View Full Version : CounterSpy detects boot.exe as SnowDoor
February 19th, 2007, 11:28 AM
I just recently installed CounterSpy 2.1.917. After running a scan, it detected C:/Windows/System32/boot.exe as a SnowDoor Trojan. While looking at the file it seems to be a Microsoft integrity file. I'm not sure if I should remove it, or if an infection really exists.
Any help would be deeply appreciated.
February 19th, 2007, 11:30 AM
I recently went to VirusTotal to check the file, and it came up with no viruses/and or trojans.
Perhaps a problem with counter spy?
February 19th, 2007, 11:55 AM
I don't know if you have a problem or not but I can confirm that I do not have that file in that folder.
follow up check here
February 19th, 2007, 12:57 PM
I checked two of my PC's and can confirm there was no boot.exe on either of them.
February 19th, 2007, 01:04 PM
Would you please zip up the file inquestion and email it to me at:
I'll take a,look at it and let you know what I find.
Eric L. Howes
February 19th, 2007, 04:21 PM
I received the copy of the file. This boot.exe file is actually a renamed version of ntoskrnl.exe, a legitimate Micrsosoft file. I'm not sure why you would have such a copy of this file stored as BOOT.EXE -- perhaps some backup & recovery program created it?
In any case, the file is harmless. We will be making some changes in our defs to prevent it from being detected again.
Eric L. Howes
February 21st, 2007, 07:34 PM
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums