Adlice forum

Software feedback => RogueKiller => Topic started by: ihateregisteringforsites on December 12, 2014, 07:53:31 AM

Title: What should I do, these are my only detections...2 are red
Post by: ihateregisteringforsites on December 12, 2014, 07:53:31 AM

¤¤¤ Registry : 18 ¤¤¤
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

Title: Re: What should I do, these are my only detections...2 are red
Post by: Tigzy on December 12, 2014, 08:32:30 AM

Hello <== That's free, you know.

ASUS entry looks like a false positive. We'll take a look.
PS: You hate register for website, but it's necessary to avoid SPAM. If you don't, and if we let guest posting available, it's about hundreds of SPAM to remove every. single. day. Now you know why you don't hate that anymore :)

Title: Re: What should I do, these are my only detections...2 are red
Post by: ihateregisteringforsites on December 12, 2014, 08:34:11 AM

Hello

Thank you, these are the two lines that it shows as red malware alert.

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found

What is your advice for these?

Title: Re: What should I do, these are my only detections...2 are red
Post by: Tigzy on December 12, 2014, 02:42:14 PM

That's unusual.  ???
It actually says to start itself... Anyway that's not malware, but still curious.

EDIT: What is the E: drive?

Title: Re: What should I do, these are my only detections...2 are red
Post by: ihateregisteringforsites on December 13, 2014, 03:42:18 AM

E drive is recovery

Title: Re: What should I do, these are my only detections...2 are red
Post by: Tigzy on December 13, 2014, 07:33:49 AM

then ignore it.