What is Hide.exe

Hi guys I just recently format my PC and I installed my motherboard drivers and other software avast virus scan firewall ect… and just looking through the C:\windows\system32\tools folder and just notice an “application file” called “Hide.exe”.

My Virus scan has not detected any virus or has SAS and Malwarebytes has not detect it either only spyware terminator has. I went to virustotal and the scan didn’t show anything results, so does anyone know what this file is, is it a new malware, trojan etc. The file name sounds strange to me.

I hope please someone has a answer to this “Hide.exe” application file.

Thanks you

Have you tried your friend google yet ?
http://www.google.com/search?q=Hide.exe and
http://www.threatexpert.com/files/hide.exe.html.

Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic, the URL in the Address bar of the VT results page. If multiple scanners find these infected send the samples to avast for analysis and inclusion in the virus database.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Hi Northeast,

If you haven’t installed this risktool yourself, then you should remove it in SafeMode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

polonus

Hi DavidR thanks for the reply back as I did a google search and I got so many mixed results so I was not sure at the time if it was malware. As I did manage to scan this file in VirusTotal.com and here are the results.

But I just found out today that this Hide.exe is from my motherboard drivers as I must of installed it with my graphics, audio and motherboard drivers. as I scan my elitegroup motherboard CD with Spyware Terminator (as they were the only program that detected this file) and I went to investigate to find that there is a Hide.exe file inside the CD.

Result: 23/41 (56.10%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.08 Riskware.Risktool.Hide!IK
AhnLab-V3 5.0.0.2 2009.07.07 -
AntiVir 7.9.0.204 2009.07.07 -
Antiy-AVL 2.0.3.1 2009.07.07 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.07 -
AVG 8.5.0.386 2009.07.08 Generic3.AJSE
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.07 AdWare.Dm.wd (Not a Virus)
ClamAV 0.94.1 2009.07.07 -
Comodo 1538 2009.07.02 Unclassified Malware
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.07 -
eTrust-Vet 31.6.6602 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
F-Secure 8.0.14470.0 2009.07.08 AdWare.Win32.Dm.wf
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 not-a-virus.Risktool.Hide
Jiangmin 11.0.706 2009.07.07 Adware/Dm.g
K7AntiVirus 7.10.786 2009.07.07 not-a-virus:AdWare.Win32.Dm
Kaspersky 7.0.0.125 2009.07.08 not-a-virus:AdWare.Win32.Dm.wf
McAfee 5669 2009.07.07 potentially unwanted program Generic PUP
McAfee+Artemis 5669 2009.07.07 potentially unwanted program Generic PUP
McAfee-GW-Edition 6.8.5 2009.07.07 Heuristic.LooksLike.Win32.NewMalware.I
Microsoft 1.4803 2009.07.07 -
NOD32 4222 2009.07.07 probably a variant of Win32/Adware.Agent
Norman 6.01.09 2009.07.07 W32/DesktopMedia.QI
nProtect 2009.1.8.0 2009.07.08 Trojan-Clicker/W32.Dm.368128.D
Panda 10.0.0.14 2009.07.07 Adware/VapSup
PCTools 4.4.2.0 2009.07.07 -
Prevx 3.0 2009.07.08 High Risk Worm
Rising 21.37.14.00 2009.07.07 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.07 AdWare.Win32.Dm.wf
Symantec 1.4.4.12 2009.07.08 Adware.Gen
TheHacker 6.3.4.3.363 2009.07.08 Adware/Dm.wf
TrendMicro 8.950.0.1094 2009.07.07 -
VBA32 3.12.10.7 2009.07.08 AdWare.Win32.Dm.wf
ViRobot 2009.7.7.1822 2009.07.08 Adware.Dm.368128.M
VirusBuster 4.6.5.0 2009.07.07 Adware.Dm.NO

Hi Polonus, your the person I want to speak because you know alot about risktools, and I have some question about it.

So if I installed the risktools file myself like the one above are they classified as safe.

Can I delete those risktools files in the C:\windows\system32\tools folder as with Elitegroup they have some risktool file named as malware in spyware and antivirus scanners, I just want to know if I can sometime in the future can delete those files in that folder as the result show above that alot of recent virus software are classifying hide.exe as adware. And if I do delete those riskrools files would my any chance my windows could become unstable or corrupted.

So thanks for your help guys

The problem with tools is that they can be used for good or evil and an AV has no way to determine the intent and that is why some are called or classed as risktools [Tool] or PUP Potentially Unwanted Program.

When you install a tool for a specific purpose then it isn’t a problem. However you didn’t specifically install this but it came with other general tools/drivers. Deletion isn’t an option I recommend very often and in this case I would suggest exclusion of the file in the avast Program Settings, Exclusions (right click the avast ’ a ’ icon) and enter the full path and file name C:\windows\system32\tools\hide.exe.

This would exclude it from on-demand scans, but if it were being used avast’s standard shield would alert, this is the safest option as you don’t really want anything running this other than you.

I don’t even have a c:\windows\system32\tools folder (win XP Pro), so that would have been created at the same time, so in theory you could remove that ‘if’ there is nothing actually using these tools and to see if that is the case you need to run another tool ;D

Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis and post the contents of the HJT log file here. - HJT Information HiJackThis Tutorial.

Download and run HJT and post the contents of the log file (cut and paste or attach the log file) into this topic, you may need to split it over two or more posts depending on how large it is.

Hi DavidR,

The past couple of days I had been thinking and searching on this file and it’s when I scan my Motherboard CD I had found Hide.exe file in there so I must of install the default setting on that CD which includes full installation like Inf installation utility files, sound and graphic drivers into my computer, and that is how i got that hide.exe into my computer.

I did further research that only PC’s that have Elitegroup motherboard have this windows\system32\tools folder in there as i called my friend and he has the same brand motherboard and he has exactly the same folder and files in that folder but he does not have that hide.exe file which I had though it was suspicious at the time.

So DavidR if i extract that windows\system32\tools folder on the on demand scan, would the resident shield still pick it up or will the on demand scanner pick up other file like system volume files during the scan.

Thanks

The resident on-access scanner as its name implies monitors files as they are accessed, so if a program or command tried to run hide.exe avast would alert. The on-demand scanner scans files which could lie dormant for some considerable time if they aren’t in regular use, so it is this scan that is more likely to alert on the hide.exe file which is why I suggested the exclusion.

That is the lessor of two evils, if you did delete it and it was required it wouldn’t be available, I simply can’t take that decision for you as I know nothing of how your system is set-up, hence the suggestion to run HiJackThis, which would show what does run on your system.