I keep getting a Malware warning about Toolbox32.exe. Its in the C:\Windows\system32 folder and from what I googled, its a necessary process. Is this a new virus?
upload the file to virustotal.com
What exactly was the alert ?
What scanner, etc. detected it, a screenshot of the alert would help ?
If this is very recent you can use the show last pop-up message (right click the avast tray icon).
This was the latest popup.
http://imageshack.us/photo/my-images/204/messageu.gif/
Well I have no idea why this toolhelp32.exe would need to access this site/IP 89.187.53.210 and presumably set a cookie; something I would consider suspicious.
Avast obviously considers this IP (in Moldova, see image) malicious and so woul I given that it is being accessed from a file in the system32 folder.
Whilst you have googled the toolbox32.exe file name and get results saying it is essential, I also see hits that say it has been associated with cracks and possibly malware. However, the file name in the alert is toolhelp32.exe not toolbox32.exe of the topic title.
Find this toolhelp32.exe file and right click on it and see what information it has, e.g. company name, application name, etc. ?
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Thanks very much, you’re right its TOOLHELP32.exe. Virustotal found 4 viruses on that file and I updated Malwarebytes and Superantispyware. Malwarebytes didn’t catch anything and Superantispyware found a broken registry link? Not too sure if that fixed the problem.
Thanks for letting us know.
You could post the log from SAS on here so we can take a look.
You could also send the file in a email to virus AT avast.com in a password protected zipped archive with the password in the body of the message.
Instructions on how to do so:
https://wiki.csuchico.edu/confluence/display/help/Password+Protect+a+ZIP+File+in+Windows+XP
You’re welcome.
If you had posted the URL to the VT results as suggested, we can see who detected it and what malware they gave it. That helps us to get an idea of what it might be. The same is true of posting the various log contents if anything is found.
As I mentioned my major concern is why it would even need to connect to the internet and to what avast considers a malicious site.
Now this brings me on to the next concern, what is your operating system and firewall ?
This ideally should have outbound protection to block unauthorised connections, which I would consider this to be.
You can also send the sample to avast via the avast chest:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form (and give the URL of this topic) and submit, the file will be uploaded during the next update.