exitwin.(a)(b) or what-ever

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Noticed a command reboot.exe in my startup section, but the computer
has never seem affected by it.  Submitted it to virustotal:
===========
AhnLab-V3    2007.3.31.0    04.01.2007    no virus found
AntiVir    7.3.1.47    04.01.2007    no virus found
Authentium    4.93.8    03.31.2007    no virus found
Avast    4.7.936.0    03.31.2007    no virus found
AVG    7.5.0.447    03.31.2007    no virus found
BitDefender    7.2    04.01.2007    Spyware.Exitwin.A
CAT-QuickHeal    9.00    03.31.2007    RiskWare.Tool.ExitWin.b (Not a Virus)
ClamAV    devel-20070312    04.01.2007    no virus found
DrWeb    4.33    04.01.2007    no virus found
eSafe    7.0.15.0    04.01.2007    Win32.ExitWin.a
eTrust-Vet    30.6.3527    03.31.2007    no virus found
Ewido    4.0    04.01.2007    no virus found
FileAdvisor    1    04.01.2007    no virus found
Fortinet    2.85.0.0    04.01.2007    HackerTool/Exitwin
F-Prot    4.3.1.45    03.30.2007    no virus found
F-Secure    6.70.13030.0    04.01.2007    no virus found
Ikarus    T3.1.1.3    04.01.2007    no virus found
Kaspersky    4.0.2.24    04.01.2007    no virus found
McAfee    4997    03.31.2007    potentially unwanted program Reboot-AA
Microsoft    1.2306    04.01.2007    no virus found
NOD32v2    2160    03.31.2007    Win32/RiskWare.ExitWin.B
Norman    5.80.02    03.31.2007    W32/ExitWin.AI
Panda    9.0.0.4    04.01.2007    HackTool/ExitWin.A
Prevx1    V2    04.01.2007    no virus found
Sophos    4.16.0    03.30.2007    no virus found
Sunbelt    2.2.907.0    03.31.2007    Win32.ExitWin.z
Symantec    10    04.01.2007    no virus found
TheHacker    6.1.6.083    03.30.2007    Aplicacion/Riskware.Tool.ExitWin.b
UNA    1.83    03.16.2007    no virus found
VBA32    3.11.3    04.01.2007    no virus found
VirusBuster    4.3.7:9    04.01.2007    no virus found
Webwasher-Gateway    6.0.1    04.01.2007    Riskware.ExitWin.A
============
I'm not sure to make of it - it looks like a program that could be
used as malware, but isn't malware (trojan)????

For now I just disabled it in my startup menu, is it reappears I'll
just rename it (if need be).


Re: exitwin.(a)(b) or what-ever


| Noticed a command reboot.exe in my startup section, but the computer
| has never seem affected by it.  Submitted it to virustotal:
| ===========
| AhnLab-V3 2007.3.31.0 04.01.2007 no virus found
| AntiVir 7.3.1.47 04.01.2007 no virus found
| Authentium 4.93.8 03.31.2007 no virus found
| Avast 4.7.936.0 03.31.2007 no virus found
| AVG 7.5.0.447 03.31.2007 no virus found
| BitDefender 7.2 04.01.2007 Spyware.Exitwin.A
| CAT-QuickHeal 9.00 03.31.2007 RiskWare.Tool.ExitWin.b (Not a Virus)
| ClamAV devel-20070312 04.01.2007 no virus found
| DrWeb 4.33 04.01.2007 no virus found
| eSafe 7.0.15.0 04.01.2007 Win32.ExitWin.a
| eTrust-Vet 30.6.3527 03.31.2007 no virus found
| Ewido 4.0 04.01.2007 no virus found
| FileAdvisor 1 04.01.2007 no virus found
| Fortinet 2.85.0.0 04.01.2007 HackerTool/Exitwin
| F-Prot 4.3.1.45 03.30.2007 no virus found
| F-Secure 6.70.13030.0 04.01.2007 no virus found
| Ikarus T3.1.1.3 04.01.2007 no virus found
| Kaspersky 4.0.2.24 04.01.2007 no virus found
| McAfee 4997 03.31.2007 potentially unwanted program Reboot-AA
| Microsoft 1.2306 04.01.2007 no virus found
| NOD32v2 2160 03.31.2007 Win32/RiskWare.ExitWin.B
| Norman 5.80.02 03.31.2007 W32/ExitWin.AI
| Panda 9.0.0.4 04.01.2007 HackTool/ExitWin.A
| Prevx1 V2 04.01.2007 no virus found
| Sophos 4.16.0 03.30.2007 no virus found
| Sunbelt 2.2.907.0 03.31.2007 Win32.ExitWin.z
| Symantec 10 04.01.2007 no virus found
| TheHacker 6.1.6.083 03.30.2007 Aplicacion/Riskware.Tool.ExitWin.b
| UNA 1.83 03.16.2007 no virus found
| VBA32 3.11.3 04.01.2007 no virus found
| VirusBuster 4.3.7:9 04.01.2007 no virus found
| Webwasher-Gateway 6.0.1 04.01.2007 Riskware.ExitWin.A
| ============
| I'm not sure to make of it - it looks like a program that could be
| used as malware, but isn't malware (trojan)????
|
| For now I just disabled it in my startup menu, is it reappears I'll
| just rename it (if need be).

It is as the name implies, it is a rebot utility.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: exitwin.(a)(b) or what-ever

Duh_OZ wrote:
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

it's greyware
(http://anti-virus-rants.blogspot.com/2006/12/what-is-greyware.html )...
if you didn't specifically download it or seek it out then you might
want to delete it..

from both the malware names given to it and the filename (usually not
very telling but the malware names seem to corroborate this), it seems
like all it does is reboot the computer (not sure why there's a tool for
that when shutdown -r does the same thing, but anyways)...

Quoted text here. Click to load it

well, it's not part of windows, if it's not something you intentionally
installed then probably it's not something you want to keep on your
drive...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: exitwin.(a)(b) or what-ever

kurt wismer wrote:

Quoted text here. Click to load it


"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning."

--
Jean-Luc Cavey
France




Re: exitwin.(a)(b) or what-ever

Why so many stars for so few four-leaf clovers? wrote:

Quoted text here. Click to load it

What is this "uni-verse" you speak of and where might one download a
copy?  I wish to produce bigger and better idiots myself, without the
hassle of calling tech support.


lol good quote, I'm going to have to remember that one.  =D


James    http://cronus.ath.cx

Site Timeline