Do you know this file ??

Hi,

This afternoon, EAM detected 1D8B60D2.exe located on Windows\System32

Do you tell me if this file is belong to vba32 antirootkit or to Nprotect mbr guard or to RKUnhookerLE ? Or is it a real malware ?

These are latest files I downloaded on my laptop.

I make a search on google and I found nothing. I also make a search on my HDD and I can't see on System32 folder.

Thanks in advance !

 

It's ostensibly a randomly named file, so you'll be unlikely to find anything by the filename. It's probably put there by one of the tools you've used.

Send to virustotal. Post an MD5 Hash of the file.

Right click on the file and click properties, and see if there is any vendor information. Check the file creation date, and see if it matches any activity you've undertaken. Use sysinternals autoruns and see if there's anything else there; verify signatures.

 

RJK3,

To see more on 'Properties', as it's hidden file from Explorer. I need to enable this service, don't you ?

 

Use Sysinternals Autoruns with verify signatures.

Look in the 'services tab' and find this service. It is likely that the file is missing but the service still registered - if so, you can just delete the service. That would explain why there is no description when you viewed it under 'services.msc'.

If the file is not missing, then look under 'Image Path' for its location in the file system. I fully expect that it is just from one of the tools you have used.