Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Faergor

Pages: 1 2 [3]
31
Sure, here you go. Thx for reply.

At the end of this, first scan, I tried to delete everything.
I did following scans and Hj.Name doesnt show up anymore, but all  Suspicious.Paths do.

32
Hi,
Roguekiller 13.0.9.0 found 4 entries:
いいいいいいいいいいいい Processes いいいいいいいいいいいい
[Hj.Name (Malicious)] csrss.exe (672) -- \Device\HarddiskVolume3\Windows\System32\csrss.exe -> Found
[Suspicious.Path (Potentially Malicious)] nvcontainer.exe (3892) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -> Found

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] NvContainerLocalSystem (3892) -- "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -> Found

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> O23 - Services
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NvContainerLocalSystem -- "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (missing) -> Found


Only thing that I did during last few days was downloading some addons for WoW, but from WoWInterface and WoW curse, the ones that had most downloads, therefore should be safe.
Before I started playing WoW I scanned my pc and found nothing, after starting and downloading addons I found this. They however may be completely unrelated to my problem.

Is this please false positive or real? I am uploading a file of scan results. Thanks.

33
Hi,I am sorry for bothering you. Is this what I found an issue? Thank you :)

34
RogueKiller / Wargaming Suspicious Path found, probably false positive
« on: October 23, 2018, 08:44:32 pm »
Hi, I downloaded new version of roguekiller 12.13.6.0, ran it in normal and safe mode and it has not found anything.
Then few hours later, I scanned with it again and it found this:

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{438D6068-C8F4-4A4D-9D25-790985B62D50}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9CA939D7-0F17-47D6-9DB3-25651E0CFE98}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted

This is probably safe positive,but could you verify it for me please? I am attaching a scan report as well.
Thanks

P.S. There are 4 things found, I was able to delete all 3 except the second one from above. It said error. Is it a problem and may it mean one? Thanks

35
RogueKiller / Another False Positive? PUP RunOnce in registry
« on: September 22, 2018, 06:30:19 pm »
Hello, again, one hour later.
I did another Roguekiller scan, in safe mode this time, and it found this:

い Registry : 2 い
[PUP] (X64) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Windows\System32\msconfig.exe %windir%\system32\msconfig [-] -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Windows\System32\msconfig.exe %windir%\system32\msconfig [-] -> Found

Is this false positive please? I uploaded text file. Thanks

36
RogueKiller / False Positive? Warframe - [Suspicious.Path] found in registry
« on: September 22, 2018, 03:19:15 pm »
Hello, this was found today while scanning, is this please false positive?


い Registry : 2 い
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {27624FD4-2773-4BBD-8B37-317672D4C322} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RPort=80|RPort=443|RPort=8080|RPort2_10=6665-6669|RPort2_10=6695-6699|App=C:\Users\XXXXXXX\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe|Name=Warframe Launcher (TCP-In)|EmbedCtxt=Warframe|Edge=TRUE| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FE17ED16-68BE-49B0-B16E-7D8378EC5C2A} : v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=80|RPort=443|RPort=8080|RPort2_10=6665-6669|RPort2_10=6695-6699|App=C:\Users\XXXXXXX\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe|Name=Warframe Launcher (TCP-Out)|EmbedCtxt=Warframe| [7] -> Found

I scanned my PC day before yesterday and nothing was found and I had same version of Roguekiller installed as I have today (V12.13.1.0). I have warframe installed on my external HDD, but I do not remember launching it yesterday. I scanned my PC today and this was found. I am attaching txt file as well.
Thanks :)

37
General Discussion / Avast reports adlice site is malicious: Url:Mal
« on: July 04, 2018, 04:47:14 pm »
Hi guys,is this false positive?Once I get to download of the roguekiller through the adlice website I get avast message that website was blocked due to it containing Url:MAL.
Never received that before,until now.
False positive or not?Thx
Website is: download.adlice.com


First report was from adlice com and it wasHTML:lframe-inf


Are these false positives by avast?

Pages: 1 2 [3]