HackTool:Win32/KonBoot

Status
Not open for further replies.

ZeeOSix

$100 site donor 2022
Joined
Jul 22, 2010
Messages
40,064
Location
PNW
I did a Full Scan with Microsoft Security Essentials on my Windows 7 machine, and it detected "HackTool:Win32/KonBoot", From the detailed information SE gave, this detection was something inside the following file I downloaded a few years ago.

Ultimate Boot CD (UBCD) version 5.3.5.
Filename is: ubcd535.iso
Size: 598 MB (627,739,634 bytes)

I decided to remove it just to be safe ... probably won't need the Ultimate Boot CD anyway. Maybe this was part of the "hacking" ability of the Ultimate Boot CD as part of it's function to do certain things during its use ... I don't now for sure. I thought I ran a Full Scan when I first installed SE about 3 weeks ago, but it never found anything then, so maybe Microsoft has added this to their recent malware/virus definitions.

Link on Microsoft's website showing info, and the website has pretty new date (Oct 10, 2018).

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=HackTool%3aWin32%2fKonBoot&threatid=2147729700&enterprise=0

Anyway, just posted this in case others need to make a scan if they have this or similar Ultimate Boot CD .iso file. Maybe it's OK, but I wanted to be safe and had SE remove it.

Microsoft Security Essentials Scan (1-2-19)-3.JPG
 
They sometimes flag hacking tools for things like Windows Licenses as malware when they are not because they are trying to protect their software from piracy etc. I would scan it with Malware Bytes which is free for 30 days and if it says it's fine then I wouldn't worry about it.

I'm not condoning piracy I'm just trying to show you that Microsoft can be sneaky about how they go about protecting their software from hack tools for piracy reasons by using scare tactics.
 
Originally Posted by StevieC
They sometimes flag hacking tools for things like Windows Licenses as malware when they are not because they are trying to protect their software from piracy etc. I would scan it with Malware Bytes which is free for 30 days and if it says it's fine then I wouldn't worry about it.

I'm not condoning piracy I'm just trying to show you that Microsoft can be sneaky about how they go about protecting their software from hack tools for piracy reasons by using scare tactics.


I actually did a Full Scan with Malwarebytes today too (before scanning with SE), and nothing came up. So yeah, you're probably right in your assessment. No biggie, I burned that Ultimate Boot CD a few years ago on a DVD when I down loaded that .iso file, so no big loss. Plus I do have the .iso on an external HD. Since I already burned the DVD, and have the internet link to the Ultimate Boot CD files, guess I really don't need that old .iso file anymore.
 
That tool is included on the UBCD so that you can change the password on a Windows account you have been locked out of. Of course the obvious ramifications of a tool with that capability don't need to be mentioned. That's why it is flagged.
 
Originally Posted by OVERKILL
That tool is included on the UBCD so that you can change the password on a Windows account you have been locked out of. Of course the obvious ramifications of a tool with that capability don't need to be mentioned. That's why it is flagged.

Thanks for the confirmation.
thumbsup2.gif
 
So this was the path that Security Essentials reported.

"Boot Tools\Ultimate Boot CD Info\ubcd535.iso->ubcd\images\konboot.img.gz->(GZip)"

Looks to just been some kind of image file within the Ultimate Boot CD file ubcd535.iso ... ??
 
Yes, it uses a host of archives that are decompressed when you selection the tool you want to run, that's normal.
 
Status
Not open for further replies.
Back
Top