Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 6512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MEMSWEEP2 - Is it really a trojan?

DrDOS

Hello.  I just installed the rootkit sniffer (sar_15_sfx.exe) and when I rebooted got a message that this file may be a problem.  When I looked it up I got this result http://www.greatis.com/appdata/d/m/memsweep2.sys.htm.

Is there really an issue or is this a ____ con test of some kind?

Vista 32-bit SP2 HB

Thanks!  :robotsurprised:

:16297


This thread was automatically locked due to age.
  • 0

    As long as you downloaded the main installer for the Sophos Anti-Rootkit from www.sophos.com or the checksum matches the version of the file we host...

    SHA1(sar_15_sfx.exe)= b507f958319a1793a724af28237af8a7503eb6f8

    ...then there won't be an issue with the file you ran to install the program.  The link your post goes to is for a file called 'memsweep2.sys' - this isn't a file issued by Sophos.  Our file is called 'memsweep.sys'.

    Also our file (memsweep.sys) is signed.  If you right-click on memsweep.sys | Properties | 'Version' tab and then select the 'Company' item from the list you'll see 'Sophos Plc'.

    Therefore you could potentially have a file called memsweep2.sys on your computer and it could be causing a problem, however it isn't our file.

    :16391
  • 0

    Thanks for confirming all is ok and how to check.  I'm glad it's not a contest with the EU in the middle.

    Take care.

    :16409