restart.exe from Windows/system32/tools FP?? (FIXED)

C:\Windows\System32\Tools\Restart.exe Unclassified Malware[at]8319259

Automated Analysis System

File Info

* Size: 408576
* MD5: 3a33a940be4e0dbff5b431a40e96bcfd
* SHA1: 6d4db92719c4aff404c360058b531f412acb7774
* SHA256: efa2504692a7a180e4022e101f42cfcd40d32df8b04db4a4e7aa04b3f76476ec
* URL: /cgi-bin/submit?file=efa2504692a7a180e4022e101f42cfcd40d32df8b04db4a4e7aa04b3f76476ec

Windows/system32/tools/restart.exe seems to be a valid aplication. I think in “the first place” all valid files from Windows XP /Vista must be verified from FP detections an excluded from any future fp. It’s about OPERATING SYSTEM. So, i think you must begins with “bases” fisrt…

I’m not too sure. I just checked my system32 folder and I have no such file ???

Have you got any software that could be responsible for creating such a file?

It’s created on 12/8/2008, in the day whe i installed Vindows Vista Ultimate and till now i don’t encountered any problem… All files in that directory is from the same date of creation.


File description: Restart Conuter
Company: Elitgroup Computer Systems CO. LTD
File version:
Date created: 12/08/2008 11:27 PM
Size: 399KB

The Tools directory was created by some other application outside of Windows.
Not part of the Windows OS.

Yes, i see the entire folder is from the same company… Maybe because my motherboard is an ECS (ELITEGROUP) manufactured and some motherboard software from installation CD went into system32 folder…

[attachment deleted by admin]

Hi razor74,

Please check with our latest updates


Yes, it’s OK now. Thanks.