November 13th, 2002, 04:12 AM
Strange sigverif.exe behavior
I've been brushing up on some Win2K certification stuff preparing to sit for some exams. This evening while going through some excercises from M$ course 2152bc (and notes from class) on a lark I ran sigverif.exe on my Windows XP Professional install on my laptop.
My install isn't running anything special by any stretch of the imagination, I run Norton Anti-Virus Corporate 8.0 with near daily sig file updates and the like... the only "non standard" piece of hardware I have is a cheap 802.11b wireless card from Hawking Technologies.
Anyway... I've attached a screen shot of the results of sigverif - make a note of that very first entry for a file named check.exe in c:\windows\system32
I've looked high and low trying to find this file on my machine, to no avail. I've forced explorer to show hidden and protected system files, and searched via the command line and am still not finding it. Any idea what this file is, where it came from, what it does, or why I can't ferret out more information on it?
Hoping for some off chance of a correlation I just ran into the other room and ran sigverif on the wife's WinXP Pro workstation... not a single unsigned file in her case. I'm stumped.
I did a google for check.exe just for grins, and found this reference that _could_ indicate virus activity I guess. http://www.vsantivirus.com/fbound-b.htm although not in english.