Reboot.exe [friend or foe? Trojan ??]

Reboot.exe

Can any one tell me what this programme does in XP. I did a Google Search on it and I am none the wiser I am afraid. It may be a Trojan but Norton AntiVirus does not detect it as one. Roger

 

Thanks for that. I downloaded the StartUP programme but the only reference to Reboot.exe that it showed was NWER Reboot under HKLM/Run. Is that the same as Reboot.exe. If so I will uncheck it. Roger

 

Sorry for delay in replying but I have been away.
I ran msconfig and under StartUp it just says

Startup Item Command Location
Reboot C: Documents & Set StartUp

A Google search of "Reboot" gives this as a DOS Programme under the first item of the search result. Roger

 

Hi Pete. I have spoken to a friend of mine who has Windows XP and he checked with his computer and could not find Reboot.exe. I therefore deleted it from my computer five minutes ago using HijackThis. From memory it was about 350. Roger

 

Hi Pete. I have just checked my internet connection and whilst the bytes received was static bytes sent were still increasing even though I was not doing anything. Do you think that is significant. Roger

 

I think I have found the culprit that was making my bytes sent increase. I have a programme called Doctor SpeedTouch and when I unchecked this from the startup menue it also stopped my bytes sent increasing.
I also do not seem to have suffered any problems after I got rid of Reboot.exe so hopefully all is now well.
I am still wondering why sychost.exe, lsass.exe and alg.exe appear every day in my Firewall Log as accessing the internet. They are Microsoft programmes but why do they need the internet?.
Roger

 

Hi Pete. It is definitely a v not a y. I would hope that Norton AntiVirus would have sorted out lsass if it had been a virus. My old computer was a Gateway product and I am still using the monitor and the old hard drive.
If these three programmes appear in the Firewall Log does that mean they were trying to access the internet but were refused as it just says that they were preparing to access the internet. Roger

 

I have just been to the Iamnotageek web site and downloaded a trial version of NoAdware which found 36 "dangerous" items all of which were something like:
WhenUSearch HKEY_CLASSES_ROOT\INTERFACE{ O.RegKey etc etc
To remove them I would have to pay a one off payment of $29.95!!!!.
None of my other spyware programmes has ever revealed anything like these before. Is it worth the money do you think. Roger

 

You definately don't want NoAdware! It's a rogue spyware remover.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Try Ewido http://www.ewido.net/en/download/

None of the processes you listed need internet access, but it doesn't surprise me they would ask (being MS). Has Norton allowed them?

 

Hi Pete. I already use all those programmes and I update them before I do my weekly scans. I also use another excellent programme called Spyware Doctor which sometimes finds things that the other 3 miss.
I will take on board all the recommendations mentioned in "How to Surf Safely" though. Thanks again. Roger

 

Hi This is it, I don't know. They are mentioned in the Firewall Log as "preparing to access the internet" but does that mean they were allowed or refused?.
Thanks for the advice re NoAdware I have uninstalled the trial version and I will take a look at the site you mentioned. Roger

 

I have now carried out all the recommendations of "How to surf the Internet more safely" and also downloaded the Ewido Security Suite.
Hopefully I should not get any more problems. Thanks Pete and Dave. Roger