Adlice forum

General Category => Malware removal help => Topic started by: somerandom on November 12, 2018, 10:20:19 am

Title: Unknown file found in RogueKiller?
Post by: somerandom on November 12, 2018, 10:20:19 am

Hello, today I ran Roguekiller, and for the first time it displayed a "Potential Malware" file known as "agldiaod.sys". I have never heard of this name and never found it before on Roguekiller. Google shows nothing.
Title: Re: Unknown file found in RogueKiller?
Post by: Curson on November 12, 2018, 06:15:45 pm
Hi somerandom,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.
Title: Re: Unknown file found in RogueKiller?
Post by: somerandom on November 12, 2018, 08:35:27 pm
RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov  6 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : Win10Ent [Administrator]
Started from : J:\Users\Asus2\Downloads\New folder\RogueKiller_portable64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/12 20:00:53 (Duration : 00:04:19)

いいいいいいいいいいいい Delete いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agldiaod -- [%localappdata%\Temp\agldiaod.sys] -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs --  -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs --  -> Replaced (1)

This was the log from the reported incident. I'm still unsure as to what agldiaod.sys is. Other software finds nothing like this.
Title: Re: Unknown file found in RogueKiller?
Post by: Curson on November 12, 2018, 08:53:53 pm
Hi somerandom,

This is indeed quite strange.
Could you please attach the corresponding JSON report showing these detections ?

Regards.
Title: Re: Unknown file found in RogueKiller?
Post by: somerandom on November 12, 2018, 09:02:38 pm
Json. attached.
Title: Re: Unknown file found in RogueKiller?
Post by: Curson on November 12, 2018, 09:42:06 pm
Hi somerandom,

Thanks. Your computer is safe.
The file that was detected is GMER kernel-mode driver. Since its name is random-generated, it's normal that Google didn't find anything.

Regards.