Radix rootkit scan result

Discussion in 'malware problems & news' started by crykid, Mar 31, 2012.

Thread Status:
Not open for further replies.
  1. crykid
    Offline

    crykid Registered Member

    Radix rootkit found this

    C:\WINDOWS\system32\services.exe:ADVAPI32.dll: services.exe:CreateProcessAsUserW --[HOOKED]--

    Could this be malicious, or is it normal for ADVAPI32 to be hooked by legitimate programs?

    Thank you.
  2. fax
    Offline

    fax Registered Member

  3. TheKid7
    Offline

    TheKid7 Registered Member

    You could upload the file to VirusTotal.
  4. crykid
    Offline

    crykid Registered Member

    It is, but does it mean that im protected. Because it doesnt matter if the file is valid, that valid file is being hooked by something that could be malicious, right? Im not a security expert so you could explain that for me.
  5. fax
    Offline

    fax Registered Member

    That hooking is normal... the DLL is overseeing the shutdown/restart of the system (or abort), start/stop/create a windows service, manage user accounts.

    Not yet convinced? Upload to virustotal... not yet convinced? Then contact Radix support, they will explain you the false positive.
Thread Status:
Not open for further replies.