Webhost Rootkit Infestation?

Are webhosts installing rootkits?

I was doing some research recently on which webhost I want to host my website. After I was finished for the day I ran a Webroot Spysweeper scan. It picked up 4 potential system monitor/rootkit files that I had obtained from the following sites:

alwayswebhosting_com -- premium quality, super fast, and super friendly cpanel hosting! v102.mht (ID = 0)

site5 web hosting - affordable ecommerce, email, business, domain and web hosting plan comparisons.mht (ID = 0)

ion hosting - affordable web hosting, front page, cpanel, plesk, reseller, ecommerce2.htm (ID = 0)

cpanel web hosting - cpanel reseller hosting - linux web hosting - fantastico - rvskin - unlimited domains.mht (ID = 0)

(This is how they appeared in my Spysweeper session log.)

When I tried to quarantine the files, it said they were in use and couldn’t be removed without a reboot. The reboot successfully removed them.

I wonder if anybody can duplicate these findings. If you’re curious, I’m running Windows XP, Internet Explorer with active scripting enabled. Visit these sites and save a few pages as Web archive single file (*.mht). Then later click on these files and open them up. Close them and then run a Webroot Spysweeper scan. (P.S. I wasn’t connected to the internet when I ran the scan.) Thanks!

 

I tried a few with IE, and NO ActiveX/Scripting/Java/Iframes etc as usual. Nothing at all happened to me, so i guess whatever it was is due to you having Scripting enabled, which along with the others i mentioned, isn't always wise on untrusted sites !


StevieO