Posted 31 October 2009 - 05:42 PM
This is the directory name:
C:\Documents and Settings\User\Application Data\Microsoft\Crypto\RSA\S-1-5-21-(random numbers, SID from what I've read after this point)
The filename after the above folder is another series of random numbers and letters also separated with hyphens, and I've submitted it to virustotal and nothing shows up for a virus. Virustotal says it has been scanned before and says it is clean, but is there any way I can be even more sure?
All the Googling I've done has pointed to it being one. My scans show nothing, though. I've deleted the directory and locked it down with a program so that no changes can be made to it. The thing that makes me suspicious is that the file reappeared after I deleted both that folder and the files in it that were made a while ago when I mistakenly downloaded a virus.
What is this file? I can't seem to find a clear explanation for what it's purpose even is. I don't trust it.