Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Azurien

Pages: [1]
RogueKiller / Roguekiller version are these false positives?
« on: July 22, 2019, 04:14:04 am »

So I just updated roguekiller to the new version and run a scan. It found 7 MalPE (which are already removed but the log is rogue1) and to be on the safe side I did another scan right after the first.

On the second scan, a popup window appeared about uploading the stuff to virustotal and it detected 19 MalPE which are currently in quarantine (log is rogue2).

Are these possible false positives? Or my pc is infected? Keep in mind that none of the 19 new ones were detected on the first run.

Thank you for your help.

Edit: also did a scan with malwarebytes and it came clean

General Discussion / Re: What is MalPE??
« on: February 27, 2019, 10:45:42 pm »

Well, if you dont mind can you give me a step by step on how to get them? I only have the options to either restore or delete them on roguekiller so I don't know how to get them from the quarantine.

edit: just found them inside the roguekiller folder... do you need the .meta ones as well?

edit 2: the files in question have the same info as the log, just out of curiosity, how will these files actually help with the roguekiller detections and such? Just trying to expand my knowledge base and understand a little bit more about the information that can be gathered by studying and analysing these type of files.

General Discussion / Re: What is MalPE??
« on: February 27, 2019, 10:26:56 pm »
Yep, that is fixed. It doesn't pop up anymore.

As for the logs not sure if it had to be json or txt so I picked txt.

General Discussion / Re: What is MalPE??
« on: February 27, 2019, 05:31:14 am »
Hello, I have a couple of those detections on quarantine and also have the logs. Should I upload the logs through roguekiller? If so what helper should I choose?

Also, just another question (in order to not open a new thread and I'm not sure if its related to this issue or not) since the update to roguekiller has been detecting 2 pum.homepage: one is homepage and the other is session.startup_url. On both, the data entry is the google website (so i'm guessing this pum.homepage is changing my homepage from google to google?) and I even reseted chrome to defaults without the sync on and then forced the sync with the "clean" version but this keeps poping back up. And the weirdest part, on the scan I did before the update it came clean and right after that scan I noticed there was an update for roguekiller, updated it and this keeps showing up dailly. Any ideas?

Thank you for the help.

General Discussion / Re: What is MalPE??
« on: February 06, 2019, 08:41:00 pm »
I already deleted those but I will save future detections.

General Discussion / Re: What is MalPE??
« on: February 06, 2019, 08:16:42 pm »
Thank you for your reply. Well 90% is good for me so I'll keep it on, since the weird issue was it only detected on registry keys of games I haven't touched in a while and it had something to do with firewall permissions. Also, 3 days ago it didn't detect anything and today it detected that so I was worried I might have been, somehow, infected.

Again, thank you for your help.

General Discussion / What is MalPE??
« on: February 06, 2019, 06:48:23 pm »
Hello, I've been noticing something weird over the few days... I do regular scans with RogueKiller and once a week it finds some MalPE (usually the MalPE.29) on some registry keys that are related to steam. Been carefull with both brownsing and such but it's been buggying me a lot... what are these MalPEs that pop up from nowhere and how harmfull are they? And if so, what to do to get rid of them in a more permanent way?

Thank you.

Pages: [1]