: 11 Sep 2012 at 8:09pm
I'm getting it from AVG. Even though I click ignore threat, it keeps coming up. Weird...
------------- http://www.aurorashow.com/">
|
Posted By: LightsOnLogan
Date Posted: 11 Sep 2012 at 8:32pm
I'm not getting it on avast here. I'll put together a checksum for the file tomorrow to make sure neither of yours have become infected.
------------- http://www.aurorashow.com/">
|
Posted By: Jonathan
Date Posted: 12 Sep 2012 at 9:02am
On my system, AVG seems to think that it's a trojan horse.
------------- ~Jonathan
|
Posted By: LightsOnLogan
Date Posted: 12 Sep 2012 at 2:35pm
Avast started yanking killcom.exe off my development systems today too, so I guess I just today got the definitions update that thinks it is bad. It gave no warning/notice or anything... one minute the file is there, then the next it is gone without any evidence as to what happened. No log was generated in the Avast GUI either. I had to go looking for it in the chest to find where it went.
If you have one then you can use your favorite MD5 checksum generator to
check yours, or you can download one (this one is easy to use:
http://www.colonywest.us/digestit/ )
There are two versions of the file for Aurora, both created in 2009. The one with the July date should have a checksum of e7483276d245eb5fbd2d5dd0983258eb. The one with a December date has a checksum of 246b990f9acff3958f6a551889ae2339.
I just rebuilt from source and Avast immediately yanked the file created from source as soon as the compiler was done writing it to disk. False positive?
Michael
------------- http://www.aurorashow.com/">
|
Posted By: BigDPS
Date Posted: 12 Sep 2012 at 2:54pm
My anti virus won't even let me open the file. I use digestit and it tells me it can't open the file.
------------- http://www.aurorashow.com/">
|
Posted By: LightsOnLogan
Date Posted: 12 Sep 2012 at 3:44pm
I don't know the process with AVG. With Avast I had to restore it from the virus chest, then temporarily shut down protection, then generate the MD5 hash, and then restart protection.
I submitted a false positive with Avast. I encourage you to do the same with AVG.
For performance reasons it is unlikely that any antivirus actually looks at every byte in a file. While they don't reveal their secrets, it is probable that they look at a handful of bytes and the total file size to figure out if it is a threat or not. This Aurora file just happens to match the pattern when it isn't a threat.
Interestingly, I can get the file to pass Antivirus testing if I comment out the lines which shut down the DMX-over-dongle server (the 2009-2011 DMX patch).
Michael
------------- http://www.aurorashow.com/">
|
Posted By: BigDPS
Date Posted: 12 Sep 2012 at 5:07pm
After disabling my AVG, I did manage to hash it and it gave me the 246b990f9acff3958f6a551889ae2339 number you had. I will tell AVG about the false positive.
------------- http://www.aurorashow.com/">
|
Posted By: LightsOnLogan
Date Posted: 13 Sep 2012 at 11:07am
I'm just glad this was caught now instead of December; this is the type of thing that usually pops up around then and makes a support nightmare (does anyone happen to remember Windows Update replacing the FTDI drivers right in the middle of the 2009 season?)
Michael
------------- http://www.aurorashow.com/">
|
Posted By: BigDPS
Date Posted: 13 Sep 2012 at 6:16pm
Windows likes to change things around as they will. It likes to keep us on the edge....
As for killcom, it appears like my AVG hasn't seen it as a threat today when it scanned it. I wonder if AVG changed its heuristic files already?
------------- http://www.aurorashow.com/">
|
Posted By: ibewill
Date Posted: 03 Dec 2012 at 11:14am
I have been dealing with the kill.com problem for a while and mine problem is even worse. Norton Security Suite that Comcast gives free to customers is quarantining Kill.com and the entire Aurora Sequencer and Scheduler software. If I try to open either, there is no file to open with. I have to reopen the original download file that fixes Aurora then open Aurora Sequencer or Scheduler immediately after. Norton thinks its so bad I can't exclude aurora. Hope not to deal with this next year. Adding this to my other problems have been frustrating.
|
Posted By: LightChristmas
Date Posted: 03 Dec 2012 at 3:24pm
Easy solution. Get rid of Norton and use AVG-Free. Just as good if not better, and making file exceptions is much easier.
------------- http://www.aurorashow.com/">
|
|