restart.exe from Windows/system32/tools FP?? (FIXED)

razor74 · March 2, 2009, 8:43pm

C:\Windows\System32\Tools\Restart.exe Unclassified Malware[at]8319259

http://www.virustotal.com/analisis/f0f96e40b0da9e39e7f0dfdb55f2e90e

Automated Analysis System

File Info

* Size: 408576
* MD5: 3a33a940be4e0dbff5b431a40e96bcfd
* SHA1: 6d4db92719c4aff404c360058b531f412acb7774
* SHA256: efa2504692a7a180e4022e101f42cfcd40d32df8b04db4a4e7aa04b3f76476ec
* URL: /cgi-bin/submit?file=efa2504692a7a180e4022e101f42cfcd40d32df8b04db4a4e7aa04b3f76476ec

Windows/system32/tools/restart.exe seems to be a valid aplication. I think in “the first place” all valid files from Windows XP /Vista must be verified from FP detections an excluded from any future fp. It’s about OPERATING SYSTEM. So, i think you must begins with “bases” fisrt…

anonymous · March 2, 2009, 8:53pm

I’m not too sure. I just checked my system32 folder and I have no such file ???

Have you got any software that could be responsible for creating such a file?

razor74 · March 2, 2009, 9:01pm

It’s created on 12/8/2008, in the day whe i installed Vindows Vista Ultimate and till now i don’t encountered any problem… All files in that directory is from the same date of creation.

restart.exe

File description: Restart Conuter
Company: Elitgroup Computer Systems CO. LTD
File version: 3.0.0.0
Date created: 12/08/2008 11:27 PM
Size: 399KB

jebuchanan · March 2, 2009, 9:03pm

The Tools directory was created by some other application outside of Windows.
Not part of the Windows OS.

razor74 · March 2, 2009, 9:08pm

Yes, i see the entire folder is from the same company… Maybe because my motherboard is an ECS (ELITEGROUP) manufactured and some motherboard software from installation CD went into system32 folder…

[attachment deleted by admin]

Ramanan · March 4, 2009, 7:03am

Hi razor74,

Please check with our latest updates

Thanks,
Ramanan

razor74 · March 4, 2009, 8:35am

Yes, it’s OK now. Thanks.