rootkit or false alarm??

Hi!!!

i see this eveytime.

http://photoserver.ws/files/6vv6ka8m3f2kqsvpe4kn.bmp

is that an virus??? should i delete ?

pls help!!!

thnx in advance!!

Who is a manufacturer of this imapi.exe? Microsoft or not? If MS then has this file valid digital MS signature?
Some info about MS imapi.exe can be found in http://searchtasks.answersthatwork.com/tasklist.php?File=IMAPI

Hi lastsamurai!

basically i would say, no, don’t delete it…

but you could look into the system32 folder and check how big this file is, because usually this file has 150016 bytes (can also be 123904 or 118784 or 161280 bytes)

do you use windows xp?

THNX FOR THE FAST REPLY!!! :slight_smile:

yes i use win xp sp2!!

in system 32 ,the imapi.exe size is 147 kb

the Manufacturer is Microsoft…

i think it’s a false positive…

i don’t know if virustotal finds rootkits ??? but you could try to upload the file there:
http://www.virustotal.com