Re: what is file refcache.ser

From: Adam Piggott (adam_at_proactiveservices.co.uk)
Date: 07/05/05

  • Next message: Laura A. Robinson: "RE: what is file refcache.ser" 
    Date: Tue, 05 Jul 2005 17:30:39 +0100
To: focus-ms@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    webglobe@gmail.com wrote:
    | Hi,
    |
    | tripwire is reporting to me that the SHA value & the Write time of
    | file c:\WINNT\system32\refcache.ser changed.
    |
    | I can't find anything about this file. Googling for this return 0
    | hit.
    |
    | Does someone know what this file is and who/how is it created & used.

    Can't say I've heard of it in my travels. Maybe a program you have
    recently installed/updated has created it.

    Have you tried submitting it to VirusTotal? email it as an attachment
    to: scan@virustotal.com with a subject of: SCAN
    ...and you will receive a reply after it has been scanned with numerous
    anti-virus products. I'm assuming you've anti-virus- and anti-spyware
    scanned it.

    Are the contents human-readable? Have you tried running it through
    strings? You could enable auditing on the file and assuming your
    machine's policy is to log success audits you could track it's use.

    Maybe also renaming it and seeing if anything gets broken or if it is
    recreated.

    HTH,

    Adam Piggott,
    Proprietor,
    Proactive Services (Computing)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32)

    iD8DBQFCyrWt7uRVdtPsXDkRAnuIAJ4pydtNs4XgxKy5QdNUGl83vRUmrgCeMmod
    W/OHVcFzT/B+Az4NmKPpWdA=
    =0bBF
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Laura A. Robinson: "RE: what is file refcache.ser"

    Relevant Pages