# SigStub? What the hell is this?



## cenobite321 (Jan 29, 2006)

I started off my computer today and I found a folder in C: named: b292d56952d72ed5c3d6f8. The only file here is one that is called SigStub: Microsoft Malware Protection by Microsoft Corp (see the picture attached) 


Do you know what is this file?, is it a fake program, a virus or what?

Thank you in advance.


----------



## MicroBell (Sep 21, 2004)

Please visit this website - http://virusscan.jotti.org/ 
Submit these file(s) for a comprehensive scan & then post the results back here

C:\b292d56952d72ed5c3d6f8\*Sigstub.exe* (Or whatever it's name is)

If it finds nothing or says it's clean..please ZIP up the file and attach it to your next post and I'll take a look. I think it's a temp file used to update Microsofts Malware tool they release each month.


----------



## gritz (May 6, 2006)

hi,

I also have this file so thought i would post results and file. If you would like me upload the file let me know.

File: SigStub.exe 
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5 e07e1b1d6b8ded8961daf7dff1b33b6f 
Packers detected: PE_PATCH 
Scanner results 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
UNA Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## MicroBell (Sep 21, 2004)

Thanks gritz. I was hopeing the user would attach the file here..so I could take a look at it...but he must not be too worried...lol. If you don't mind...please ZIP it up and attach your copy of that file. I just need to confirm what it does.


----------



## gritz (May 6, 2006)

attached as requested.


----------



## MicroBell (Sep 21, 2004)

Thank you Gritz!!

It's a LEGIT file. It's a verisign update file used in the update of Microsofts Antispyware product.


----------



## gritz (May 6, 2006)

ok thanks for your help


----------

