ParetoLogic Antivirus was going to delete some Microsoft files along with the cookies. Why? Doesn’t Microsoft need to verify that I have all their files?
You’re right; Microsoft doesn’t want you removing important operating system files. This is one reason why the operating system hides many of its system files. Unfortunately, malware makers are smart. They know that if they name their virus after a legitimate Microsoft file, computer users are less likely to delete the file. After all, if a user thinks a file is a necessary Windows file, he’s not going to delete it.
Viruses as Imposters
It is not uncommon for malware makers to give their viruses the same names, or clever variations, of legitimate operating system files. For example, the “lsass.exe” (spelled with an “L”) file is a legitimate Microsoft operating system file but a file named “isass.exe” (spelled with an “I”) is malware. This is one of my favorite examples because depending on the font and case used, the “L” and “I” can be easily confused. For example, don’t the following two words look remarkably similar?
- lsass.exe
- Isass.exe
Another example is “systray.exe” versus “systemtray.exe.” If you’re thinking that Microsoft uses one of these files to control the “System Tray” area of the taskbar, you’re right; one of these files does do that. The other is a nasty imposter. Casual users aren’t necessarily equipped to know which one is which. That’s why we rely on antivirus products. In this example, the legitimate Microsoft file is systray.exe and the systemtray.exe file is part of the Bigfoot Trojan.
The svchost.exe file is another popular Windows file that virus makers like to name their viruses after. Below are a few filenames based on the svchost.exe name that have been used by known malware programs:
- svchosts.exe
- sychost.exe
- syshost.exe
While these are examples of malware that use a similar looking filename, many other viruses use the exact same name as a real Microsoft files or folders. For example, your Windows computer contains a legitimate operating system folder called System32, but you’d better be careful if you find an actual system32.exe file - it’s most likely malicious!
How Antivirus Programs Know Real Microsoft Files from Fake Files
It’s tough for computer users to know the difference, but not so tough for antivirus programs. After all, these programs use complex algorithms and huge databases to sniff out the malicious programs. These programs know where the legitimate files are supposed to be stored on the computer and recognize imposters hanging out in the wrong directories.
Therefore, if your computer’s antivirus program is telling you that it has found malicious files and these files appear to be Microsoft files, it’s highly probable that they are in fact malware. If you’re unsure, do a quick check on the Internet using a phrase such as, “Is the ___.exe file a virus?”


