Hi guys I just recently format my PC and I installed my motherboard drivers and other software avast virus scan firewall ect… and just looking through the C:\windows\system32\tools folder and just notice an “application file” called “Hide.exe”.
My Virus scan has not detected any virus or has SAS and Malwarebytes has not detect it either only spyware terminator has. I went to virustotal and the scan didn’t show anything results, so does anyone know what this file is, is it a new malware, trojan etc. The file name sounds strange to me.
I hope please someone has a answer to this “Hide.exe” application file.
Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic, the URL in the Address bar of the VT results page. If multiple scanners find these infected send the samples to avast for analysis and inclusion in the virus database.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Hi DavidR thanks for the reply back as I did a google search and I got so many mixed results so I was not sure at the time if it was malware. As I did manage to scan this file in VirusTotal.com and here are the results.
But I just found out today that this Hide.exe is from my motherboard drivers as I must of installed it with my graphics, audio and motherboard drivers. as I scan my elitegroup motherboard CD with Spyware Terminator (as they were the only program that detected this file) and I went to investigate to find that there is a Hide.exe file inside the CD.
Hi Polonus, your the person I want to speak because you know alot about risktools, and I have some question about it.
So if I installed the risktools file myself like the one above are they classified as safe.
Can I delete those risktools files in the C:\windows\system32\tools folder as with Elitegroup they have some risktool file named as malware in spyware and antivirus scanners, I just want to know if I can sometime in the future can delete those files in that folder as the result show above that alot of recent virus software are classifying hide.exe as adware. And if I do delete those riskrools files would my any chance my windows could become unstable or corrupted.
The problem with tools is that they can be used for good or evil and an AV has no way to determine the intent and that is why some are called or classed as risktools [Tool] or PUP Potentially Unwanted Program.
When you install a tool for a specific purpose then it isn’t a problem. However you didn’t specifically install this but it came with other general tools/drivers. Deletion isn’t an option I recommend very often and in this case I would suggest exclusion of the file in the avast Program Settings, Exclusions (right click the avast ’ a ’ icon) and enter the full path and file name C:\windows\system32\tools\hide.exe.
This would exclude it from on-demand scans, but if it were being used avast’s standard shield would alert, this is the safest option as you don’t really want anything running this other than you.
I don’t even have a c:\windows\system32\tools folder (win XP Pro), so that would have been created at the same time, so in theory you could remove that ‘if’ there is nothing actually using these tools and to see if that is the case you need to run another tool ;D
Download and run HJT and post the contents of the log file (cut and paste or attach the log file) into this topic, you may need to split it over two or more posts depending on how large it is.
The past couple of days I had been thinking and searching on this file and it’s when I scan my Motherboard CD I had found Hide.exe file in there so I must of install the default setting on that CD which includes full installation like Inf installation utility files, sound and graphic drivers into my computer, and that is how i got that hide.exe into my computer.
I did further research that only PC’s that have Elitegroup motherboard have this windows\system32\tools folder in there as i called my friend and he has the same brand motherboard and he has exactly the same folder and files in that folder but he does not have that hide.exe file which I had though it was suspicious at the time.
So DavidR if i extract that windows\system32\tools folder on the on demand scan, would the resident shield still pick it up or will the on demand scanner pick up other file like system volume files during the scan.
The resident on-access scanner as its name implies monitors files as they are accessed, so if a program or command tried to run hide.exe avast would alert. The on-demand scanner scans files which could lie dormant for some considerable time if they aren’t in regular use, so it is this scan that is more likely to alert on the hide.exe file which is why I suggested the exclusion.
That is the lessor of two evils, if you did delete it and it was required it wouldn’t be available, I simply can’t take that decision for you as I know nothing of how your system is set-up, hence the suggestion to run HiJackThis, which would show what does run on your system.