Recent Posts

Pages: [1] 2 3 ... 10
1
RogueKiller / Re: Detección muy vista
« Last post by Sergio on Today at 06:48:02 pm »
ok, gracias.

2
RogueKiller / Re: Detección muy vista
« Last post by Curson on Today at 06:45:02 pm »
Hi Sergio,

The is a false positive.
It will be fixed in RogueKiller next release.

Regards.
3
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on Today at 06:43:00 pm »
Hi welbot,

Welcome to Adlice.com Forum.

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and are, indeed, linked to recent entries in Windows Start Menu.
For more information, please read RogueKiller Documentation.

The Windows Security folder is a well known false positive.
This will be fixed on RogueKiller next release.

Regards.
4
RogueKiller / Detección muy vista
« Last post by Sergio on Today at 01:24:29 pm »
Suelo ver mucho Windows Security --> Malicious [PUP.gen1]. A que se debe este genérico?.
5
RogueKiller / Re: ===> False Positives <===
« Last post by welbot on Today at 03:44:52 am »
Hi,

Not sure if these have been reported yet, but I keep getting these 3 entries when I scan.

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

The first 2 I'm not 100% certain of their function, but at a guess, I think they're for placing recently used programs at the top of the start menu.
The 3rd entry has been confirmed as a new addition to version 1703 of Windows 10 by Microsoft. (The folder contains another folder called BrowserCore, and inside that is a BrowserCore.exe, a manifest.json file, and a folder named en-US.

Virus total scan of BrowserCore.exe found 0 reports of infection. (https://www.virustotal.com/en/file/9435f2f1d87523c13439887d0a76259cbb44dd6a37760fc353b7f1f023567160/analysis/1493256689/)
6
Hi Buckman,

You are welcome.

Regards.
7
Thanks for moving the post and the advice.
Yes the drive was configured to store temp data there because i didn't want it taking up space on the ssd.
once i ran the malwarebytes anti rook kit running it cleaned at lot of trojan files up and then I could then follow the remainder of your self help guide all the way to running malware bytes and adwcleaner 
I've got it figured out now thanks for the fast reply.
8
Hi Buckman,

Welcome to Adlice.com Forum and thanks for supporting our product.
How are your drives organised ? Is the system configured to store data on partition E ?

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Please download SystemLook and save it to your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: [Select]
    :dir
    E:\CATIA\license server /s /md5
    E:\temp files
    E:\temp files\tmp
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Regards.

    Note : This thread has been moved to the "Malware removal help" section for clarity.
    9
    I got malware bytes anti rootkit beta running and it has identified at bunch of stuff once it finishes then ill post if i can get rkill and the rest to work.
    10
    I currently am unable to run programs like spybot search and destroy rkill.exe and most other forms of malware or virus removal programs due to requested resource is in use errors. i have run MSE and it picked up and cleaned a few thingsenought to get me to boot without safe mode but the only other software that i am able to run is  rougeKiller i have done 2 passes and it has made things betters but on the second pass it came up with a few errors went from over 200 hits to 45 but the dataup.exe is impossible to remove. i can rename folders but am unable to change permissions or details on folders that i don't recognize as software that I want.

    If I can get rkill.exe or iexplorer.exe to run then i think i can handle it from there.

    attached is the text log
    Pages: [1] 2 3 ... 10