This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unknown files rootkit scan

maxine over 15 years ago

I have an unknown files:

c:\Windows\system32\dllcache\mshtml.dll

Should I fix it?

This thread was automatically locked due to age.

0 STONEMAN over 15 years ago

I DID ALSO, HAVE 81 UNKNOWN HIDDEN FILEs. A TECH' WROTE 2 me & SUGGESTED THAT I CLOSE ALL PROGRAMs & RUN THAT ROOTKT PROGRAM.
I DID soooo, & HAVE ONLY 40 UNKNOWN HIDDEN FILEs. HERE is 2 EXAMPLEs:
1.) Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZU661VI\B5kAAZrK%2FB%3DsHkiS2KJiRw-%2FJ%3D1274677145147116%2FK%3DFdkw93u5VCdS2zdGzanHaA%2FA%3D5761137%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc1136.mail.yahoo.com%2Fmc%2Fmd[1].htm
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
2.) Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\68RLSYVN\2526i%25253D140464%252526ycg%25253Dm%252526yyob%25253D1953%252526zip%25253D89110%252526_salt%25253D3994578713%252526B%25253D10%252526u%25253Dhttp%2525253A%252[1]
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
:3483
Cancel
Vote Up 0 Vote Down

Cancel
0 OD over 15 years ago

Hi,
The anti-rootkit will pick up some odd files, the general rule is if you know its malicious remove it, if not, submit the %temp%\samples.sar to Sophos Labs and we will tell you if it is malicious.
https://secure.sophos.com/support/samples
The temp internet files detections are generally nothing.
Also yes, closing all apps and not doing anything when the scan is running is a good idea :)
OD
:3487
Cancel
Vote Up 0 Vote Down

Cancel