My comodo detected c:\windows\system32\drivers/hostnt.sys as UnclassifiedMalware@8322519. Does anyone know what this is? Have googled it but info is scarce. Thanks.
Could you please submit it here it may be a possible FP
Dennis
Submitted.
Hi dreamerman,
Can you check it’s digital signatures? (Right mouse click on the file, properties)
See who and if it’s signed?
Normally FP’s on these files are very rare…
And on what OS are you on? XP/Vista/Win7 32 or 64bit?
Ronny, there is only one “General” tab under properties so there are no additional info. I am using WinXP SP3 32bit.
Are you logged in as Administrator or as Limited User?
There should be more tabs, like General, Version, Security, Summary…
Can you also upload the file to www.virustotal.com and post the report link here?
You could also try to run a anti-rootkit scanner like GMER from www.gmer.net
See if it reports anything suspicious…
Logged in as admin. I can see other tabs in other files such as General, Version etc. OK I will upload to virustotal now.
Here is the report from virustotal re hostnt.sys
[attachment deleted by admin]
Big chance it’s a False Positive, but if you uploaded it the 2nd it should have been fixed by now…
Can you use this tool and post the results here?
sigcheck c:\windows\system32\drivers\hostnt.sys
It tries to read the signature and other properties from the file…