Tool.Win32.Reboot, anyone know this virus?

Since I used the extended database of Kaspersky, the following virus Tool.Win32.Reboot is flagged. Does anyone has any information on this virus?

I found this link, but it doesn't say if it's a trojan or not?
https://www.wilderssecurity.com/showthread.php?t=53562&highlight=Tool.Win32.Reboot

I run ewido, and nod32, but none have flagged the concerned file

Anyhelp, is appreciated

Thanks

 

Can you please send the file to Eset: samples@nod32.com and place a link to this thread. If you do not hear from Eset within 3 days (allows for weekends), please advise us...

You could also check out the flagged file here: http://virusscan.jotti.dhs.org/

Let us know how you go…

Cheers

 

I run the online file check, and only KAV reports that it's infected.
Also, I sent the sample to ESET.


Service load:
0% 100%
File: CCC.exe
Status:
INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.)
Packers detected:
None

AntiVir
No viruses found (0.14 seconds taken)

Avast
No viruses found (1.51 seconds taken)

BitDefender
No viruses found (0.34 seconds taken)

ClamAV
No viruses found (0.42 seconds taken)

Dr.Web
No viruses found (0.50 seconds taken)

F-Prot Antivirus
No viruses found (0.20 seconds taken)

Kaspersky Anti-Virus
not-a-virus:Tool.Win32.Reboot (1.29 seconds taken)

mks_vir
No viruses found (0.83 seconds taken)

NOD32
No viruses found (1.07 seconds taken)

Norman Virus Control
No viruses found (0.43 seconds taken)

 

Re: Tool.Win32.Reboot, anyone know this virus? Upated

OK here is the update:

I didn't get any reply from ESET, I've sent 2 emails.
However, I got a fast reply from Ewido, and this is what they say:

Thanks for the file, we will add soon this file, which is not really a
trojan and not harmful, to our database because a hacker can also use this
tool. It start a force reboot of windows without warning boxes.

With best regards,

Your ewido networks Support-Team

 

Re: Tool.Win32.Reboot, anyone know this virus? Upated

Thanks for reporting back J2

Cheers

 

I was running KAV via e-scan
found three instences
one in the Iomega zip cd copy
and two in win98 cab files in c:/win98 (mirror of cd)

regular KAV scan did not flag

must be heuristics??

wyrmrider

 

usually you need the extended bases ( updates_ext or _x ) to get detection of this with kav

 

No It's not heuristic. I got the alert when I used the supersecure database (update_x), instead of the normal one(update).

 

Ewido is correct it is a tool that allows rebooting of the OS, it comes from using the X-files defs of any Kaspersky product. See post #3 in this thread for alittle more info.

https://www.wilderssecurity.com/showthread.php?t=58140

 

Yes, I receive the same message since one of the programs I used called Savings Bond Wizard has this file in his zipped downloaded file. I think that KAV should "warn" about this file instead of flagging it, since it stops all processing. Currently, I Exclude this file from KAV's scan. Of course, if a real trojan is using this file, then my scan will not catch it. Sometimes, I wonder about the logic that software developers use when they make decisions. Do they really think these things through? All they need to do is report on it if it occurs since it is a valid program. Sort of the way TDS-3 warns about double suffixes.

Rich

 

The presence of the file on your system does not mean you were hacked as it is used in a number of legitimate programs, that is the reason I said what I said in post 3 of the other thread. Detections like this are the reason that Kaspersky only recommends using the super secure database for system engineers and network admins as they are much more likely to have the resources and knowledge to monitor the applications using such a vulnerability correctly. As you have admitted you solved the problem by excluding the file which then leaves your system vulnerable to being hacked and thus justifying Kaspersky's position. However the likelyhood of a hacker finding that file and leaving it in the directory where it is excluded and using it reboot your system to start a malicious process is still extremely small and that would also mean that whatever file/process was to be executed would then have to elude detection of your AV and firewall so your system is still quite safe as all the file would do is allow someone to reboot your system not infect it, however they intend to infect your system would still have to work as any other virus/trojan/worm would.