Riskware.ProcessReStart ( restart.exe) ?

Is anyone else getting a trojan alert for restart.exe found in C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program ?

TDS reported that it was a positive identification ( Riskware.ProcessReStart ).

It appears to be something to do with my logitech webcam.

A false positive?

 

Hi there!
Can you please zip and submit a copy to submit@diamondcs.com.au for expert advice? It might be you're right.
Do you have the file installed longer time and if you look in it's properties, was it modified recently?

 

I already did zip it off to submit@diamondcs.com.au .

The file was created on 4 July 2004 and was last modified on the same date.

I did online scans at http://virusscan.jotti.org/ , it came up clean for all of that.

Any idea what Riskware.ProcessReStart is supposed to do?

 

Generally spoken riskware is a process capable of doing bad actions, like in this cace restarting a process all by itself.
By the looks of your description it is the original file, i suppose in former scans you didn't get the alert so it might be a generic detection of possible dangerous code in general. This is why we like to see the exact alert message. Now you've submitted the file we can only wait for DCS's analysing.

 

Might need to remove detection then.. hmm. Thanks for the info, this was found with some adware and can be used maliciously to restart a program when killed

 

Restart program only?

My friend has her *PC* rebooted when using the Logitech camera - she has restart.exe in exact same path as this post.

Also looking at AVG 's Vault, a "restart.exe" was quarantined, but in a different path.

I'll try & find out what's up + the path tonight, but I assume they be unrelated?

Just seems weird that her pc restarts ONLY when using camera with Messenger!! + restart.exe in Logitch folder. Hey, why don't I double click it & find out!

 

You can send a copy to us at submit(at)diamondcs.com.au

There are a few REBOOT "trojans" going around, but this one was not one of those. It was just a program loader and seemed to being used by a malware. Its one of those "not too sure" issues that goes along with detecting more than just outright trojans. Adware and Spyware have some strange little programs and sometimes it might be best to detect those too. I'll re-review this one anyway, possibly not detect it since a few are getting hits on legit versions of the program