Hello.


I just recently installed CounterSpy 2.1.917. After running a scan, it detected C:/Windows/System32/boot.exe as a SnowDoor Trojan. While looking at the file it seems to be a Microsoft integrity file. I'm not sure if I should remove it, or if an infection really exists.

Any help would be deeply appreciated.

Thanks!!

I recently went to VirusTotal to check the file, and it came up with no viruses/and or trojans.


Perhaps a problem with counter spy?

I don't know if you have a problem or not but I can confirm that I do not have that file in that folder.

edit
follow up check here
http://www.auditmypc.com/process/boot.asp

I checked two of my PC's and can confirm there was no boot.exe on either of them.

fubag:

Would you please zip up the file inquestion and email it to me at:

ehowes(at)sunbelt-software.com

I'll take a,look at it and let you know what I find.

Eric L. Howes
Sunbelt Software

fubag:

I received the copy of the file. This boot.exe file is actually a renamed version of ntoskrnl.exe, a legitimate Micrsosoft file. I'm not sure why you would have such a copy of this file stored as BOOT.EXE -- perhaps some backup & recovery program created it?

In any case, the file is harmless. We will be making some changes in our defs to prevent it from being detected again.

Best,

Eric L. Howes
Sunbelt Software

thanks!!!