Adlice forum

General Category => Malware removal help => Topic started by: Shug Ninx on December 14, 2014, 07:00:26 pm

Title: Possible Rootkit detected
Post by: Shug Ninx on December 14, 2014, 07:00:26 pm
Hello there,

First thanks a lot for providing Roguekiller for free, that nice piece of software was recommended through a malware removal help forum (forum.malekal.org) for PUM.DNS removal.

In a recent case of malware removal, Roguekiller reported possible rootkit. As I'm new to Roguekiller, I'm having difficulties to tell if I'm facing a real rootkit infection or a false positive. I've read that some antivirus components can produce false positive, and indeed Avast is installed on this computer, but I'm still unable to decide based on the FAQ, tutorial, and known issues (reading and knowing is one thing, knowing how to... is another ;-).

The Roguekiller report is accessible here (http://pjjoint.malekal.com/files.php?read=20141211_c12y14x9f5g6), as well as an FRST report (http://pjjoint.malekal.com/files.php?read=FRST_20141211_k6j10h5t14e5).

Thanks a lot for your help and expertise.
Title: Re: Possible Rootkit detected
Post by: Shug Ninx on December 16, 2014, 06:20:20 pm
Hello again !

No one to help analyzing the RogueKiller report ?   :'(
Title: Re: Possible Rootkit detected
Post by: Tigzy on December 19, 2014, 03:57:09 pm
Hello
This is hard to say, most of the time it's an antivirus that does this.
We'll soon working on this issue (once the uploader website is ready to accept the process dumps), so I'd skip it for now. Doesn't look malware, just a false alarm.
Title: Re: Possible Rootkit detected
Post by: Shug Ninx on January 05, 2015, 02:28:16 pm
Thanks for your input. I'll perform another RogueKiller scan after removing the antivirus and give you the report.

My best wishes for this new year  :)
Title: Re: Possible Rootkit detected
Post by: Shug Ninx on January 13, 2015, 06:58:55 pm
Hello !

No more suspected rootkit after removing Avast 2015 (free edition). I guess you made some change to RogueKiller since the current version didn't report this false positive after antivirus reinstallation.

Thanks anyway !