Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Faergor

Pages: [1]
1
Hello, so I scan my PC regularly and dont visit dangerous websites (and dont even use microsoft edge, only very very rarely). I updated Roguekiller with new database, I suppose at least, it doesnt say so, but it always updates regularly. During this scan it doesnt show that it has been updated though.
Roguekiller says this about current version: 20211022_080253 (outdated, 20211025_113801). Not sure which one is the new one or old one.
Probably newest one, scan says that I have 20211025_113801. I suppose it scanned my PC with this update. I updated it manually, and it is showing me these 41 detections again.

Anyways, I am attaching the file. Is this real or false positive?
I suppose false positive, just want to make sure. Never seen so many detections before. I have not deleted them yet.



I am scanning my PC with roguekiller, avast, eset online scanner (the one with one time use), mbar and malwarebytes. So far, it seems like only Roguekiller detected this.

What is going on please?
Thanks

2
Hello, not sure how I managed to visit this website, I was on fanatical website (website that sells game bundles), and if I somehow accidentally typed it or what, but I managed to get to hxxp://www.x.com/ .

Anyone has any idea what is this website and if it is safe? It is marked as unverified, but does not have anything there, except for one X.

Thanks.

Moderation edit : Neutered link with hxxp.

3
RogueKiller / Is this false positive please?
« on: June 12, 2020, 01:04:33 am »
Hello,
roguekiller found this, not sure what it is supposed to be. Is this false positive please? May it be related to PSO2 Tweaker to install Phantasy star online 2? I used it few hours ago.
I am uploading report file here.
Thank you.

4
RogueKiller / Has there been update 14.4.0.0 ?
« on: April 01, 2020, 01:02:51 pm »
Because roguekiller reports that there is while website where I download it says the most actual version is still 14.3.0.0.

I am little bit freaked out, I use eset online scanner (one time antivurus scanner), avast, malwarebytes, roguekiller, malwarebytes mbar (anti rootkit).

Today is weird, Eset suddenly needed update, after update it acts weird, it doesnt even launch, then avast suddenly needed critical update, roguekiller says that it has new update 14.4.0.0 while website says newest udate it still 14.3.0.0, and when instalĺing new version it asks weird thing, that it needs tu shut down Windows Explorer and Total Commander in order to install.

Is all of that normal and is there also new update for roguekiller?

Thanks

5
Hi,
I installed Conquerors Blade on Steam and this is what Roguekiller found.
>>>>>> XX - Software
  [PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2670024213-1291369441-4136216571-1001\Software\GameCenter -- N/A -> Found

I am attaching report from Roguekiller as well.

This is false positive, correct?
Conquerors blade uses their own launcher, and also installs anti cheat system.

Thanks

6
RogueKiller / Trojan Flystudio False positive or real?
« on: April 05, 2019, 12:50:56 am »
Hello,
I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar.
Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX.
I uploaded file to virustotal and more antivirus programs picked it up.
https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection

Then I scanned my computer with Malwarebytes and it caught this:

Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008
Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008

I am attaching the file.
Is this please false positive or real? Thanks.

7
RogueKiller / [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 10:34:40 am »
Hello, I scanned my computer with roguekiller and it showed this, is this please false positive?

I have 2 logs, one was found at first, and other one later, I dont think they are identical.

I will upload another log in next reply.

8
RogueKiller / MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 04:27:03 pm »
Hi, I had no problems before, but I downloaded the newest signatures 20190213_112737, and I found in C:\ProgramData\Roguekiller\signatures\mbr a thing called MBR:Yurn-A (RTK) this trojan, or whatever it is.
It was found by avast.

I am for some reason no longer even able to upload anything to virustotal, it says "Please answer the following puzzle to help us prevent abuse", doesnt let em upload either that mbr file or any other to virustotal.

I commonly scan my computer with roguekiller, avast, eset online scanner (its a one time scan only), malwarebytes and mbar. Nothing was found. Only avast found this file.
Thanks

I am uploading this file here to this post,can you please check it? Thanks

edit: I was able to upload file to virustotal,and it found this:
https://www.virustotal.com/#/file/81f2e7a10c7f5b46134756822c22d363659d1ead7999a75373a8f165d1b7309f/detection

file is flagged as same virus by both avg and avast, but nothing else.

9
Hi,
Roguekiller 13.0.9.0 found 4 entries:
いいいいいいいいいいいい Processes いいいいいいいいいいいい
[Hj.Name (Malicious)] csrss.exe (672) -- \Device\HarddiskVolume3\Windows\System32\csrss.exe -> Found
[Suspicious.Path (Potentially Malicious)] nvcontainer.exe (3892) -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -> Found

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] NvContainerLocalSystem (3892) -- "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -> Found

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> O23 - Services
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NvContainerLocalSystem -- "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (missing) -> Found


Only thing that I did during last few days was downloading some addons for WoW, but from WoWInterface and WoW curse, the ones that had most downloads, therefore should be safe.
Before I started playing WoW I scanned my pc and found nothing, after starting and downloading addons I found this. They however may be completely unrelated to my problem.

Is this please false positive or real? I am uploading a file of scan results. Thanks.

10
RogueKiller / Wargaming Suspicious Path found, probably false positive
« on: October 23, 2018, 08:44:32 pm »
Hi, I downloaded new version of roguekiller 12.13.6.0, ran it in normal and safe mode and it has not found anything.
Then few hours later, I scanned with it again and it found this:

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\Run | Wargaming.net Game Center : "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background '' [7] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{438D6068-C8F4-4A4D-9D25-790985B62D50}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9CA939D7-0F17-47D6-9DB3-25651E0CFE98}C:\programdata\wargaming.net\gamecenter\wgc.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\programdata\wargaming.net\gamecenter\wgc.exe|Name=Wargaming.net Game Center|Desc=Wargaming.net Game Center| [7] -> Deleted

This is probably safe positive,but could you verify it for me please? I am attaching a scan report as well.
Thanks

P.S. There are 4 things found, I was able to delete all 3 except the second one from above. It said error. Is it a problem and may it mean one? Thanks

11
RogueKiller / Another False Positive? PUP RunOnce in registry
« on: September 22, 2018, 06:30:19 pm »
Hello, again, one hour later.
I did another Roguekiller scan, in safe mode this time, and it found this:

い Registry : 2 い
[PUP] (X64) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Windows\System32\msconfig.exe %windir%\system32\msconfig [-] -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1239764888-2148109162-3447206424-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Windows\System32\msconfig.exe %windir%\system32\msconfig [-] -> Found

Is this false positive please? I uploaded text file. Thanks

12
RogueKiller / False Positive? Warframe - [Suspicious.Path] found in registry
« on: September 22, 2018, 03:19:15 pm »
Hello, this was found today while scanning, is this please false positive?


い Registry : 2 い
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {27624FD4-2773-4BBD-8B37-317672D4C322} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RPort=80|RPort=443|RPort=8080|RPort2_10=6665-6669|RPort2_10=6695-6699|App=C:\Users\XXXXXXX\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe|Name=Warframe Launcher (TCP-In)|EmbedCtxt=Warframe|Edge=TRUE| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FE17ED16-68BE-49B0-B16E-7D8378EC5C2A} : v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RPort=80|RPort=443|RPort=8080|RPort2_10=6665-6669|RPort2_10=6695-6699|App=C:\Users\XXXXXXX\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe|Name=Warframe Launcher (TCP-Out)|EmbedCtxt=Warframe| [7] -> Found

I scanned my PC day before yesterday and nothing was found and I had same version of Roguekiller installed as I have today (V12.13.1.0). I have warframe installed on my external HDD, but I do not remember launching it yesterday. I scanned my PC today and this was found. I am attaching txt file as well.
Thanks :)

13
General Discussion / Avast reports adlice site is malicious: Url:Mal
« on: July 04, 2018, 04:47:14 pm »
Hi guys,is this false positive?Once I get to download of the roguekiller through the adlice website I get avast message that website was blocked due to it containing Url:MAL.
Never received that before,until now.
False positive or not?Thx
Website is: download.adlice.com


First report was from adlice com and it wasHTML:lframe-inf


Are these false positives by avast?

Pages: [1]