| Strange tcpip header? I was just checking files and i uploaded tcpip.sys
And it has strange headers
Is this normal or what?
»www.virustotal.com/analisis/c62b···06cf4ffa |
|
| Also i would like to add
I just formatted my hdd and reinstalled windows
If that's anything useful to anyone who needs to know
I've seen tcpip.sys on virustotal and it didn't have that pe stuff
I've did some searching and found another tcpip.sys with the same headers like mine |
|
 BeesTeaNetwork JanitorPremium,VIP
join:2003-03-08
00000
1 edit | reply to Dominick
According to your virustotal output, the file has an MD5 sum of 93ea8d04ec73a85db02eb8805988f733
93ea8d04ec73a85db02eb8805988f733. is the md5sum of the tcpip.sys file released by Microsoft as part of XP Service Pack 3.
tcpip.sys 04/14/2008 12:50 AM 361,344
--
Overpower, overcome. |
|
| reply to Dominick
So it's okay right?
I don't know if it varies from Different types of Xp install Cd's
I'm using a winxp pro college cd
And i've seen other tcpip.sys without that stuff
Either virustotal updated and not many have uploaded a tcpip.sys or i have no clue
Anyway,I hope i'm clean
This was the same on my last install
Now i reformatted and decided to check it again and see it's the same. I thought it was some malware that survived a reformat or something/ |
|
| reply to Dominick
Can anyone else upload a tcpip.sys and reanaylze it
And see if it has all that header stuff
I'm just a little paranoid |
|
 NetFixerFreedom is NOT freePremium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·Cingular Wireless
 ·Comcast
 ·AT&T Southeast
1 edit | reply to Dominick
said by Dominick :
I was just checking files and i uploaded tcpip.sys
And it has strange headers
Is this normal or what?
said by Dominick :
I've seen tcpip.sys on virustotal and it didn't have that pe stuff
I've did some searching and found another tcpip.sys with the same headers like mine
said by Dominick :
I'm using a winxp pro college cd
And i've seen other tcpip.sys without that stuff
said by Dominick :
Can anyone else upload a tcpip.sys and reanaylze it
And see if it has all that header stuff
I'm just a little paranoid
Exactly what "header stuff" do you find so troubling?
Perhaps these links will help to explain the Portable Executable file format to you?
»www.windowsitlibrary.com/Content···1/1.html
»en.wikipedia.org/wiki/Portable_Executable
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
| "viradd virsiz"
when i type that in any search engine, i get links to malware uploads and stuff
It just strange to me.
Does your tcpip have that stuff? |
|
| said by Dominick :
"viradd virsiz"
when i type that in any search engine, i get links to malware uploads and stuff
'viradd' and 'virsiz' are not "stuff" in your driver (the file you uploaded). These are headings for the columns of the table displayed below them. VirusTotal lists some identifying details for the sections in a Portable Executable (10 in this case), one per line. The header row "name viradd virsiz rawdsiz ntrpy md5" identifies what each item on each row is. For instance,
name: Name (Standard PE Image section field)
viradd: Virtual Address (Standard PE Image Section field)
virsiz: Virtual Size (Standard PE Image section field)
rawdsiz: Raw Data size (Standard PE Image section field)
ntrpy: Entropy (used in signature)
md5: MD5 Hash (used in signature)
You care most about the results section. If you don't know what the 'Additional Information' sections are then you don't need to worry about them.
As has already been pointed out by BeesTea  this file appears to be a standard file distributed by Microsoft as part of WinXP SP3. You have nothing to worry about. |
|
| reply to Dominick
Sigh! Thanks!
I was worried
Thanks for clearing everything up
i once had a really bad encounter with malware last summer - And i could not even find anything on my winxp - so i had to reformat - and i did some reading and learned a bit more - im just being extra careful.
I think it was one of those undetected malware that you can buy on the internet from hacker forums |
|
