Software feedback > RogueKiller

==> Proc.Injected <==

(1/14) > >>

If you encounter this detection, this can mean several things:

- A real infection (like Zeus, Carberp, Poweliks, they are all using that thing)
- Your antivirus injecting your processes to protect you (in theory).

To know what's going on, and possibly whitelist the cases where it's a legit injection, please do the following:
Let's say you have [Proc.Injected] some_process.exe -- C:/path_to_parent_some_process.exe

- Download Process Hacker:
- Install it, launch it
- Find the process above
- Right click on it => Create dump (on the desktop)
- Zip the file (winzip, winrar, 7zip)
- Host it anywhere you want (Google Drive, Dropbox, ...) Make sure it's public.
- Put the link here.

We will analyse what is really injected, and whitelist if needed.

And you might try booting into safe mode and try running it.


We have an infection with Proc.injected in svchost.exe and explorer.exe.
Roguekiller only found something, but processus came back at each logon.

I have the rapport too, if you need it : to see the hook.IEAT in explorer.exe.

Best regards.

I'd like the report as well please :)

@Ourko, I don't have access to some memory segments, are you sure you took a full dump?

I redo the "Create dump file" from the exe but with the administrator, and not a user with admin rights.

I join 2 reports too.

PS: je viens de voir qu'on pouvait parler en franšais :-)
Est ce que je dois ouvrir un post pour de l'aide au "nettoyage" ?


[0] Message Index

[#] Next page

Go to full version