Hi, I am really confused at the moment I try a program called Spyware Terminator and I did a full scan with it and this what it pick up -
Trojan.Downloader.Dadobra.bru - that was located in C:\windows\system32\tools\Regexe.exe
and
RiskTool.Reboot.j - which was located in C:windows\system32\tools\restart.exe
I looked in that folder and what i found were my motherboard drivers of Elitegroup software.
So my question is does anyone know that are these Trojans, malware, or are they false positives. Because I scan my computer with Avast, Bitdefender 10 free edition, Ad aware, spy bots, superantispyware, a-squared, malwarebytes and these program found no virus, Trojan or malware during the scan with these programs.
So I’m confused to quarantine it or leave it in the folder because they could be linked to my motherboard registry drives and how reliable is Spyware Terminator compare to the other spyware scanners.
A risktool is a tool or program or executable rather that could be used for malicious purposes if for instance it was placed onto your computer by a third party (hacker, malware, spyware, etc.).
Some anti-malware tools are also found up as risktools by anti-malware and av-scanners, because they are dangerous in the hands of the unaware and need instruction to work properly and not to harm the Operational System.
So a risktool is no risktool if you have willingly installed it, and you know what you plan to do with it and are aware of the workings of the tool and also the risks involved (registry editor).
Another issue is that firm admin’s do not want certain tool installed on the machines in their network and therefore have not made an exclusion to the use of certain risktools and unwanted programs seen given by that particular policy towards unwanted tools and programs (this should be presented in written form to the workers in that firm so they are aware what is allowed and not) are deleted by for instance an av-solution like McAfee for small companies. But on your personal computer you are free to make an exclusion for these tools as you see fit,
I had a similar report on virustotal and virscan.org a few weeks ago. I uploaded a crack file. And took a chance anyway and open it. Some days later I went to check system restore, everything was gone except for the files it (the installed crack) keep to stay in the system.
So, if I were you, I would start backuping all the files, and be careful that no hidden or self-modifying “.ini” files are not in your backup. I would select each files one by one with WinZip or WinRar (keeping the whole path, which I was not clever enough to do the time I tried it, it was my first)
I had tried different anti-virus-malware-etc… no luck. Vipre rescue did help and found it, but only in the file that I had dl. It could not do a thing for the rest. So I install Vipre Anti-virus, it blocked explorer.exe as a suspicious process. Guess what, everything shut down. I had to uninstall everything by hand file by file in safe mode not forgetting the keys. Lots regedit scanning.
Reinstall avast (it was never uninstall in the first place) just to be safe, all from an avast clean-up.
And I started packing my things.
Hope you don’t have to go throu this. Good luck;)
Ghis
btw; I would like to know if there are any risks of a malware to find its way throu the partition files where the retail vendors all have the very clever (I mean dumb) idea to put all the recovery files as the only way to reinstall?
To Fenrir thanks for helping me find articles that has similar issue to me I thought it was a false positive because only Spyware Terminator pick up these as Trojans and no other programs did as I would say that Spyware Terminator does pick up some false positives than other spyware programs.
As the program scanned and pick up these 2 files i quarantine it and my computer was working fine as I was about to delete them, and then the next day I decide to check the system32\tools folder to find out that they were part of my motherboard drivers and then I restored them back to the folder, but since I dont usually check inside the windows folders I just wanted to make sure that those icon weren’t disguise as Trojans.
To polonus thanks for giving me info on my issues, your description was a bit advance and i had to read it a few times to understand it but it gave me great info on what a risktool is.