Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Faergor

Pages: [1] 2
1
Hello, not sure how I managed to visit this website, I was on fanatical website (website that sells game bundles), and if I somehow accidentally typed it or what, but I managed to get to hxxp://www.x.com/ .

Anyone has any idea what is this website and if it is safe? It is marked as unverified, but does not have anything there, except for one X.

Thanks.

Moderation edit : Neutered link with hxxp.

2
RogueKiller / Is this false positive please?
« on: June 12, 2020, 01:04:33 am »
Hello,
roguekiller found this, not sure what it is supposed to be. Is this false positive please? May it be related to PSO2 Tweaker to install Phantasy star online 2? I used it few hours ago.
I am uploading report file here.
Thank you.

3
RogueKiller / Has there been update 14.4.0.0 ?
« on: April 01, 2020, 01:02:51 pm »
Because roguekiller reports that there is while website where I download it says the most actual version is still 14.3.0.0.

I am little bit freaked out, I use eset online scanner (one time antivurus scanner), avast, malwarebytes, roguekiller, malwarebytes mbar (anti rootkit).

Today is weird, Eset suddenly needed update, after update it acts weird, it doesnt even launch, then avast suddenly needed critical update, roguekiller says that it has new update 14.4.0.0 while website says newest udate it still 14.3.0.0, and when instalĺing new version it asks weird thing, that it needs tu shut down Windows Explorer and Total Commander in order to install.

Is all of that normal and is there also new update for roguekiller?

Thanks

4
Hi,
I installed Conquerors Blade on Steam and this is what Roguekiller found.
>>>>>> XX - Software
  [PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2670024213-1291369441-4136216571-1001\Software\GameCenter -- N/A -> Found

I am attaching report from Roguekiller as well.

This is false positive, correct?
Conquerors blade uses their own launcher, and also installs anti cheat system.

Thanks

5
RogueKiller / Re: Trojan Flystudio False positive or real?
« on: April 06, 2019, 03:57:17 pm »
Sure,thanks :).

6
RogueKiller / Re: Trojan Flystudio False positive or real?
« on: April 05, 2019, 12:19:45 pm »
I would  also like to ask.
Avast was mentioned here:
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

Could it have been modified somehow and therefore roguekiller reports it as old version, or does it report it incorrectly? Thanks

7
RogueKiller / Trojan Flystudio False positive or real?
« on: April 05, 2019, 12:50:56 am »
Hello,
I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar.
Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX.
I uploaded file to virustotal and more antivirus programs picked it up.
https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection

Then I scanned my computer with Malwarebytes and it caught this:

Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

I am attaching the file.
Is this please false positive or real? Thanks.

8
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:19:19 pm »
Oh,ok,so its safe :).
Thanks a lot, again :D

9
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:35:03 am »
This is the second log.

10
RogueKiller / [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:34:40 am »
Hello, I scanned my computer with roguekiller and it showed this, is this please false positive?

I have 2 logs, one was found at first, and other one later, I dont think they are identical.

I will upload another log in next reply.

11
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 08:38:01 pm »
Ok:)
I am very very sorry for asking so many questions. I think I may be annoying with them sometimes. I am kind of a person who needs reassurement and explanation :).

I greatly appreciate your help and support. Thanks a lot.
In that case I will completely ignore the detection :)

12
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 07:28:56 pm »
Oh, ok, so in other words:
It is a line of code you put in rgk signatures that is used to detect specific viruses, such as the one that showed up on avast and avg.

1. So, it was not virus at all that I found, but only line  of code you put in signatures used to detect it.
2. So I never had virus at all?
3. Why have they mentioned that detection was real and not false positive then?
4. Should I ignore this detection completely, im safe,right?:)

Thanks and again sorry for so many questions, this freaked me out.

13
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 06:50:44 pm »
I received reply from AVG.

"Hello,

Thank you for contacting AVG.

Our virus specialists have been working on this request and they confirmed this detection is correct.

We understand it is unpleasant, and we will be happy to analyze the file again as soon as it matches our guidelines. Please refer to the following article about the AVG virus policy"


I think they mean the file was not false positive, but actual virus.
I uploaded the file here:
https://www.avg.com/en-us/false-positive-file-form

I had a false positive form picked. I explained the issue to them as well. That happened yesterday.

1.You guys of course scanned the file unzipped,right? It is not detectable when zipped.
2.have they made a mistake with the detection? I think they say it is a real threat, while you say its not.

What should I do? Ignore what they said? How come it showed up as a virus and they claim its real?
Thanks :)


14
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 04:44:23 pm »
One thing popped my mind.
Stupid question, Im sure for 99,99% that you did,but:
You scanned the file I uploaded unzipped,right?:D

I was not able to detect it with avast when it was zipped, once I unzipped it, it was detected by avast right away (the previous versions that were detectable)

Thanks and sorry for so many (and some stupid) questions :D

15
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 12:02:39 pm »
Thanks a lot :D.
You guys are doing a great job.
Sorry for asking so many questions and making sure. Appreciate it a lot:)

Pages: [1] 2