1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Panda Scan Result.. Restart.exe

Discussion in 'Virus & Other Malware Removal' started by atryeu, Jul 13, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. atryeu

    atryeu Thread Starter

    Joined:
    Jun 24, 2006
    Messages:
    204
    Hi there!

    I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

    I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

    I just ran Panda's free online scan and it brought up something...

    C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

    I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
    ------------------
    http://virusscan.jotti.org/
    File: Restart.exe
    Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
    MD5 eb1b125ee5d2022cbf5e2f7226f47638
    Packers detected: -
    Scanner results
    AntiVir Found SecurityPrivacyRisk/Destart.A riskware
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found HackerTool/Rebootah
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
    ----------------

    I do not have that Hijack this program yet, I'm still trying to get things together but I will be looking into it on a night I have the available time to download it (I'm on a 24k dial up connection, so those things take awhile).

    I plan on running Housecall, from TrendMicro tomorrow/Thursday night as well to see if it brings anything else up. Is the Restart.exe file safe to remove? What exactly does that file do?

    Thank you! I will check back first thing after I wake up in the morning....
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    it looks ok, possibly a tool from the computer manufacturer to aid in computer recovery or a reinstall?
     
  3. atryeu

    atryeu Thread Starter

    Joined:
    Jun 24, 2006
    Messages:
    204
    I wasn't sure. I figured it came with Win XP. I'm still learning about XP though so I had no idea what that file is or what it is for. I have been using Win ME for the last serveral years and was forced to switch because my new hardware didn't want to run ME very well.

    That just came up in the virus scan and I couldn't find much about it online last night so I wasn't sure.
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
  5. atryeu

    atryeu Thread Starter

    Joined:
    Jun 24, 2006
    Messages:
    204
    Does anybody else have any further information on this program? Is it safe to remove, or should I leave it be?
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    go here and find the file and then right click it and choose properties and see what it says about it, the date, when it was created, i.e before you bought the pc and has it been modified and what uses it?


    C:/Windows/system32/Tools/Restart.exe
     
  7. atryeu

    atryeu Thread Starter

    Joined:
    Jun 24, 2006
    Messages:
    204
    It says:

    Created: Saturday, July 8, 2006 7:51:18pm (which is correct, I installed Win XP that night)

    Modified: Sunday, December 1, 2002 11:53:02pm

    Accessed: Today, July 16, 2006

    ... Under the Version tab, Description, it says: Restart Conuter LoL Should it say "Conuter"?

    Also, all but 3 files have a foreign looking icon and they all say, under the Version tab - Language, they are Chinese (Taiwan)...
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    Is it linked to microsoft? Do you have a full Xp disc or a restore disc which came with your computer?
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482808