I have recently upgraded one of my computers to Windows 8 Pro x64. I haven't installed much of anything except three versions of Visual Studio, a start button (start menu reviver), a file eraser app (eraser), firefox, winrar, and adobe flash player.
Today I ran autoruns to turn off the Eraser autorun because it starts on startup and I don't need that. I enabled in filter options the check signatures option. I notice that the winrar extension is unsigned (from what I can tell that's normal) but also that there are two microsoft services that are unsigned, "Fast User Switching Utility Service" and "Wex.Services [v2.9.3k]". What is going on here? Aren't Microsoft services supposed to be signed? Could I have a trojan already?
Here are the two entries:
I also hashed the directory using md5deep and it's attached (as a zip file.. this forum won't let me upload an md5 file without zipping it). Could someone who reads this check against the directory on their system? If you have md5deep the command is:
That should return without any output (meaning all files verified).
Today I ran autoruns to turn off the Eraser autorun because it starts on startup and I don't need that. I enabled in filter options the check signatures option. I notice that the winrar extension is unsigned (from what I can tell that's normal) but also that there are two microsoft services that are unsigned, "Fast User Switching Utility Service" and "Wex.Services [v2.9.3k]". What is going on here? Aren't Microsoft services supposed to be signed? Could I have a trojan already?
Here are the two entries:
Code:
fussvc Fast User Switching Utility Service (Not verified) Microsoft Corporation c:\program files (x86)\windows kits\8.0\app certification kit\fussvc.exe 7/25/2012 9:13 PM
Te.Service Wex.Services [v2.9.3k] (Not verified) Microsoft Corporation c:\program files (x86)\windows kits\8.0\testing\runtimes\taef\wex.services.exe 7/25/2012 9:58 PM
I also hashed the directory using md5deep and it's attached (as a zip file.. this forum won't let me upload an md5 file without zipping it). Could someone who reads this check against the directory on their system? If you have md5deep the command is:
Code:
md5deep64 -nX "winkit.md5" -r "C:\Program Files (x86)\Windows Kits\8.0"