spevit Posted January 15, 2014 Hi A customer on Microsoft Answers has dectected a Rootkit whlie scanning with AVG. Now I wasn't sure if it was a real thread, so I recommended a scan with the free version of SuperAntiSpyware. The final results of SAS didn't found a thread. The customer started a second scan with AVG, but there was nothing to be found in the scan results. The directory of the file is: "C:\Windows\System32\MpEngineStore\MpKsl65649bbb.sys". At least, it is not a Windows default driver/file. Any suggestion of this driver is save? There is no information stored on the internet about this. Share this post Link to post Share on other sites
GuiltySpark Posted January 15, 2014 Hi spevit, I would say its likely a FP as the only time I've seen anything like that was when running MSE (Microsoft Security Essentials) have the person check to see if they are running or have run any other AV program as remnants may still be there. DDS is a good program to see what's running behind the scenes Share this post Link to post Share on other sites
spevit Posted January 15, 2014 Hi GuiltySpark, Thanks for your fast reply. I'll forward the details to the customer. I will let you know the results. Thanks again. Share this post Link to post Share on other sites