Radix rootkit scan result

Discussion in 'malware problems & news' started by crykid, Mar 31, 2012.

Thread Status:
Not open for further replies.
  1. crykid

    crykid Registered Member

    Joined:
    Mar 31, 2012
    Posts:
    6
    Radix rootkit found this

    C:\WINDOWS\system32\services.exe:ADVAPI32.dll: services.exe:CreateProcessAsUserW --[HOOKED]--

    Could this be malicious, or is it normal for ADVAPI32 to be hooked by legitimate programs?

    Thank you.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,506
    Location:
    localhost
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,394
    You could upload the file to VirusTotal.
     
  4. crykid

    crykid Registered Member

    Joined:
    Mar 31, 2012
    Posts:
    6
    It is, but does it mean that im protected. Because it doesnt matter if the file is valid, that valid file is being hooked by something that could be malicious, right? Im not a security expert so you could explain that for me.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,506
    Location:
    localhost
    That hooking is normal... the DLL is overseeing the shutdown/restart of the system (or abort), start/stop/create a windows service, manage user accounts.

    Not yet convinced? Upload to virustotal... not yet convinced? Then contact Radix support, they will explain you the false positive.
     
Thread Status:
Not open for further replies.