I try to stay on top of the latest security issues and was reading a recent article regarding SONY BMG’s music CD’s that install a rootkit that is now being abused by Trojans. The article directed me to SysInternals for a utility to do a general search for a Rootkit on my computer. I am familiar with SysInternals and greatly respect the tools that they offer. So, I downloaded http://www.sysinternals.com/Utilities/RootkitRevealer.html and ran it. It found only one item: TrayIcon.wt.
I do not believe this is a rootkit, but I do believe it is a descrepancy. [:)]
- Can anyone explain these results? Is it just a WW temp file that was create and deleted during the scan?
- Is this file necessary for Weather Watcher?
- If not, how can it be removed?
PATH: C:\Program Files\Weather Watcher\TrayIcon.wt
TIMESTAMP: 11/18/2005 8:10 PM
SIZE: 3 bytes
DESCRIPTION: Visible in Windows API, but not in MFT or directory index
RootkitRevealer’s help says:
A file system scan consists of three components: the Windows API, the NTFS Master File Table (MFT), and the NTFS on-disk directory index structures. These discrepancies indicate that a file appears in only one or two of the scans. A common reason is that a file is either created or deleted during the scans.