|
|
#1
March 31st, 2012, 09:07 PM
|
|||
|
|||
Radix rootkit scan result
Radix rootkit found this
C:\WINDOWS\system32\services.exe:ADVAPI32.dll: services.exe:CreateProcessAsUserW --[HOOKED]-- Could this be malicious, or is it normal for ADVAPI32 to be hooked by legitimate programs? Thank you. |
|
#2
April 1st, 2012, 10:02 AM
|
||||
|
||||
|
Re: Radix rootkit scan result
Its legit and from MS and normal that hook at that level:
http://en.wikipedia.org/wiki/Windows_API Check that the file is MS digitally signed and not broken. Done... |
|
#3
April 1st, 2012, 10:17 AM
|
||||
|
||||
|
Re: Radix rootkit scan result
You could upload the file to VirusTotal.
__________________
NOD32, Sandboxie (Paid), AppGuard, Malwarebytes Anti-Malware, Emsisoft Emergency Kit, DrWeb Cureit, AVIRA Rescue CD, Image for Windows/Image for DOS/Image for Linux, Firefox (Adblock Plus, Subscriptions: EasyList+EasyPrivacy+Malware Domains), Norton DNS |
|
#4
April 1st, 2012, 11:12 AM
|
|||
|
|||
|
Re: Radix rootkit scan result
Quote:
It is, but does it mean that im protected. Because it doesnt matter if the file is valid, that valid file is being hooked by something that could be malicious, right? Im not a security expert so you could explain that for me. |
|
#5
April 1st, 2012, 02:22 PM
|
||||
|
||||
|
Re: Radix rootkit scan result
That hooking is normal... the DLL is overseeing the shutdown/restart of the system (or abort), start/stop/create a windows service, manage user accounts.
Not yet convinced? Upload to virustotal... not yet convinced? Then contact Radix support, they will explain you the false positive. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
