CounterSpy detects boot.exe as SnowDoor

Discussion in 'other anti-malware software' started by fubag, Feb 19, 2007.

Thread Status:
Not open for further replies.
  1. fubag

    fubag Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    11
    Hello.


    I just recently installed CounterSpy 2.1.917. After running a scan, it detected C:/Windows/System32/boot.exe as a SnowDoor Trojan. While looking at the file it seems to be a Microsoft integrity file. I'm not sure if I should remove it, or if an infection really exists.

    Any help would be deeply appreciated.

    Thanks!!
     

    Attached Files:

  2. fubag

    fubag Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    11
    I recently went to VirusTotal to check the file, and it came up with no viruses/and or trojans.


    Perhaps a problem with counter spy?
     
  3. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England
  4. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I checked two of my PC's and can confirm there was no boot.exe on either of them.
     
  5. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    fubag:

    Would you please zip up the file inquestion and email it to me at:

    ehowes(at)sunbelt-software.com

    I'll take a,look at it and let you know what I find.

    Eric L. Howes
    Sunbelt Software
     
  6. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    fubag:

    I received the copy of the file. This boot.exe file is actually a renamed version of ntoskrnl.exe, a legitimate Micrsosoft file. I'm not sure why you would have such a copy of this file stored as BOOT.EXE -- perhaps some backup & recovery program created it?

    In any case, the file is harmless. We will be making some changes in our defs to prevent it from being detected again.

    Best,

    Eric L. Howes
    Sunbelt Software
     
  7. fubag

    fubag Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    11
    thanks!!!
     
Loading...
Thread Status:
Not open for further replies.