Skip to main content
To Customer Support To Customer Support
Hi,

My brand newly installed Complete (at home) has repeatedly swept my VM Ware virtual environment on a Mac and I am getting the following threat:

 

SystemRootsystem32driversxcpip.sys

 

But I can't get rid of it so it keeps coming back. Has anyone got any idea what this means or what to do about it?

Thanks.

BictonShacks.
Hello BictonShacks and Welcome to the Webroot Community Forums. ;)

 

Can you right click on the WSA Tray Icon and Save a Scan Log and post the line in the log that shows that file name?

 

Example: [g] c:windowssysnativeqdvd.dll [MD5: 973131EB99BE1E19DAC502CB724E72A5] [Flags: 40010000.195]

 

Thanks,

 

TH
Hi TH,

Thanks for getting back to me. But I am a novice in these things and am not quite sure what you mean by Tray Icon - when I right click on the desktop icon there doesn't seem to be any option to save a log file.

Matt.
Is the VM based on a clean image? The detection below sounds like a rootkit detection from your description. That particular file is a favourite of one particular rootkit. However I will need more information. The tray icon is the one that is down by your clock on the bottom right hand side of your taskbar. There should be a little green W icon although in your case it may be gray with a red mark on it (indicating an infection)



SystemRootsystem32driversxcpip.sys
Thanks members for the responses - the problem has been fixed through the very efficient service of the Support tech. I appreciate the interest in my problem though.
I see the support ticket now and I was corect in my guess of what it was!

Reply


Terms & Conditions