To Customer Support To Customer Support
Solved

System32 issue

  • 11 July 2013
  • 5 replies
  • 40 views
B
Rank
Hi,
My brand newly installed Complete (at home) has repeatedly swept my VM Ware virtual environment on a Mac and I am getting the following threat:
 
SystemRootsystem32driversxcpip.sys
 
But I can't get rid of it so it keeps coming back. Has anyone got any idea what this means or what to do about it?
Thanks.
BictonShacks.
icon

Best answer by Rakanisheu Retired 11 July 2013, 14:07

View original

5 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello BictonShacks and Welcome to the Webroot Community Forums. ;)
 
Can you right click on the WSA Tray Icon and Save a Scan Log and post the line in the log that shows that file name?
 
Example: [g] c:windowssysnativeqdvd.dll [MD5: 973131EB99BE1E19DAC502CB724E72A5] [Flags: 40010000.195]
 
Thanks,
 
TH
B
Rank
Hi TH,
Thanks for getting back to me. But I am a novice in these things and am not quite sure what you mean by Tray Icon - when I right click on the desktop icon there doesn't seem to be any option to save a log file.
Matt.
Rakanisheu Retired
Userlevel 7
Is the VM based on a clean image? The detection below sounds like a rootkit detection from your description. That particular file is a favourite of one particular rootkit. However I will need more information. The tray icon is the one that is down by your clock on the bottom right hand side of your taskbar. There should be a little green W icon although in your case it may be gray with a red mark on it (indicating an infection)

SystemRootsystem32driversxcpip.sys
B
Rank
Thanks members for the responses - the problem has been fixed through the very efficient service of the Support tech. I appreciate the interest in my problem though.
Rakanisheu Retired
Userlevel 7
I see the support ticket now and I was corect in my guess of what it was!

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.