Riskware.ProcessReStart ( restart.exe) ?

Discussion in 'Trojan Defence Suite' started by timnicebutdim, Feb 13, 2005.

Thread Status:
Not open for further replies.
  1. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    Is anyone else getting a trojan alert for restart.exe found in C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program ?

    TDS reported that it was a positive identification ( Riskware.ProcessReStart ).

    It appears to be something to do with my logitech webcam.

    A false positive?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there!
    Can you please zip and submit a copy to submit@diamondcs.com.au for expert advice? It might be you're right.
    Do you have the file installed longer time and if you look in it's properties, was it modified recently?
     
  3. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I already did zip it off to submit@diamondcs.com.au .

    The file was created on 4 July 2004 and was last modified on the same date.

    I did online scans at http://virusscan.jotti.org/ , it came up clean for all of that.

    Any idea what Riskware.ProcessReStart is supposed to do?
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Generally spoken riskware is a process capable of doing bad actions, like in this cace restarting a process all by itself.
    By the looks of your description it is the original file, i suppose in former scans you didn't get the alert so it might be a generic detection of possible dangerous code in general. This is why we like to see the exact alert message. Now you've submitted the file we can only wait for DCS's analysing.
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Might need to remove detection then.. hmm. Thanks for the info, this was found with some adware and can be used maliciously to restart a program when killed
     
  6. BigBird

    BigBird Guest

    Restart program only?

    My friend has her *PC* rebooted when using the Logitech camera - she has restart.exe in exact same path as this post.

    Also looking at AVG 's Vault, a "restart.exe" was quarantined, but in a different path.

    I'll try & find out what's up + the path tonight, but I assume they be unrelated?

    Just seems weird that her pc restarts ONLY when using camera with Messenger!! + restart.exe in Logitch folder. Hey, why don't I double click it & find out!
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You can send a copy to us at submit(at)diamondcs.com.au

    There are a few REBOOT "trojans" going around, but this one was not one of those. It was just a program loader and seemed to being used by a malware. Its one of those "not too sure" issues that goes along with detecting more than just outright trojans. Adware and Spyware have some strange little programs and sometimes it might be best to detect those too. I'll re-review this one anyway, possibly not detect it since a few are getting hits on legit versions of the program
     
Thread Status:
Not open for further replies.