webglobe (at) gmail (dot) com [email concealed] wrote:
| Hi,
|
| tripwire is reporting to me that the SHA value & the Write time of
| file c:\WINNT\system32\refcache.ser changed.
|
| I can't find anything about this file. Googling for this return 0
| hit.
|
| Does someone know what this file is and who/how is it created & used.
Can't say I've heard of it in my travels. Maybe a program you have
recently installed/updated has created it.
Have you tried submitting it to VirusTotal? email it as an attachment
to: scan (at) virustotal (dot) com [email concealed] with a subject of: SCAN
...and you will receive a reply after it has been scanned with numerous
anti-virus products. I'm assuming you've anti-virus- and anti-spyware
scanned it.
Are the contents human-readable? Have you tried running it through
strings? You could enable auditing on the file and assuming your
machine's policy is to log success audits you could track it's use.
Maybe also renaming it and seeing if anything gets broken or if it is
recreated.
Hash: SHA1
webglobe (at) gmail (dot) com [email concealed] wrote:
| Hi,
|
| tripwire is reporting to me that the SHA value & the Write time of
| file c:\WINNT\system32\refcache.ser changed.
|
| I can't find anything about this file. Googling for this return 0
| hit.
|
| Does someone know what this file is and who/how is it created & used.
Can't say I've heard of it in my travels. Maybe a program you have
recently installed/updated has created it.
Have you tried submitting it to VirusTotal? email it as an attachment
to: scan (at) virustotal (dot) com [email concealed] with a subject of: SCAN
...and you will receive a reply after it has been scanned with numerous
anti-virus products. I'm assuming you've anti-virus- and anti-spyware
scanned it.
Are the contents human-readable? Have you tried running it through
strings? You could enable auditing on the file and assuming your
machine's policy is to log success audits you could track it's use.
Maybe also renaming it and seeing if anything gets broken or if it is
recreated.
HTH,
Adam Piggott,
Proprietor,
Proactive Services (Computing)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFCyrWt7uRVdtPsXDkRAnuIAJ4pydtNs4XgxKy5QdNUGl83vRUmrgCeMmod
W/OHVcFzT/B+Az4NmKPpWdA=
=0bBF
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]