NOT-A-VIRUS.Tool.Reboot info? and fraggle rock?

hi there,i have XP SP2 and would like to ask if i can i get some advice on a BACKDOOR TROJAN/VIRUS called Not-A-Virus.Tool.Reboot..... i cannot find any info on this? and also a virus/trojan called.......Fraggle.Rock.20 ,it was picked up on an A2 SCAN and a EWIDO SCAN.They were both cleaned so presumably all is ok?.

regards
smiler

 

This detection should come from using the Super Secure Database with a Kaspersky product. It is being picked up because it is a tool that has the ability to restart the computer with out the control of the OS. AOL is a common user of this tool used for updating their software that requires a reboot, several other programs also use a tool that will be flagged by this detection. It is detections such as these that Kaspersky recommends the Supersecure Defs only be used by Network Admins in a server environment, as they will have the resources and knowledge to check out any supicious files that get flagged by the extra detections. The standard defs or extended defs should be more than adequate for the average home user or even small businesses.

 

Thanks guys for your response,it seems i am not the only one who has had this detected on scan of our pcs,many forums sites have questions on this Not-A-Virus-Tool.Reboot.
It does exactly that what it says in that it re-boots your PCs desktop,making the desktop screen default to just the desktop picture with no program icons at all!- then all the program icons start to re-appear slowly booting up on the desktop scareen-perhaps moving some to a differrent position at the minimum!- and removes most (50%) in my case- of the taskbar programs lower right side of the desktop,this is what i could find out about this.

wmiprvse.exe process file



Compare it with



What is wmiprvse.exe? Is wmiprvse.exe spyware or a virus? Process name: Windows Management Instrumentation

Product: Windows

Company: Microsoft

File: wmiprvse.exe

Security Rating:

Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur.

In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!

Note: The wmiprvse.exe file is located in the c:\windows\System32 folder. In other cases, wmiprvse.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Virus with same name:
W32/Sonebot-B - sophos.com

User Opinions 303 user ask for this file. 9 user doesn't rated it ("don't know"). 20 user rated it as not dangerous. 1 user rated it as not so dangerous. 5 user rated it as neutral. 5 user rated it as little bit dangerous. 9 user rated it as dangerous.

All comments about wmiprvse.exe:
tarence W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE See also: Link
Alex Windows Management Instrumentation (services.msc) See also: Link
Joe When installed came up with sharing violations
lee it kept shuttin my computer down i found it and deleted it of my pc and startin to run fine without shuttin down occurin
Mike eat up all memory and caused win2k3 main services failed to run
win 2000 in winmgmt.exe use search feature text only then you will see the winmgt.exe if you have mor than one delete capital letter one.then open goto properties type in do not load then admin in pharentacies this should do the trick.
Cy Memory Eater that loads when using 3dmark programs
rob its an ok thing. these other guys who have problems iwth it are duchebags. and no, i can't spell
©bROTHER Loaded with ACDSee
Daniel Appeared after installing SMS 2003 client. Polls computer for hardware/software inventory.
spikes processor to %100 usage with 2003 server enterprise edition
Gary This file is attacked by Trojan.Gletta.A, it would eat all the memory on my win2k3 box and cause services to fail
Russ If found in windows\system32 then delete it and search for other viruses and Trojans, if its in windows\system32\wbem then check the version and that its a Microsoft file (check the properties) and this should be left where it is.
seanick WMI is very cool. but what is "wmiprvse.exe -Embedding"?
Dennis Started up with Windows XP home, then exited after a few minutes...tracked file...harmless MS exe
gaming I have this file located in C:\WINDOWS\system32\wbem folder, it is from WinXPsp2
Steph Well if it isn't dangerous its at least extremely annoying.
Pepsibot I found it in the system32\wbem folder. Apparently a search on wbem with google reveals that it is associated with Sun Microsystem's Java. Nothing to fear.
alex Keeps 'ecountering problems' and closing. Buggers some games.
knighTslayer This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty
Windows Management Instrumentation Private Server.
Wizard of Zo xp/w2k system executable. Used to run background tasks
Fu Kerr This appears to be launching a brand new files called tipyno.exe this file causes popups and maybe more, and until this site have been unable to find what causes them.
Tano It really is a windows process, but be wary, as it's possible to be used inside a network, to monitor your processes by a sysadmin.
dog This exe also appears to load when waupdt is running. (windows automatic update) It closes itself when the AU finishes checking the windows update database. See also: Link
Kaled Periodically grabs loads of cpu time and works the disk. It pauses when task manager is activated. It vanishes and reappears.
XP SP2 is taking forever to start up and this seems to be one of the problems
anonymous starts when runnning tasklist /svc in cmd prompt. located in ..\wbem
Reign Hi this file come from SP2 i see this from the install date.
mike located in ..\system32\wbem folder - new since sp2....
it alerts me when a change occurs in WXP operating system.
D. Legitimate part of windows
Your opinion:
What do you know
about this file:
Link for more details:
Your Name:


More process information Is wmiprvse.exe spyware or a virus, trojans, adware or worm? Is there a known wmiprvse.exe error?

* Google
* Discussion boards
* Search for spyware

Other Processes
alg.exe csrss.exe ctfmon.exe dllhost.exe explorer.exe internat.exe kernel32.dll lsass.exe mdm.exe msmsgs.exe mstask.exe regsvc.exe rundll32.exe services.exe smss.exe spoolsv.exe svchost.exe system winlogon.exe winmgmt.exe wisptis.exe wmiexe.exe wmiprvse.exe wscntfy.exe wuauclt.exe
[wmiprvse.exe in German] [all processes]


Regards

Smiler