Are webhosts installing rootkits? I was doing some research recently on which webhost I want to host my website. After I was finished for the day I ran a Webroot Spysweeper scan. It picked up 4 potential system monitor/rootkit files that I had obtained from the following sites: alwayswebhosting_com -- premium quality, super fast, and super friendly cpanel hosting! v102.mht (ID = 0) site5 web hosting - affordable ecommerce, email, business, domain and web hosting plan comparisons.mht (ID = 0) ion hosting - affordable web hosting, front page, cpanel, plesk, reseller, ecommerce2.htm (ID = 0) cpanel web hosting - cpanel reseller hosting - linux web hosting - fantastico - rvskin - unlimited domains.mht (ID = 0) (This is how they appeared in my Spysweeper session log.) When I tried to quarantine the files, it said they were in use and couldn’t be removed without a reboot. The reboot successfully removed them. I wonder if anybody can duplicate these findings. If you’re curious, I’m running Windows XP, Internet Explorer with active scripting enabled. Visit these sites and save a few pages as Web archive single file (*.mht). Then later click on these files and open them up. Close them and then run a Webroot Spysweeper scan. (P.S. I wasn’t connected to the internet when I ran the scan.) Thanks!