Does anyone know what RaKrnlNT.SYS is on a windows XP machine ?
I keep seeing logs from our IDS system showing that this file is having system calls redirected to it....................i am also seeing similar logs for the following file WNT_FAL.sys.
Anyone any thoughts ?
The full log output is ..
The system call table (index 0) has changed. One of the 1 changed entries is at entry 240. This means that a system call has been redirected inside the kernel. The new destination of the system call is in module 'C:\WINDOWS\System32\Drivers\RaKrnlNT.SYS'. If this is unexpected, then the system should be carefully examined for evidence of a trojan or rootkit. The hash of this module is 'E1D984B32A54792D25605C42A438DEC39E45784C', and the version number is 4.50.23508.0