Adlice forum

Software feedback => RogueKiller => Topic started by: gavias on July 03, 2014, 12:55:04 PM

Title: PLEASE ANALYZE THIS REPORT
Post by: gavias on July 03, 2014, 12:55:04 PM

Can you please analyze the report in this link:

http://we.tl/rdvWoLlgwZ


THANK YOU

Title: Re: PLEASE ANALYZE THIS REPORT
Post by: Tigzy on July 07, 2014, 08:10:56 AM

Quote

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : xxxxxxx [Admin rights]
Mode : Scan -- Date : 07/03/2014  11:16:13

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] MXOALDR.EXE -- C:\WINDOWS\MXOALDR.EXE[7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | MXOBG : C:\WINDOWS\MXOALDR.EXE  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 4 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\System32\drivers\etc\hosts]        mailinglistmaster.com
[C:\WINDOWS\System32\drivers\etc\hosts]        www.mailinglistmaster.com
[C:\WINDOWS\System32\drivers\etc\hosts]    

¤¤¤ Antirootkit : 500 ¤¤¤
[EAT:Addr] (explorer.exe) PDFShell.dll - DllCanUnloadNow : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0x37fe6f0
[EAT:Addr] (explorer.exe) PDFShell.dll - DllGetClassObject : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0x37fe5d0
[EAT:Addr] (explorer.exe) PDFShell.dll - DllRegisterServer : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0x38008e0
[EAT:Addr] (explorer.exe) PDFShell.dll - DllUnregisterServer : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0x3800d40
[EAT:Addr] (firefox.exe) xul.dll - Ebml_EndSubElement : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410601
...
[EAT:Addr] (firefox.exe) xul.dll - writeVideoTrack : C:\Program Files\Mozilla Firefox\gkmedias.dll @ 0x1410946
[EAT:Addr] (firefox.exe) ShellExtensionU.dll - DllCanUnloadNow : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0xae5e6f0
[EAT:Addr] (firefox.exe) ShellExtensionU.dll - DllGetClassObject : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0xae5e5d0
[EAT:Addr] (firefox.exe) ShellExtensionU.dll - DllRegisterServer : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0xae608e0
[EAT:Addr] (firefox.exe) ShellExtensionU.dll - DllUnregisterServer : C:\Program Files\LibreOffice 4\program\shlxthdl\shlxthdl.dll @ 0xae60d40

¤¤¤ Web browsers : 0 ¤¤¤

Title: Re: PLEASE ANALYZE THIS REPORT
Post by: Tigzy on July 07, 2014, 08:11:34 AM

Thanks, we'll add MXOALDR to the whitelist
As well as shlxthdl and gkmedias DLLs