Adlice forum

General Category => Malware removal help => Topic started by: drwbns on April 03, 2017, 04:43:10 AM

Title: Roguekiller logs
Post by: drwbns on April 03, 2017, 04:43:10 AM

Hi, I had a popup virus that I got rid of but Roguekiller still shows svchost as a problem. Is this a false alarm? Thanks!

Thanks for any help. I had a popup virus that I removed but I want to be sure my system is clean.
 
RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Andrew [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/02/2017 16:30:33 (Duration : 01:43:47)
 
¤¤¤ Processes : 5 ¤¤¤
[Proc.Svchost] svchost.exe(4812) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(2932) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(4408) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(8280) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] nl2f23tl.exe(10612) -- C:\Users\Andrew\Downloads\nl2f23tl.exe[-] -> Found
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Adw.DNSUnlocker][File] C:\Users\Andrew\AppData\Local\NPE\Info20170402120325.xml -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤

Title: Re: Roguekiller logs
Post by: Curson on April 03, 2017, 07:21:37 PM

Hi drwbns,

Welcome to Adlice.com Forum.
Yes, this may be a false positive.

Could you please attach RogueKiller JSON report with your next reply as well as the file named Info20170402120325.xml ?
Do you know the origin and properties of the file nl2f23tl.exe in your Download folder ?

Regards.