Hey y'all, this is the first time I've seen anything come up from Webroot.
The files in question are in the Windows/System32/oobe/oem folder, titled as Set_Homepage.exe and SetLockScreen.exe.
Each of them is being read by Webroot as a win32.hacktool.fullbot. What is this and is it safe to simply delete the files there (rarely ever in system32 as I understand)?
Webroot has been unsuccessful in removing the files at all.
Any assistance would be appreciated.