Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - computerwiz64

Pages: [1]
1
RogueKiller / Rouge Killer deleted critical files
« on: October 14, 2016, 06:44:34 pm »
Hi, I ran rouge killer yesterday. It grab a lot of files to have ADS. I allowed it to delete them.

I then continued with my day using my laptop. I power it down and then today got up and powered my laptop up and instead of booting into windows 7. It boots into some recovery mode. However, this window is displayed off screen. I have a black screen with a line running down the middle of  the screen from left to right.  However at the top of the screen. I can see the bottom of what looks like the recovery mode. I can move my mouse and can see the bottom of a recovery mode looking window.  I can see my cursor  on the bottom of that window which is located at the top of my monitor screen of the laptop.

I cannot see any dialogs nor read any works. If i position my mouse to go up and start clicking what I cannot see. I can see the bottom of a new window dialog box opening giving me 3 options or 3 buttoms. I cannot read them or see the top parts. Only the buttom parts and do know he far right button is cancel even though I cannot read it. Since it shows only the bottom half of the button below where the text would normally show up.

That's what happens when I boot into windows. However, I have my laptop dual boot 2 os and can boot into my linux os.

I need tips and suggestions on how I can figure out what rouge killer deleted. Are there any logs?

I can access the hard drive via linux os. I do not recall what rouge killer deleted. I do remember one file was a system file.

I just need to know what I can do to recover from this. I need to know what linux  can do to help me recover.


I remember I had a bunch of found ADS just like this member:
http://forum.adlice.com/index.php?topic=788.0

that picture I had  a lot like that resulted and am using the latest rouge killer verson.

I permitted rouge killer to delete it. Now, seems like when booting into windows 7 it goes into recovery mode.

However, I cannot see anything because the window that shows the recover mode window is displayed off screen towards the top of the screen. I can only see the bottom part of that window.

So, the rest of the screen is black with white streaks in the middle going from left to right and sometimes I can see like green, blue,, purple, red dots scattered in the bottom part of my screen.

However, can boot into linux fine. So, I know it's not a hardware failure at all.

It looks to me that rouge killer deleted some important files. I would like to know if there's any logs stored on my machine and if not I think the makers of this tool should think about making a logging system in case stuff like this happens there should be a way to go back and see exactly what files were deleted.

with linux I have 100% access to the hard drive itself. I just don't know what rouge killer deleted and don't know how to reverse what it did.

I only think one critical file was deleted. I only noticed one system file got deleted. The rest that it detected could be legit.

I ran rouge killer after I installed the latest version which I did yesterday on 10/13/2016.

2
Malware removal help / Found something
« on: November 19, 2015, 12:29:17 am »
Hi, I removed avast and restarted my computer. I ran a scan and found this in the report:

Antirootkit : 2 (Driver: Loaded)
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32!CreateNamedPipeW : Unknown @ 0xb6f20030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32!CreateNamedPipeW : Unknown @ 0xb6f20030



Are they legit?  I found out recently that my Aol account was accessed by someone else.

I feel as if I have a rat installed on my computer.

I would appreciate any help.

3
RogueKiller / got flags for hooks on chrome.
« on: October 11, 2015, 05:06:36 am »
Hi, I need help...I am not sure if the hooks are legit or not.

but detected hook on  LdrUnload.dll ,  LdrLoad.dll


here's the report from adlice rougue killer software:

Code: [Select]
Hosts File : 0 [Too big!]

Antirootkit : 62 (Driver: Loaded)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x19075c (jmp 0xffffffff88afd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1903a4 (jmp 0xffffffff88af95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x32075c (jmp 0xffffffff88c8d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x3203a4 (jmp 0xffffffff88c895e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x46075c (jmp 0xffffffff88dcd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x4603a4 (jmp 0xffffffff88dc95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x18075c (jmp 0xffffffff88aed50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1803a4 (jmp 0xffffffff88ae95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x21075c (jmp 0xffffffff88b7d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2103a4 (jmp 0xffffffff88b795e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x45075c (jmp 0xffffffff88dbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x4503a4 (jmp 0xffffffff88db95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x31075c (jmp 0xffffffff88c7d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x3103a4 (jmp 0xffffffff88c795e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x1a075c (jmp 0xffffffff88b0d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1a03a4 (jmp 0xffffffff88b095e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x1a075c (jmp 0xffffffff88b0d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1a03a4 (jmp 0xffffffff88b095e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x7fff075c (jmp 0x895d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x7fff03a4 (jmp 0x89595e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030



Is this a false positive or is it a legit threat? If it's  a theat how to delete / remove it?

Pages: [1]