I think I found a malicious file. When I run it, this is what it does: A lcass.exe file is created in C:\WINDOWS\system32\ Creates a lcass.exe startup entry which can only be seen in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run It cannot be seen in msconfig>startup I am on XP Pro SP2 and NOD32 2.7 doesn't detect it. Spybot S&D reports it as "SCKeylogger". I have a link to the file if anyone else wants to test it but I won't post it here. PM me. I would really appreciate it if someone could help me analyse this file. I'm worried it still left traces on my pc even when I manually deleted it and I want to absolutely make sure it has left nothing else behind, I don't want to have to reformat my pc again.