Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - computerwiz64

Pages: [1]
1
RogueKiller / Re: Rouge Killer deleted critical files
« on: October 15, 2016, 04:06:06 am »
nevermind decided to use a linux live cd and transfer files over to external hard drive. Decided to reinstall windows and linux.  Just a pain in the butt.

Looks like the latest versions shows false positives for intel files. Mine wiped them out and after a day of searching looks like no way to recover. I tried many different things and it didn't work. Decided it's taking too long and best to just start over again. Just a heads up for anyone else.

2
RogueKiller / Re: Rouge Killer deleted critical files
« on: October 14, 2016, 09:31:53 pm »
Yes, that's exactly what it looked liked to me yesturday. I just clicked delete all and then today this morning turned on my laptop and windows would by default when trying to boot it puts me in recovery mode.

However, the output rouge killer was very similar to yours and my cpu is intel but a 64 bit machine.

3
RogueKiller / Rouge Killer deleted critical files
« on: October 14, 2016, 06:44:34 pm »
Hi, I ran rouge killer yesterday. It grab a lot of files to have ADS. I allowed it to delete them.

I then continued with my day using my laptop. I power it down and then today got up and powered my laptop up and instead of booting into windows 7. It boots into some recovery mode. However, this window is displayed off screen. I have a black screen with a line running down the middle of  the screen from left to right.  However at the top of the screen. I can see the bottom of what looks like the recovery mode. I can move my mouse and can see the bottom of a recovery mode looking window.  I can see my cursor  on the bottom of that window which is located at the top of my monitor screen of the laptop.

I cannot see any dialogs nor read any works. If i position my mouse to go up and start clicking what I cannot see. I can see the bottom of a new window dialog box opening giving me 3 options or 3 buttoms. I cannot read them or see the top parts. Only the buttom parts and do know he far right button is cancel even though I cannot read it. Since it shows only the bottom half of the button below where the text would normally show up.

That's what happens when I boot into windows. However, I have my laptop dual boot 2 os and can boot into my linux os.

I need tips and suggestions on how I can figure out what rouge killer deleted. Are there any logs?

I can access the hard drive via linux os. I do not recall what rouge killer deleted. I do remember one file was a system file.

I just need to know what I can do to recover from this. I need to know what linux  can do to help me recover.


I remember I had a bunch of found ADS just like this member:
http://forum.adlice.com/index.php?topic=788.0

that picture I had  a lot like that resulted and am using the latest rouge killer verson.

I permitted rouge killer to delete it. Now, seems like when booting into windows 7 it goes into recovery mode.

However, I cannot see anything because the window that shows the recover mode window is displayed off screen towards the top of the screen. I can only see the bottom part of that window.

So, the rest of the screen is black with white streaks in the middle going from left to right and sometimes I can see like green, blue,, purple, red dots scattered in the bottom part of my screen.

However, can boot into linux fine. So, I know it's not a hardware failure at all.

It looks to me that rouge killer deleted some important files. I would like to know if there's any logs stored on my machine and if not I think the makers of this tool should think about making a logging system in case stuff like this happens there should be a way to go back and see exactly what files were deleted.

with linux I have 100% access to the hard drive itself. I just don't know what rouge killer deleted and don't know how to reverse what it did.

I only think one critical file was deleted. I only noticed one system file got deleted. The rest that it detected could be legit.

I ran rouge killer after I installed the latest version which I did yesterday on 10/13/2016.

4
Malware removal help / Re: Found something
« on: November 22, 2015, 04:04:09 am »
How can you guy's tell?  I ran it again  with chrome running and another time when it was closed. I now get 8 of the same stuff found. I shows it at times. I mean it found the first 2 but now when I  run it. It shows the same names but with the same hex addresses founded. This is when chrome is running and not running. Is that normal?

I am running RougeKiller Ver 10.11.6.0

I run the same version on my laptops and other computers. I don't get these listings on my other computers. Well just mine and another computer. I have 5 computers. 2 show these responses. The rest shows nothing.

Why is that? Is it plugins or extensions thats giving the false positives?

I was told this was fixed in  version 10.11.5.0

5
Malware removal help / Found something
« on: November 19, 2015, 12:29:17 am »
Hi, I removed avast and restarted my computer. I ran a scan and found this in the report:

Antirootkit : 2 (Driver: Loaded)
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32!CreateNamedPipeW : Unknown @ 0xb6f20030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32!CreateNamedPipeW : Unknown @ 0xb6f20030



Are they legit?  I found out recently that my Aol account was accessed by someone else.

I feel as if I have a rat installed on my computer.

I would appreciate any help.

6
RogueKiller / Re: got flags for hooks on chrome.
« on: October 12, 2015, 06:15:27 pm »
I use avast anti-virus software and think that these hooks might be from it.

So, these are legit hooks?  I installed avast on my laptop and ran this software before installing it. I found no hooks. After I installed avast I notice  there were hooks but it never showed that many hooks. Maybe like 12 or 10.  I deleted avast from my laptop. I then ran the software again and found no more hooks.

My desktop computer has avast still installed but there's a lot of hooks.

7
RogueKiller / got flags for hooks on chrome.
« on: October 11, 2015, 05:06:36 am »
Hi, I need help...I am not sure if the hooks are legit or not.

but detected hook on  LdrUnload.dll ,  LdrLoad.dll


here's the report from adlice rougue killer software:

Code: [Select]
Hosts File : 0 [Too big!]

Antirootkit : 62 (Driver: Loaded)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x19075c (jmp 0xffffffff88afd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1903a4 (jmp 0xffffffff88af95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x32075c (jmp 0xffffffff88c8d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x3203a4 (jmp 0xffffffff88c895e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x46075c (jmp 0xffffffff88dcd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x4603a4 (jmp 0xffffffff88dc95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x18075c (jmp 0xffffffff88aed50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1803a4 (jmp 0xffffffff88ae95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x21075c (jmp 0xffffffff88b7d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2103a4 (jmp 0xffffffff88b795e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x45075c (jmp 0xffffffff88dbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x4503a4 (jmp 0xffffffff88db95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x31075c (jmp 0xffffffff88c7d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x3103a4 (jmp 0xffffffff88c795e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x1a075c (jmp 0xffffffff88b0d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1a03a4 (jmp 0xffffffff88b095e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x1a075c (jmp 0xffffffff88b0d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1a03a4 (jmp 0xffffffff88b095e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x25075c (jmp 0xffffffff88bbd50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x2503a4 (jmp 0xffffffff88bb95e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrUnloadDll : Unknown @ 0x7fff075c (jmp 0x895d50c)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x7fff03a4 (jmp 0x89595e4)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030
[IAT:Addr(Hook.IEAT)] (chrome.exe @ aswJsFlt64.dll) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0xb7550030



Is this a false positive or is it a legit threat? If it's  a theat how to delete / remove it?

Pages: [1]