Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not-a-virus.tool.win32.restorecounter


  • Please log in to reply
4 replies to this topic

#1 deuce23

deuce23

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 20 April 2007 - 07:55 PM

My AVG picks up this Not.A.Virus.Tool.Win32.RestoreCounter in my C:\WINDOWS\system32\Tools\Restart.exe but gets an error when trying to quarantine it so I can't clean my PC of it. It says it's not harmful but a hacker can take advantage of it to gain control of my PC.

What should I do?

Edit: I mispelled Tools.

Edited by deuce23, 21 April 2007 - 12:44 AM.

Daily Digest FreebieGossip --- AngryMidgetYo --- Sinfest --- Explosm

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:28 PM

Posted 20 April 2007 - 08:41 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:28 AM

Posted 20 April 2007 - 08:55 PM

Have you used any specialized fix tools recently? For example, smitfraudfix is a tool to detect and remove smitfraud infections. However, certain files that are part of that tool, such as process.exe, restart.exe, SmiUpdate.exe, and reboot.exe, may at times be detected by some anti-virus programs as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

However, restart.exe can also be associated with malware.

I did a search and got a few hits on that file when associated with the path.
C:\WINDOWS\system32\Tools\Restart.exe

Most of those were at German sites and I could not understand the discussion even when using the translate feature. I did find one thread where an analyst said he could be related to the CMedia sound card. Navigate to the location of that file, right-click on it and choose properties. Is there any information on the version tab that could help identify it?

You can also get a second opinion by submitting that file to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 deuce23

deuce23
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 21 April 2007 - 12:53 AM

Before I did also run SuperAntiSpyware and it didn't pick up the infection. Only AVG did.

For some reason when I logged in as the admin and ran AVG, it was able to remove the infection so now it's gone so I wouldn't be able to check its path and properties any longer.

I guess my problem is fixed for now but thank you for your help.
Daily Digest FreebieGossip --- AngryMidgetYo --- Sinfest --- Explosm

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:28 AM

Posted 21 April 2007 - 01:50 AM

Info :This particular file was allready submitted at Jotti by a (German) user with the same path and it came out clean. There is also information this particular program serves to initiate the start of a second OS alternatively belonging to F-secure software. It was also designated as malware having the same path.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users