Carl, You missed the possibility that the file is a marker, or 'placeholder', or temporary storage area
Where the existence of the file tells some piece of software to function in a different mode to the way it would work if the file was not present Or the file may be used to hold details of entries to be processed/actioned - and zero length means that whatever uses the file has no outstanding actions to perform Also - as putting it into the bin means you cannot empty the bin until you are sure you don't need it, I would suggest that, having confirmed that the file is not the primary instance of a set of 'streams' moving it to a different directory, and renaming it would be a safer option Given the date on the file, it may be worth a brief look at what other files have a similar date - that may give a clue as to what was installed/run around that date/time JimB ----- Original Message ----- From: "Carl Houseman" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, November 30, 2005 9:46 PM Subject: Re: Subject: Re: What is cavag7bp ? > A file of length zero bytes is totally and completely empty. If it's really > empty, there's no way it can harm you, and there's no purpose for it to > remain on your system. > > Now since you began this discussion with a rootkit warning from Webroot, you > could wonder whether the zero bytes is a real or faked report. One way to > disable many rootkits is to boot into safe mode, and from there see if you > get a different size report. > > You could also run a rootkit detecting program. There are several > available: > http://www.sysinternals.com/Utilities/rootkitrevealer.html > http://www.f-secure.com/blacklight/ > http://www.resplendence.com/hookanalyzer > > Another possibility is that the file has an alternate data stream, which > wouldn't be reported in the size. You can check that with LADS or STREAMS: > http://www.sysinternals.com/Utilities/Streams.html > http://www.heysoft.de/Frames/f_sw_la_en.htm > > If you're still afraid of deleeting it (I wouldn't be), you can always > delete it to the Recycle bin and if needed you can restore it from there. > > Carl > > -----Original Message----- > From: Windows Home/SOHO [mailto:[EMAIL PROTECTED] On Behalf Of > K. F. > Sent: Wednesday, November 30, 2005 12:56 PM > To: [email protected] > Subject: Subject: Re: What is cavag7bp ? > -- ---------------------------------------- The WIN-HOME mailing list is powered by L-Soft's renowned LISTSERV(R) list management software. For more information, go to: http://www.lsoft.com/LISTSERV-powered.html
