Cyberhawk reported that in its last scan it found some rootkits and directed me to run a full scan. I did so and it reports finding the following:

C:\RECYCLER\NPROTECT\00452922.RDB
C:\System Volume Information\catalog.wci\CiFLfffd.000
C:\System Volume Information\catalog.wci\CiFLfffd.001
C:\System Volume Information\catalog.wci\CiFLfffd.002

My question is, are these actual threats? I don't want to quarantine something that might cause Norton's recycler to stop working. As for the other files, these are in System Restore files, correct? Those should be safe to quarantine, right?

Having only used Cyberhawk for a short time, I really don't know at what rate it finds false positives, so I don't want to just go quarantining everything. Then again, if these are actual threats, I don't want to leave them as-is either.

Have you ran any other rootkit scans? Blacklight and the AVG rootkit scanner are pretty good. Panda is supposed to have a good one although it gave my computer BSOD.

One thing to remember is to stop all other system activity when doing a rootkit scan. If you have other programs running or are doing other things with your computer when scanning for rootkits there may be some false positive results.

One thing to possibly try first is to shut down your av and any antispyware apps before running the rootkit scan. Then see if you get the same results.

ajm, I am pretty sure those are FPs. Sometimes when you run an RK scan, and you install, or files are being copied to a temporary directory, or the files are temporary, Cyberhawk will think that these are possibly hidden files, since they are there one second and gone or renamed the next.

If Norton has done something to those files, then leave Norton at it ;-)