Hi,

The Rootkit Quick Scan found a evidence suggesting a possible rootkit infection, in the following location:

C:\WINDOWS\system32\termcap

When I Start a Deep Scan, nothing is found!!!

What should I do?

Windows XP SP3, ESS, MBAM, Spybot 2

Thank in advance for any information you can provide me

http://i1140.photobucket.com/albums/n561/CamCol1/SpyBot2/002SAND2_zps3386a651.jpg

http://i1140.photobucket.com/albums/n561/CamCol1/SpyBot2/003SAND2_zps95bec195.jpg

I get the same result on XP SP3 so I think it's normal. Upload the file to https://www.virustotal.com/ to verify. Still concerned? Download, update and scan with Malwarebytes Antirootkit. It's still in beta testing but very stable and functional.

I get the same result on XP SP3 so I think it's normal. Upload the file to https://www.virustotal.com/ to verify. Still concerned? Download, update and scan with Malwarebytes Antirootkit. It's still in beta testing but very stable and functional.

Thank you Lancer, the file termcap is clean, check it at virustotal and running Malwarebytes Antirootkit, but I don't think it's normal, we don't have to get the same result on XP SP3...

In my case, I paid for anual subscription and I am getting FP...

Spybot has to fix this issue ASAP!

BTW Thank you for reply and for provide me the Malwarebytes Antirootkit Link

Peace :bigthumb:

Hello,

It's not a false positive.
The quick scan also searches for hidden files in the system folder.
termcap is such a hidden file.

The deep scan searches for real abnormalities and did recognize that the file belongs there.

Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

Best regards
Sandra
Team Spybot

You're welcome, jedikeeper. Glad to help. :)

Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.


Mhh I read that somwhere else many times.

I've got the same Phenomen on my XPSP3

C:\WINDOWS\system32\termcap

Deep scan takes a hell of time, so I'm not going to do that as it giong to find nothing last time I did the deepscan.


Somewhere else I've found that:


Termcaps.exe file information

The file itself provides very little indication as to its creator.
However, here are some useful tips about termcaps.exe.

Description: The file termcaps.exe is located in the folder C:\Windows\System32.
The file size on Windows 7/XP is 14,640 bytes.

There is no description of the program.
File termcaps.exe is located in the Windows folder, but it is not a Windows core file. The program is not visible. Program starts when Windows starts

(see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).

Program listens for or sends data on open ports to a LAN or the Internet. The file is not a Windows core file.

termcaps.exe is able to hide itself and monitor applications.
Therefore the technical security rating is 100% dangerous, however also read the users reviews.

User Comments:
Spyware TheMatrixHasyou.exe

found on file.net/process/termcaps.exe.html


So at least the file size does not match to @jedikeeper's screenshot