Jump to content

ESS found threat in windows/system32/ROBOOT64.exe


Recommended Posts

  • ESET Insiders

Hi,

 

Did an admin privilidged scan of all drives and ESS found a possible threat in "windows/system32/ROBOOT64.exe"

 

 

C:\Windows\System32\roboot64.exe - een variant van Win64/Systweak.A potentieel ongewenste toepassing

 

Next I perfomed a sca on only the file and it got quarantinianed!

 

Could not find this file in the ESET KB. Anybody know what's up with this file? Googled and found that some say it's a windows systemfile, and alot of websites advertise to remove it, of course with their tools? Very confusing indeed!

 

Found this on: https://herdprotect.com/roboot64.exe-eb3043902391a8cbab7f799f35cf676002fc1c52.aspx

File name:
roboot64.exe

Publisher:
Systweak Inc., (www.systweak.com)  (signed by Systweak Inc)

Product:
Systweak Advanced System Optimizer

Description:
Advanced System Optimizer - Registry Optimizer

Version:
3.0.0.5326

MD5:
30448ccedd41000b5bafb66abdb2662b

SHA-1:
eb3043902391a8cbab7f799f35cf676002fc1c52

SHA-256:
f3bfbc80d634bde17fff07811138337cd0f8f0da36fbca5db0308cceafd91c88

Analysis
Scanner detections:
2 / 68

Status:
Inconclusive but possibly unwanted  (There is not enough data for a 100% detection)

Analysis date:
10/1/2014 8:56:01 PM UTC  (one month ago)

Scan engine
Detection
Engine version

ESET NOD32
Win64/Systweak.A potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Optional.Systweak.I
14.10.1.16

TIA for any directions to KB or answer here on the forum!

 

Cheers

 

 

NOTE FOR MOD: sorry in the wrong section, please move.

Edited by BDMSTUDIOS
Link to post
Share on other sites
  • Administrators

As stated above, it's a potentially unwanted application. If you think that benefits of using the PUA outweigh possible risks (e.g. paying for nothing which is often the case of registry "cleaners"), you can exclude the application from detection. Otherwise you should be able to uninstall it in a standard manner via the Control panel or the Start menu.

Link to post
Share on other sites
  • ESET Insiders

As stated above, it's a potentially unwanted application. If you think that benefits of using the PUA outweigh possible risks (e.g. paying for nothing which is often the case of registry "cleaners"), you can exclude the application from detection. Otherwise you should be able to uninstall it in a standard manner via the Control panel or the Start menu.

 

Thanks Marcos!

Indeed the file is linked/installed to/by CCleaner.

 

post-3436-0-43619500-1416774754_thumb.jpg

 

UNINSTALLED IT!!!

 

Kudos to you!

Edited by BDMSTUDIOS
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...