Sophos Anti-Rootkit creates a temporary executable in Local Settings\Temp?

Discussion in 'malware problems & news' started by SophiaXP, Nov 11, 2010.

Thread Status:
Not open for further replies.
  1. SophiaXP

    SophiaXP Registered Member

    Joined:
    Nov 11, 2010
    Posts:
    1
    For example Local Settings\Temp\sssahoi.exe will be created and launched but dies when you quit the sophos scanner. The next time the file name will be another random name like avassv.exe.

    Is this normal? I downloaded it and it was scanned clean at http://virusscan.jotti.org/.

    Anyone knows if this is normal or not?
     
    SophiaXP, Nov 11, 2010
    #1
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Normal. Its does this so not to be noticed by malware and rootkits.
     
    Meriadoc, Nov 11, 2010
    #2
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Some malware can block any named.exe from running by adding an entry to the imagefile execution options via the registry.

    By running as a random named exe each time then the above has less or no chance to stop the exe.
     
    Franklin, Nov 11, 2010
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...