I currently have the ADNM console run weekly bootscans of a network we manage. This past week, it returned an infection filepath of (computername)*RAW:C:\Windows\System\Update.exe on an XP Pro SP3 machine. Not too familiar with the *RAW portion of this filepath, anyone have any suggestions?

Thanks

well the RAW is the rootkit scanner i think, its a command line scanner. example if you were to run aswquick RAW: C:\ it would run a command line scan with rootkit detection.

avosec.com