Instrument Control (GPIB, Serial, VISA, IVI)

cancel
Showing results for 
Search instead for 
Did you mean: 

What is niorbmap? Shows as rootkit

Solved!
Go to solution

Hi

 

Sorry Im not sure where to post this as Im not sure what it relates to.

I have drivers (+whatever else was bundled with them) installed for the NI USB-RS232 cable.

Since hten I have done a quick rootkit scan using Spybot S&D which has notified me that the file C:\Windows\System32\niorbmap may be a possible rootkit infection. When I browse to the location the file is not visible - not a good sign.

I assumed from the name and one mention-in-passing here on the forums that it is an NI related file.

Could someone confirm this and if so explain why it may be detected as a rootkit?

Thanks

0 Kudos
Message 1 of 3
(3,505 Views)
Solution
Accepted by topic author wolf99

Hi Wolf99,

 

This file looks to part of our driver set as you mentioned. Taking a look at my own pc I also have the file, it is located at C:\Windows\SysWOW64 (the 64 bit equivilent of system32) on my machine. Opening the file with notepad it has many references to various NI software/drivers. This file shouldn't be malicous and is likely a false-positive by Spybot S&D.

 

Best Regards,
Andrew

Applications Engineer
0 Kudos
Message 2 of 3
(3,479 Views)

Thanks adlib.

What made me more concerned with it was that I could not actually find it int he system32 folder that SS&D listed but I see that it is actually in my SysWOW64 instead so all good 🙂 .

0 Kudos
Message 3 of 3
(3,474 Views)