[atryeu]

Hi there!

I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

I just ran Panda's free online scan and it brought up something...

C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
------------------
http://virusscan.jotti.org/
File: Restart.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 eb1b125ee5d2022cbf5e2f7226f47638
Packers detected: -
Scanner results
AntiVir Found SecurityPrivacyRisk/Destart.A riskware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/Rebootah
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
----------------

I do not have that Hijack this program yet, I'm still trying to get things together but I will be looking into it on a night I have the available time to download it (I'm on a 24k dial up connection, so those things take awhile).

I plan on running Housecall, from TrendMicro tomorrow/Thursday night as well to see if it brings anything else up. Is the Restart.exe file safe to remove? What exactly does that file do?

Thank you! I will check back first thing after I wake up in the morning....

[khazars]

it looks ok, possibly a tool from the computer manufacturer to aid in computer recovery or a reinstall?

[atryeu]

I wasn't sure. I figured it came with Win XP. I'm still learning about XP though so I had no idea what that file is or what it is for. I have been using Win ME for the last serveral years and was forced to switch because my new hardware didn't want to run ME very well.

That just came up in the virus scan and I couldn't find much about it online last night so I wasn't sure.

[khazars]

ok !

[atryeu]

Does anybody else have any further information on this program? Is it safe to remove, or should I leave it be?

[khazars]

go here and find the file and then right click it and choose properties and see what it says about it, the date, when it was created, i.e before you bought the pc and has it been modified and what uses it?


C:/Windows/system32/Tools/Restart.exe

[atryeu]

It says:

Created: Saturday, July 8, 2006 7:51:18pm (which is correct, I installed Win XP that night)

Modified: Sunday, December 1, 2002 11:53:02pm

Accessed: Today, July 16, 2006

... Under the Version tab, Description, it says: Restart Conuter LoL Should it say "Conuter"?

Also, all but 3 files have a foreign looking icon and they all say, under the Version tab - Language, they are Chinese (Taiwan)...

[khazars]

Is it linked to microsoft? Do you have a full Xp disc or a restore disc which came with your computer?