Adlice forum
Software feedback => RogueKiller => Topic started by: dieselpots on July 08, 2018, 12:44:01 PM
-
hello. what should i do about this ? i will attach files. (json and txt)
also i think my network is strange i am using TCPView if anyone is experienced with networking and wants to help with that.
thanks for great software and support! :D :D
-
Hi Haned,
Welcome to Adlice.com Forum.
What do you mean by strange ? Did you install netcut on your own ?
Please select the following entry for deletion :
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
We need to retrieve more information, for the [Run.PE] detection.
Please follow the following process :
- Download Process Explorer (x64) (http://live.sysinternals.com/procexp64.exe) and save it to your desktop.
- Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
- Locate the process named RtkNGUI64.exe, do a right click on it and select Create Dump > Create Full Dump...
- Save the dump on your desktop and compress it.
- Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.
Regards.
-
Hi Haned,
Welcome to Adlice.com Forum.
What do you mean by strange ? Did you install netcut on your own ?
Please select the following entry for deletion :
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
We need to retrieve more information, for the [Run.PE] detection.
Please follow the following process :
- Download Process Explorer (x64) (http://live.sysinternals.com/procexp64.exe) and save it to your desktop.
- Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
- Locate the process named RtkNGUI64.exe, do a right click on it and select Create Dump > Create Full Dump...
- Save the dump on your desktop and compress it.
- Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.
Regards.
Thank you for your quick reply and help I really appreciate it. I installed (then uninstalled) netcut yes.
I deleted what you told me to delete, and here is the dump: https://ufile.io/dq5ej
Thank you again! :)
I guess I suspect that I have something infected.. I am not that experienced when it comes to these things.. I'll say it again lol I appreciate all the help!
-
Hi Haned,
The analysis of the dump concluded to a false positive.
Could you please attach the file RtkNGUI64.exe itself in your next message to help us fix this ?
Could you please also attach the log of the tool that detected malware in the "steam" folder ? It may be a false positive, since no malware should be able to survive a fresh install of Windows 10.
Regards.
-
Hi Haned,
The analysis of the dump concluded to a false positive.
Could you please attach the file RtkNGUI64.exe itself in your next message to help us fix this ?
Could you please also attach the log of the tool that detected malware in the "steam" folder ? It may be a false positive, since no malware should be able to survive a fresh install of Windows 10.
Regards.
Hi okay that sounds good but I am still almost certain something is wrong.. I don't have any logs left for the detected malware on my previous OS. Sorry!
Here is the RtkNGUI64.exe and related files in the same folder: https://ufile.io/ejrah
Thank you!!
-
Hi dieselpots,
Thanks.
We will do an analysis and get back to you as soon as possible.
Regards.