Is this malware/rootkit?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Hum, Jan 5, 2009.

  1. Hum

    Hum Private E-2

    Hi. I got Sophos anti-rootkit about a month ago and every time it runs it finds the same hidden file:
    \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008102820081029

    Sophos said that this is a suspicious looking file, and asked me to run their anti-virus, which did not find it. Sophos anti-virus is "disabled" for some reason, and so far no-one there has been able to tell me how to enable it. So I don't know what it is actually scanning when I do a right-click scan. Can an anti-virus programme find a rootkit?

    I searched for this file through regedit, and it is not listed.
    I'm trying to figure out the Read and Run First steps one by one.

    Q. Does anyone recognise this? Is this actually a rootkit?


    Thank-you.
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just do that and attach the requested logs:
    SAS
    MBAM
    Combo
    C:\MGTools.exe ---> C:\MGLogs.zip.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds