Recent Posts

Pages: 1 [2] 3 4 ... 10
11
RogueKiller / Re: ===> False Positives <===
« Last post by Pierre95 on December 10, 2018, 08:31:11 am »

Bonjour,
J'ai fait une signalisation de FP sur Roguekiller.
Mais je m'aperçois que je n'ai peut être pas fait au bon endroit.
Je l'ai déposé ici
https://forum.adlice.com/index.php?topic=3550.0
Dans l'attente de votre réponse
Pierre
12
RogueKiller / Faux Positif sbnetsys.sys dans Roguekiller
« Last post by Pierre95 on December 09, 2018, 10:46:41 pm »

Hello,
Je vous signale ce qui est un FP dans Roguekiller ( à mon humble avis)

https://www.cjoint.com/c/HLjm7qGmTgQ

Pour la ligne :

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbnetsys -- (Mainline Net Holdings Limited) C:\Windows\System32\drivers\sbnetsys.sys -> Trouvé(e)


Analyse Virus Total de C:\Windows\System32\drivers\sbnetsys.sys

VirusTotal: C:\Windows\System32\drivers\sbnetsys.sys => https://www.virustotal.com/file/c37481095f93f527bf54f8a5e0c6027ae2bbf1c201a88acd36117004614b2040/analysis/1521360865/


Exportation de la clé  HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbnetsys

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbnetsys]
"DisplayName"="@oem29.inf,%sbnetsys_Desc%;WinpkFilter LightWeight Filter"
"Description"="@oem29.inf,%sbnetsys_Desc%;WinpkFilter LightWeight Filter"
"NdisMajorVersion"="6"
"NdisMinorVersion"="30"
"DriverMajorVersion"="3"
"DriverMinorVersion"="4"
"Type"="1"
"Start"="1"
"ErrorControl"="1"
"Tag"="14"
"ImagePath"="\SystemRoot\system32\DRIVERS\sbnetsys.sys"
"Group"="NDIS"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters]
"NdisImPlatformBindingOptions"="2"
"DefaultFilterSettings"="1"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{0A5DABCE-A060-4F7D-935E-0D4628F48D88}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{0A5DABCE-A060-4F7D-935E-0D4628F48D88}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{2938185F-E79B-409D-AD09-F23A90443CB5}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{2938185F-E79B-409D-AD09-F23A90443CB5}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{2E817D16-F4A8-4FA1-BE37-2233D12AC1BE}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{2E817D16-F4A8-4FA1-BE37-2233D12AC1BE}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{35063B6B-14DC-462F-BFD7-9B634C5ED4F1}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{35063B6B-14DC-462F-BFD7-9B634C5ED4F1}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{398AE0E7-599E-4E72-A6A7-72B3F68B21F1}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{398AE0E7-599E-4E72-A6A7-72B3F68B21F1}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{431868EA-8BA5-42C2-AB86-72210D2BAD0D}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{431868EA-8BA5-42C2-AB86-72210D2BAD0D}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{489F4E7C-78A3-490E-A7AB-BEB93D656EEC}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{489F4E7C-78A3-490E-A7AB-BEB93D656EEC}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{59052DAA-3EC2-4E6B-9DC9-73E98CF9FABC}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{59052DAA-3EC2-4E6B-9DC9-73E98CF9FABC}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{6C399708-CA69-4D44-9A80-B9430127E338}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{6C399708-CA69-4D44-9A80-B9430127E338}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{7469E590-2788-4335-B165-F46613F53DF2}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{7469E590-2788-4335-B165-F46613F53DF2}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{7FB6E0E7-E815-4966-AB6F-28C50E838060}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{7FB6E0E7-E815-4966-AB6F-28C50E838060}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{8796B1D2-510F-463A-84FE-0766320E0855}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{8796B1D2-510F-463A-84FE-0766320E0855}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{8C3B6B71-E027-4D75-A1E0-9A34E3E9B729}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{8C3B6B71-E027-4D75-A1E0-9A34E3E9B729}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{9616A8CC-3AF1-48D1-BE7B-DD32D36F4953}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{9616A8CC-3AF1-48D1-BE7B-DD32D36F4953}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{9675665B-50D4-4381-B00A-67658019BD85}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{9675665B-50D4-4381-B00A-67658019BD85}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{977E51DC-4F9B-4453-8CC1-88E461E758B8}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{977E51DC-4F9B-4453-8CC1-88E461E758B8}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{CFCB446B-FF22-4DB2-B085-9CA7EC33837B}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{CFCB446B-FF22-4DB2-B085-9CA7EC33837B}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{DA3C68E3-23D4-44A0-A32E-852ACC3001C2}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{DA3C68E3-23D4-44A0-A32E-852ACC3001C2}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{E6162C02-22BC-4697-89A8-E23753822F84}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{E6162C02-22BC-4697-89A8-E23753822F84}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{F4988C3F-8C13-4A62-ACC3-1282D1F4D369}]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\Adapters\{F4988C3F-8C13-4A62-ACC3-1282D1F4D369}\{BD2519E6-7296-44F1-B0C5-ECB53AD9DD09}-0000]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters]
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{0A5DABCE-A060-4F7D-935E-0D4628F48D88}]
"InterfaceGuid"="ae6763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{2E817D16-F4A8-4FA1-BE37-2233D12AC1BE}]
"InterfaceGuid"="27c37fe87ccbe71187fb448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{32FD6B15-0883-4618-8A3C-09A5EA1D3F31}]
"InterfaceGuid"="80f64ec000f0e7118806448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{35063B6B-14DC-462F-BFD7-9B634C5ED4F1}]
"InterfaceGuid"="31ccb179d4c6e711a61f448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{431868EA-8BA5-42C2-AB86-72210D2BAD0D}]
"InterfaceGuid"="6c0f0ab73463e81189a8448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{489F4E7C-78A3-490E-A7AB-BEB93D656EEC}]
"InterfaceGuid"="af6763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{4B7D27CF-5F28-4DEA-BBA2-286036CF251E}]
"InterfaceGuid"="1ba3977e5693e811884b448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{59052DAA-3EC2-4E6B-9DC9-73E98CF9FABC}]
"InterfaceGuid"="b06763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{7469E590-2788-4335-B165-F46613F53DF2}]
"InterfaceGuid"="b16763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{7FB6E0E7-E815-4966-AB6F-28C50E838060}]
"InterfaceGuid"="2cc37fe87ccbe71187fb448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{8796B1D2-510F-463A-84FE-0766320E0855}]
"InterfaceGuid"="690f0ab73463e81189a8448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{8C3B6B71-E027-4D75-A1E0-9A34E3E9B729}]
"InterfaceGuid"="20a3977e5693e811884b448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{9616A8CC-3AF1-48D1-BE7B-DD32D36F4953}]
"InterfaceGuid"="2eccb179d4c6e711a61f448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{9675665B-50D4-4381-B00A-67658019BD85}]
"InterfaceGuid"="b26763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{977E51DC-4F9B-4453-8CC1-88E461E758B8}]
"InterfaceGuid"="34ccb179d4c6e711a61f448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{DA3C68E3-23D4-44A0-A32E-852ACC3001C2}]
"InterfaceGuid"="6f0f0ab73463e81189a8448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{E6162C02-22BC-4697-89A8-E23753822F84}]
"InterfaceGuid"="b36763c67398e71187ef448a5ba2c78b"
[HKLM\System\ControlSet001\Services\sbnetsys\Parameters\NdisAdapters\{F4988C3F-8C13-4A62-ACC3-1282D1F4D369}]
"InterfaceGuid"="87f64ec000f0e7118806448a5ba2c78b"

=== Fin de ExportKey ===


13
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on December 06, 2018, 10:14:56 pm »
Hi SilenceEngaged,

Don't worry about that.
The [VT.Detection] entry show up because this file was not present in VirusTotal database at the time of the scan. If you allowed the file to be uploaded, it won't appear anymore.
A process reported as unknown to VirusTotal is a hint it may be part of a polymorphic-code infection, it's a clue that can be really useful sometimes.

Regards.
14
RogueKiller / Re: ===> False Positives <===
« Last post by SilenceEngaged on December 06, 2018, 08:01:20 pm »
Thanks for the prompt response! Sorry it took so long for me to respond. I was busy with the holidays. (Still am) I believe I have another false positive. This time, it is from AMD graphics card drivers.

 Also, a suggestion on it: VirusTotal uploads only come back positive if found to actually be something (Virus, what-have-you...) on VirusTotal.com
15
Malware removal help / Re: SUIS-JE INFECTé
« Last post by Curson on December 06, 2018, 01:17:04 am »
Bonjour,

Bienvenue sur le forum Adlice.
Pouvez-vous attacher votre rapport RogueKiller avec votre prochain message ?

Meilleures salutations.
16
Malware removal help / SUIS-JE INFECTé
« Last post by woottaam on December 06, 2018, 12:37:55 am »
BONJOUR

J AI BESOIN DE SAVOIR SI JR SUIS INFECTé ?

merci

slts wÔlF
17
VTUploader / Re: Something is wrong
« Last post by Curson on December 01, 2018, 06:14:23 pm »
Hi Mincci,

Welcome to Adlice.com Forum.
VTUploader is not maintenened anymore and is incompatible with the latest versions of the .NET Framework. I will contact the developper to check if he can do a quick fix.
In the meantime, I advise you to give VirusTotal Windows Uploader a try.

Regards.
18
RogueKiller PREMIUM / Re: False Positive
« Last post by Curson on November 28, 2018, 05:15:08 pm »
Hi Michael,

That's the right one.
This is a confirmed false positive. We will whitelist it as soon as possible.

Thanks again for your feedback.

Regards.
19
VTUploader / Something is wrong
« Last post by Mincci on November 28, 2018, 01:43:36 am »
I am having an issue with the app. I've downloaded it few times, ran it as admin and allowed it on every security program etc, and entered my VT api. Still, every time I try to analyze a file, folder, or process.. probably anything, I get an error something like the first and only poster I see on board. The error is partially finnish, but it is about "VirusTotalNET.Virustotal" causing an exception.. It's been years since the first poster here, so I would guess the file is not still corrupted..? I have .NET installed etc..
20
RogueKiller PREMIUM / Re: False Positive
« Last post by mrmike570 on November 27, 2018, 11:56:41 pm »
Ok, lets try this one...sorry about that..kinda new at this..
Pages: 1 [2] 3 4 ... 10