Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: mheer100 on April 02, 2017, 05:40:33 AM

Title: RogueKiller Premium detections
Post by: mheer100 on April 02, 2017, 05:40:33 AM

I have had three persistent (three times detected on three separate scan) detections in McAfee executables.  RogueKiller cannot delete them - reports "Error(0)"; therefore they are detected again on subsequent scans.  here is the txt report of the last scan:
RogueKiller V12.3.0.0 (x64) [May 22 2016] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Mike [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/01/2017 20:41:43

¤¤¤ Processes : 3 ¤¤¤
[Proc.RunPE] McClientAnalytics.exe(10312) -- C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe[7] -> ERROR

[Proc.RunPE] McAMTaskAgent.exe(18360) -- C:\Program Files\Common Files\McAfee\platform\McAMTaskAgent.exe[7] -> ERROR

[Proc.RunPE] McVulCtr.exe(5960) -- C:\Program Files\mcafee\vul\McVulCtr.exe[7] -> ERROR

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E6300 SCSI Disk Device +++++
--- User ---
[MBR] 9ad8effcb0c1c8cf08d954d4a2e6c8f7
[BSP] 55142c597ac2ce6ced9fa871ca50aebe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455123 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 932501504 | Size: 21513 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK

So are these false positives?  On another note, the report indicates the antirootkit driver was not loaded.  I've have always checked that "load driver" box before scanning, and it doesn't load.. ??

Title: Re: RogueKiller Premium detections
Post by: Curson on April 03, 2017, 07:17:15 PM

Hi Mike,

Welcome to Adlice.com Forum.
You are using an outdated version of RogueKiller (May 2016). Could you please update it then redo a scan ?

Regards.

Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.

Title: Re: RogueKiller Premium detections
Post by: mheer100 on April 04, 2017, 06:21:23 AM

I will do that.  Thought it updated automatically.. thanks :)

Title: Re: RogueKiller Premium detections
Post by: Curson on April 04, 2017, 09:36:51 AM

Hi Mike,

You are very welcome.
Don't hesitate to post the result of the new scan if anything is weird.

Regards.

Title: Re: RogueKiller Premium detections
Post by: mheer100 on April 05, 2017, 12:02:40 AM

The new SW ran fine, found many things and fixed/deleted all... great product, thanks for the help! :)

Title: Re: RogueKiller Premium detections
Post by: Curson on April 05, 2017, 05:24:41 PM

Hi Mike,

You are very welcome. :)
Thanks for the kind words.

Regards.