What is this malware - intrusion tool Tool.ShutDown.11 & 14

Viruses and worms
1

Hi forum friends also known as SPR/Tool.Hardoff.A and supposed to be here:
http://www.virustotal.com/url-scan/report.html?id=bff911cd064f53aca7f8d77502085638-1321127509
Flagged here by Comodo & Emisift: http://vscan.urlvoid.com/analysis/31be79d660fc1da409f1c48a46cbd57b/cmVzdGFydC1leGU=/
What is this malware? As avast does not flag it yet.
Here file is given clean: http://www.garyshood.com/virus/results.php?r=31be79d660fc1da409f1c48a46cbd57b
Could it be a let file?
MD5 of RESTART.EXE = 31BE79D660FC1DA409F1C48A46CBD57B
RESTART.EXE size is 16384 bytes.
Full path on a computer: %SYSTEM%\SMITFRAUDFIX\RESTART.EXE
Given as low risk here: http://www.computer-support.nl/Systeemtaken/taakinfo/60574/restart.exe/
But wepawet gives suspicious: http://wepawet.iseclab.org/view.php?hash=bff911cd064f53aca7f8d77502085638&t=1321132068&type=js
http://anubis.iseclab.org/?action=result&task_id=155c1efaad08f0804f1e99786de81880c
Threat info: medium risk level
Detected Items
Detected Files:

Detected Files with variable Filenames:

MD5: 31BE79D660FC1DA409F1C48A46CBD57B Size: 16384
%DESKTOP%\SmitfraudFix\restart.exe
%DESKTOP%\antivirus\SmitFraudFix v2.250\SmitfraudFix\restart.exe
%PROGRAMFILES%\Super Fast Shutdown\restart.exe
f:\Install\Security\SmitfraudFix\restart.exe
%SystemDiskRoot%\Documents and Settings\Administrador\Desktop\SmitfraudFix\restart.exe
D:\SYSTEM\Super Fast Shutdown\restart.exe
g:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
j:\Sandisk December 08 Backup\Files\Software\SmitfraudFix\restart.exe
%DESKTOP%\downloads\spyware\SmitfraudFix\restart.exe
%SystemDiskRoot%\SmitfraudFix\restart.exe
h:\kenneths back up\Program Files1\antivirus progs1\SmitfraudFix\SmitfraudFix\restart.exe
and next 909 variations.
MD5: D5447BAC40DFF1A017A8C758273A814F Size: 45056
%WINDIR%(Ctrl+Alt+Home).exe
%PROGRAMFILES%?.exe
MD5: C9C9BB65BF1980D0AEBF7944EE0D8B3A Size: 45568
%SystemDiskRoot%\Ghost\resource\QuickReboot.exe
%WINDIR%(Ctrl+Alt+Home).exe
%PROGRAMFILES%\Alwil Software\Avast4\DATA\moved(Ctrl+Alt+Home).exe.vir
%SystemDiskRoot%\System Volume Information_restore{5828498B-E212-48E2-B40C-3D66645342F0}\RP3\A0000221.exe
Detecting items list:
Files by MD5

MD5: D5447BAC40DFF1A017A8C758273A814F  Size: 45056
MD5: B6C971B3CA6A863CDD7DC0A0D95AAD9A  Size: 5283840
MD5: C9C9BB65BF1980D0AEBF7944EE0D8B3A  Size: 45568
MD5: 31BE79D660FC1DA409F1C48A46CBD57B  Size: 16384

polonus

2

Hi folks,

This find was not reassuring at all: http://amada.abuse.ch/?search=www.vanderwerk.com
See: http://www.virustotal.com/file-scan/report.html?id=fed3ccee3bd8ce3a71c10f408fb86a59fc10ea6e70bfc68d4f79bf587c5310c5-1289581583
So a hacktool after all?
Yep, malware and reported to virus AT avast dot com

polonus

3

SmitfraudFix a malware removal programme - this comes under the heading either/or it can be used for both good and bad purposes

4

Hi essexboy,

Thanks for clearing that one up, so I hope the good versions will be excluded, and users will discriminate between the good and the bad. So it is a risktool only if you did not install it yourself or haven’t got it from a qualified malware remover like essexoy himself,

polonus