9/8: Reboot-AP Trojan Installs Batch Script
Reboot-AP is a Trojan that will install a batch script and modify the registry so that the infected computer will constantly shutdown.
Note: users can abort the shutdown by issuing the command "shutdown -a " from the Run line.
Upon execution, the trojan creates a batch script in the %Sysdir% directory as servic.bat.
(Where %Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM)
For example: c:\windows\system32\service.bat
The following Registry key(s) is/are added to hook system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "run windows" = %Sysdir\servic.bat"
More information can be found at this McAfee page.