Reboot-AP is a Trojan that will install a batch script and modify the registry so that the infected computer will constantly shutdown. Upon subsequent reboots and login, the batch script will attempt to shutdown the system every time.

Note: users can abort the shutdown by issuing the command "shutdown -a " from the Run line.

Upon execution, the trojan creates a batch script in the %Sysdir% directory as servic.bat.

(Where %Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM)

For example: c:\windows\system32\service.bat

The following Registry key(s) is/are added to hook system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "run windows" = %Sysdir\servic.bat"

More information can be found at this McAfee page.