SmartSDR v3.8.20 and the SmartSDR v3.8.20 Release Notes
SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
Power Genius XL Utility v3.8.9 and the Power Genius XL Release Notes v3.8.9
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.
Tool.exe tried to run
Any ideas ?
Answers
-
A quick google came up with this tool.exe is a process which is registered as a Trojan. This Trojan allows attackers to access your computer from remote locations as well as steal passwords0
-
@John - not FRS software and something picked up elsewhere. Also something to get rid of.
http://bfy.tw/7CVL is a link to a list of possible help sources for you.
Recognize that the name "Tool.exe" used for the exe is an attempt to camouflage malware as if it was system software and has been used by several different malware packages.
73
Steve K9ZW
0 -
ok, yes I know about that one, but this managed to ask me if I had a flex 5000A as it apparently slef loaded, then the AV kicked in, that why I wondered if it was from Flex Radio. I see in in the sandbox
0 -
Ok am running scans now and will then use malware bytes as an after care. Actually, this file appears in the program dataflexradio systemsflex firmware folder0
-
@John - I think you might benefit from writing up the whole incident with details - what operating system, what was running and what you saw when it happened and perhaps dropping FRS a direct email with that info as well as posting it here. Include OS and all Software running including version numbers. Info on the hardware will help complete the picture. Since you have the file quarantined what is its size and file date? Were you online or now? Any other woes happening around the same time? All the scraps of information that would help someone remotely working to help you is useful.
You will avoid ending up with the frustration of partial responses based on what is partial information trickled out from the whole story over a series of posts in a forum situation like this.
It is pretty good indicator that something focused was running if the software had a dialogue with you, and that dialogue mentioned uncommon hardware.
Suggest considering saving the file in the Sandbox for now in case further examination is warranted.
73
Steve K9ZW
0 -
Ok will do.
0 -
When the FRS folk get your information they may be able to sped some light on if the PowerSDR structure included a "Tool.exe" executable that would autorun.
Info on that file will be useful to check if it is the "right" file if their package included that file name.
You could be seeing a false positive from your antivirus, so details on that likely will be helpful (include what malware pattern update number/date your antivirus has been updated to).
Oh, once you get it figured you can help others by writing up what the resolution ended up being. That is so helpful when a person's system gets the same troubles.
GL and 73
Steve K9ZW
0 -
Ok, This is what happened when the pop up window appeared. It was a white box asking if I was running the Flex 5000A with a yes no option and then the AV kicked in and said that the file was sandboxed. The file is found in the folder I mentioned and there are 2 of them. One is created 25/11/2013 @11:55 and its version 4.1.3.17357 and is 643kb in size. The other is created 23/06/2015 @ 10:40. The file size and ver is the same as the first.
I was running my f3000 when this pop up window appeared appeared. No other software was running and it was the T8 version from KE9NS
Pc is running win 10 64bit. Must go out now, but no other relevant info available.
0 -
This answer is very wrong. Tool.exe is a program used by PowerSDR to flash the firmware on FLEX-5000 and FLEX-3000 SDRs.2
-
And this answer is wrong too. See my answer above.2
-
Tool.exe is an executable used by PowerSDR to flash firmware to the FLEX-5000 and FLEX-3000. It is not malacious and your AV software has incorrectly identified it as malware. This was a false positive.2
-
People who write malware love to use the names of actual program files. So many real executable's get flagged as malicious when yes, they can be of a malicious if a file over-rights the real file that a program was using.
Troubleshooting systems infected with malware has gotten much easier, back in 2005 it was a nightmare. Now when I search for a file I look at the programs that have been installed and if there is another machine with the same software I check it as well.
I never assume a file is malicious until I can fully validate it.
0 -
Thank you Tim for unraveling the mystery question!
Does Tool.exe automatically run periodically?
@John you will need to "teach" your antivirus to leave the PowerSDR related Tool.Exe alone and restore the file(s) from the quarantine sandbox to their usual places. The manual for the AV software should explain how - otherwise consider asking that manufacturer and also let them know about the false positive.
Also @John, which AV and what re the versions/updates levels of the software that got too aggressive with your PowerSDR?
And again thank you to Tim for posting the correct information for everyone.
All best and 73
Steve
K9ZW0 -
Hi, I have already released it back to the folder and avast was run again with no detection after giving the file the all clear.
Its avast pro 2016.12.1.2272 version. Its the 1st time its popped up, so not sure why. Anyway, I try and run a tight case here as there is so much going on out there.
I wish av companies would take an aggressive attitude instead of defending all the time, perhaps things will change in time to come, because the amount of "good botnets could really take the fight to these spammers et al.
0 -
Steve,
Does Tool.exe automatically run periodically?
No. Only when it is called by PowerSDR to flash the firmware.
0
Leave a Comment
Categories
- All Categories
- 294 Community Topics
- 2.1K New Ideas
- 538 The Flea Market
- 7.6K Software
- 6K SmartSDR for Windows
- 139 SmartSDR for Maestro and M models
- 337 SmartSDR for Mac
- 251 SmartSDR for iOS
- 226 SmartSDR CAT
- 175 DAX
- 345 SmartSDR API
- 8.8K Radios and Accessories
- 7K FLEX-6000 Signature Series
- 46 FLEX-8000 Signature Series
- 860 Maestro
- 45 FlexControl
- 838 FLEX Series (Legacy) Radios
- 809 Genius Products
- 401 Power Genius XL Amplifier
- 280 Tuner Genius XL
- 89 Antenna Genius
- 246 Shack Infrastructure
- 168 Networking
- 377 Remote Operation (SmartLink)
- 119 Contesting
- 593 Peripherals & Station Integration
- 116 Amateur Radio Interests
- 880 Third-Party Software