Recent Posts

Pages: [1] 2 3 ... 10
1
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on December 14, 2017, 10:14:12 pm »
Hi khuntim,

Thanks for the confirmation.
We wil check this out.

Edit : Is Anydesk reported as [PUP.AdInstaller] ?

Regards.
2
RogueKiller / Re: ===> False Positives <===
« Last post by khuntim on December 14, 2017, 05:52:20 pm »
yes, 12.11.28 did get rid of Anydesk. the last one is Sharks Codecs. thanks
3
RogueKiller / Re: Latest RogueKiller hanging up for 8+ hours on msacm.msg711
« Last post by Curson on December 14, 2017, 02:45:23 pm »
Hi smoked,

Thanks.
Since this is not an issue with the driver, it should be fixable.

Regards.
4
RogueKiller / Re: Latest RogueKiller hanging up for 8+ hours on msacm.msg711
« Last post by smoked on December 14, 2017, 02:12:43 pm »
TY same to you. Hope this problem can get fixed,
5
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on December 14, 2017, 02:01:44 pm »
Hi Hi Scott,

Welcome to Adlice.com Forum.

This detection is indeed a false positive resulting of a conflict with Windows Defender database. We will fix this as soon as possible.
For the time being, you can safely ignore it.

Regards.
6
RogueKiller / Re: ===> False Positives <===
« Last post by tch on December 14, 2017, 04:08:38 am »
Hi.  This Windows 7 PC presents no performance or usage issues but MsMpEng.exe is showing as high risk.  I am 99% certain this is simply a false positive as the Malwarebytes false positive earlier in this thread though would greatly appreciate confirmation. I will provide some details of what I have done and after that will follow the RK text file.

If all you need is the text file then you can simply proceed to it and do not need to read anything I have written below!  :)  It is all simply details surrounding this which you may not need.

The RogueKiller version I am using is "12.11.28.0 (up to date)", I have tried portable and non-portable modes.  The MsMpEng.exe (definition is 1.259.284.0 from 12/13/2017) shows as such within RogueKiller:

Detection: Root.Wajam | Adw.Elex
Type: Process
Path: [6380] MsMpEng.exe, c:\Program Files\Microsoft Security Client\MsMpEng.exe
(yes, the 6380 above is the proper MSE PID, or at least it's the PID of that specific file.)

I uploaded the copy of MsMpEng.exe to VirusTotal and it was found very clean.

Uninstalling and reinstalling MSE seemed to resolve this entry.  However, once I had re-downloaded the definitions for MSE, and then re-scanned with RogueKiller, the entry returned to RogueKiller.

I ran RKill, TDSS Killer (with verify digital signatures and also detect TDLFS), Malwarebytes, Malwarebytes Anti-Rootkit, AdwCleaner and system file checker (sfc /scannow), all of which found various PUP but nothing serious I could tell.

I tried also removing the process via RogueKiller, and this resulted in the MsMpEng.exe process being successfully killed.  MSE immediately threw up a message asking me to reactivate it.

I tested this on a different PC and the behavior was the same, without definitions MsMpEng.exe scanned fine and with definitions scanned dirty.  On Windows 10 it appears to not occur for what it is worth.


Here is the text file showing the MsMpEng.exe detection, any verification you can provide will be very much appreciated!


RogueKiller V12.11.28.0 (x64) [Dec 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tch [Administrator]
Started from : C:\Users\tch\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/13/2017 19:17:08 (Duration : 00:13:24)

Processes : 1
[Root.Wajam|Adw.Elex] MsMpEng.exe(6380) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe[7] -> Found


Registry : 10
[PUP] (X64) HKEY_USERS\S-1-5-21-3702010971-1532561053-2380342961-1670\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=CCM_UI --workflow=CCM_workflow_launch --appletVersion=1.0 --mode=LBS --helperBridgeName={6D0FD104-A851-485A-813C-2090DC17FF87} --lbsWorkflowID={BC7B50A6-7824-4B06-A8C7-5E72FB2DC34A} --lbsInstallerWorkflowID={37D3BAE5-E140-4F2C-8805-9B2B87E0914B} --userGuid= /RestartByRestartManager:B5757D87-38D0-4d1e-BECC-8B5A6D1DD94B
  • -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-3702010971-1532561053-2380342961-1670\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=CCM_UI --workflow=CCM_workflow_launch --appletVersion=1.0 --mode=LBS --helperBridgeName={6D0FD104-A851-485A-813C-2090DC17FF87} --lbsWorkflowID={BC7B50A6-7824-4B06-A8C7-5E72FB2DC34A} --lbsInstallerWorkflowID={37D3BAE5-E140-4F2C-8805-9B2B87E0914B} --userGuid= /RestartByRestartManager:B5757D87-38D0-4d1e-BECC-8B5A6D1DD94B
  • -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{50FE4215-80B5-46E0-BD24-9105019A6FF4} | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F738259E-C6E0-414D-A129-E6EE5C8B6C3A} | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{50FE4215-80B5-46E0-BD24-9105019A6FF4} | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F738259E-C6E0-414D-A129-E6EE5C8B6C3A} | DhcpNameServer : 10.0.1.2 208.67.222.222 10.0.1.3 ([][-][])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3702010971-1532561053-2380342961-1670\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3702010971-1532561053-2380342961-1670\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

Tasks : 0

Files : 1
[Hj.Shortcut][File] C:\Users\tch\Desktop\TimeStar PUNCH.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://www.timestaronline.com/site/clock.php -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ADATA XM11 256GB-V2 ATA Device +++++
--- User ---
[MBR] b7e62e8b0434274887588696af470fc6
[BSP] 647fd931d64e61570068ccad787e4ddb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 130 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 270336 | Size: 244061 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

7
RogueKiller / Re: roguekiller kill Unchecky software :(
« Last post by Curson on December 13, 2017, 03:06:38 pm »
Hi Philippe,

Welcome to Adlice.com Forum.
Unchecky is safe, it's a false positive on our end. We will fix it as soon as possible.

Regards.
8
RogueKiller / roguekiller kill Unchecky software :(
« Last post by philippelaigre on December 13, 2017, 10:10:51 am »
hello,

i'm using this software : Unchecky.

I'm think that software as pretty cool and safe....

i have posting a resquest to unchecky developper too.

ps: i'm using roguekiller cmd (Command line ) v12.11.28.

thanks to developers.
Philippe
9
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on December 12, 2017, 02:35:28 pm »
Hi khuntim,

This false positive should be fixed in RogueKiller latest version.
Could you please make sure you are using V12.11.28 ?

Regards.
10
RogueKiller / Re: ===> False Positives <===
« Last post by khuntim on December 12, 2017, 09:26:20 am »
Anydesk? I have been using it...
Pages: [1] 2 3 ... 10