Ewido has discovered and removed (it is quarantine) this Infection [Not-A-Virus.Tool.Reboot] in C:\WINDOWS_MSRSTRT.EXE. Ewido rates this infection as high risk. What is it and is it dangerous? What does it do? Thanks.
Ewido found it 7/5/2005. If I click on “Remove finally” will ewido remove just Not-A-Virus.Tool.Reboot or C:\WINDOWS_MSRSTRT.EXE with Not-A-Virus.Tool.Reboot?
I know that is probably a dumb question. I don’t know if C:\WINDOWS_MSRSTRT.EXE is a legitimate file or part of the infection.
The reason I asked, for stuff like this to get established (e.g. put files in system folders, create registry entries, etc.) it needs certain admin privileges, give yourself a fighting chance and deny these rights.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator.
If you are not getting a virus warning that and you believe it’s a new or undetected virus, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem (a link to this thread, etc.), the fact that you believe it to be a new or undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.