SILreboot.exe

My scan this morning identified C:\prog files\symantec\liveupdate\DISreboot.exe as malware.

I sent it up to VirusTotal and it said it had already been analysed. I looked in these forums and found it identified as a false positive here
http://forum.avast.com/index.php?topic=37237.0

I’ve sent it again to virus@avast.com, but find it strange that it has appeared again. Before I scanned, I received an error message to do with storage and the FAQs said I should change avast4.ini to Database=XML, which I did. I subsequently got the DISreboot.exe malware which I moved to chest. Could this have anything to do with it?

Hi Geoffo

This are the information regarding DISREBOOT.EXE

File Behaviour

DISREBOOT.EXE has been the subject of the following behavior:

* Created as a process on disk

Country Of Origin

The filename DISREBOOT.EXE was first seen on Mar 25 2008 in the following geographical region of the Prevx community:

<blockquote>* CANADA on Mar 25 2008</blockquote>

Filesizes

This file has been seen with the following file size:

* 36,864 bytes

File Type

The filename DISREBOOT.EXE refers to an executable program.

Referrer

http://www.prevx.com/filenames/3826982433775372429-0/DISREBOOT.EXE.html

I Suggest
Try Avast Pro first make sure it’s up to date then performed an all system scan afterward delete the files which is contaminated with the malware/trojan

Note:

If Avast Fails to remove the malicious software then try the ffl scanner to remove it

1st We have SuperAntiSpyware

link :

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

the malicos program is some kind of malware/trojan so SuperAntiSpyware is able to detect it and delete it

Guide:

Download SuperAntiSpyware Install to System Update to current Date Look for program setting and check full system scan If the malicious software is Detected then Delete it It will require System Restart to take effect

2nd We Have MalwareBytes’ Anti-Malware

Download link : http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Guide :

Use the same guide with SuperAntiSpyware
Malwarebytes Info
Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware. We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes' Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.

Reminder:

Use the ffl Program if Avast dint succeed on deleting the malwere/trojan.

Always make sure your Avast is Updated :3

Hope This Help :3 ;D

Not sure I understand your reply. Are you saying this is malware if DISreboot.exe is in the prevx.com directory? Because mine isn’t. I’ve run SUPERantispyware and it came up clean. I’ve moved it ot the chest. Presume it’s safe there. What now?

What Symantec programs do you still have installed on your system ?

If none then technically you don’t need the live update function, take care there are programs that you might not expect are owned by Symantec. I have winfax pro (on my old system) and that was bought out by Symantec and as such I too have live update.

Check the symantec\liveupdate folder there will be some files that indicate what applications are covered by the live update process (open with notepad). I you no longer have any of those installed you can uninstall the live update.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Thanks for replying David. Symantec products I use are Norton Utilities (Win98). It’s true I don’t ever use Live update so no problem with leaving it in the chest. Strange though, that it’s been on my PC for years and now it gets flagged up as malware.

I uploaded the file to VT and the results was that 7 out of 36 thought it was dodgy. They were

AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - Win32:Adware-gen
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - Win32:Adware-gen
Ikarus - - -
K7AntiVirus - - not-a-virus:AdWare.Win32.Alibabar.t
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - Malicious Software
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - Adware/Alibabar.t
TrendMicro - - -
VBA32 - - AdWare.Win32.Alibabar.t
ViRobot - - Adware.Alibabar.36864.A
VirusBuster - - -

I sent it to virus@avast. Had one update since and still flagged as malware. Do you think 7/36 is a FP?

It is possible as many report this as adware-gen (a generic signature detection) and suspicious (heuristic detection), which are more prone to false positive.

However, there are a few with specific signatures AdWare.Win32.Alibabar, so it certainly needs further analysis and sending it to avast is the correct way. Whilst avast are quick to correct any FP when identified, it has to be first analysed and this takes a little more than a few hours.

Most probably, like David said, a false positive.

I have NSW and w98 and do not have this file

But where are you looking for it as it isn’t in the NSW folder but the symantec/liveupdate folder.

how do i get help

ohiobowhunter81
start your own thread - is it related to SILreboot.exe BTW?

make a topical subject
let us know your os, firewall, any anti spyware/malware scans you have run,
any AVAST hits

what is your problem?

If you are an avast user rt click the ball and go to updates>program and update
then (if W2k, XP, 32bit vista) rt click the ball and schedule a boot time scan- reboot
move any hits to the Chest- do not delete/remove

then go to Malware Bytes and run their anti-spyware free scan and post the results
put a check mark next to all baddies and click REMOVE CHECKED- a backup will be made
post the logs

(working in the dark here)
we’ll go from there

Hi Again :3

That’s the Referrer site where i got the information regarding SILreboot.exe

http://i272.photobucket.com/albums/jj179/Saber6699/5.gif
( I Hope Your Problem would be Solve soon )

and BTW that part was only the explanation regarding the malicious software

Note:

After The file’s have been detected via any of those program try to delete it and restart your system after deletion some of the program will require a follow up Scan after deletion (Just to be Safe )