Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Tool.exe tried to run

John
John Member
A few minutes ago, this program tried to run, but was blocked by my antivirus software. The big question is whether this was an official FR instruction or what would have caused it to run and why ? I was using the f3000 when it occured.
Any ideas ?

Completed · Last Updated

Answers

  • WW1SS - Steve
    WW1SS - Steve Member ✭✭
    edited April 2020
    A quick google came up with this tool.exe is a process which is registered as a Trojan. This Trojan allows attackers to access your computer from remote locations as well as steal passwords
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited March 2017

    @John - not FRS software and something picked up elsewhere.  Also something to get rid of.

    http://bfy.tw/7CVL is a link to a list of possible help sources for you. 

    Recognize that the name "Tool.exe" used for the exe is an attempt to camouflage malware as if it was system software and has been used by several different malware packages.

    73

    Steve K9ZW

  • John
    John Member
    edited June 2018
    ok, yes I know about that one, but this managed to ask me if I had a flex 5000A as it apparently slef loaded, then the AV kicked in, that why I wondered if it was from Flex Radio. I see in in the sandbox
  • John
    John Member
    edited June 2018
    Ok am running scans now and will then use malware bytes  as an after care. Actually, this file appears in the program dataflexradio systemsflex firmware folder
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited November 2016

    @John - I think you might benefit from writing up the whole incident with details - what operating system, what was running and what you saw when it happened and perhaps dropping FRS a direct email with that info as well as posting it here. Include OS and all Software running including version numbers.  Info on the hardware will help complete the picture.  Since you have the file quarantined what is its size and file date?  Were you online or now?  Any other woes happening around the same time?  All the scraps of information that would help someone remotely working to help you is useful. 

    You will avoid ending up with the frustration of partial responses based on what is partial information trickled out from the whole story over a series of posts in a forum situation like this.

    It is pretty good indicator that something focused was running if the software had a dialogue with you, and that dialogue mentioned uncommon hardware.

    Suggest considering saving the file in the Sandbox for now in case further examination is warranted.

    73

    Steve K9ZW

  • John
    John Member
    edited December 2016
    Ok will do.
  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited November 2016

    When the FRS folk get your information they may be able to sped some light on if the PowerSDR structure included a "Tool.exe" executable that would autorun.

    Info on that file will be useful to check if it is the "right" file if their package included that file name.

    You could be seeing a false positive from your antivirus, so details on that likely will be helpful (include what malware pattern update number/date your antivirus has been updated to).

    Oh, once you get it figured you can help others by writing up what the resolution ended up being.  That is so helpful when a person's system gets the same troubles.

    GL and 73

    Steve K9ZW

  • John
    John Member
    edited June 2018
    Ok, This is what happened when the pop up window appeared. It was a white box asking if I was running the Flex 5000A with a yes no option and then the AV kicked in and said that the file was sandboxed. The file is found in the folder I mentioned and there are 2 of them. One is created 25/11/2013 @11:55 and its version 4.1.3.17357 and is 643kb in size. The other is created 23/06/2015 @ 10:40. The file size and ver is the same as the first.
    I was running my f3000 when this pop up window appeared appeared. No other software was running and it was the T8 version from KE9NS
    Pc is running win 10 64bit. Must go out now, but no other relevant info available.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited December 2016
    This answer is very wrong. Tool.exe is a program used by PowerSDR to flash the firmware on FLEX-5000 and FLEX-3000 SDRs.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited December 2016
    And this answer is wrong too. See my answer above.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited June 2018
    Tool.exe is an executable used by PowerSDR to flash firmware to the FLEX-5000 and FLEX-3000. It is not malacious and your AV software has incorrectly identified it as malware. This was a false positive.
  • KC9NRN
    KC9NRN Member
    edited October 2016

    People who write malware love to use the names of actual program files. So many real executable's get flagged as malicious when yes, they can be of a malicious if a file over-rights the real file that a program was using. 

    Troubleshooting systems infected with malware has gotten much easier, back in 2005 it was a nightmare. Now when I search for a file I look at the programs that have been installed and if there is another machine with the same software I check it as well.

    I never assume a file is malicious until I can fully validate it. 

  • Steve K9ZW
    Steve K9ZW Member ✭✭✭
    edited November 2016
    Thank you Tim for unraveling the mystery question!  


    Does Tool.exe automatically run periodically?  

    @John you will need to "teach" your antivirus to leave the PowerSDR related Tool.Exe alone and restore the file(s) from the quarantine sandbox to their usual places.  The manual for the AV software should explain how - otherwise consider asking that manufacturer and also let them know about the false positive.

    Also @John, which AV and what re the versions/updates levels of the software that got too aggressive with your PowerSDR?

    And again thank you to Tim for posting the correct information for everyone.

    All best and 73

    Steve
    K9ZW
  • John
    John Member
    edited December 2016
    Hi, I have already released it back to the folder and avast was run again with no detection after giving the file the all clear.
    Its avast pro 2016.12.1.2272 version. Its the 1st time its popped up, so not sure why. Anyway, I try and run a tight case here as there is so much going on out there.
    I wish av companies would take an aggressive attitude instead of defending all the time, perhaps things will change in time to come, because the amount of "good botnets could really take the fight to these spammers et al.
  • Tim - W4TME
    Tim - W4TME Administrator, FlexRadio Employee admin
    edited December 2016
    Steve,

    Does Tool.exe automatically run periodically?  

    No.  Only when it is called by PowerSDR to flash the firmware.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.