Adlice forum
Software feedback => RogueKiller => Topic started by: farnhold on July 22, 2018, 06:52:36 PM
-
Hi, I updated my graphic card through Nvidia exprience and scanned my computer with roguekiller, and I keep receiving this:
1.
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] NvOAWrapperCache.exe(7192) -- C:\Users\XXXXXXXXX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Found
Is this false positive?
2.
+ previously I received
PUM.Dns in registry ending in DhcpNameServer
Is this too false positive? It appeared only once and never again, but also today.
NvOAWrapper keeps appearing after each restart.
Thanks.
-
Hi farnhold,
Welcome to Adlice.com Forum and thanks for your feedback.
This is indeed a false positive. We will whitelist this detection as soon as possible.
As for the PUM.DNS detection, this was also likely a false positive. For more information, please refer to RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
Regards.
-
This is the PUM.Dns that I found. I did not know that roguekiller stores logs, found it out now :D. So here is the log. This is the log from yesterday when I made the post. Do you think this was definitely false positive?
¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{af6688e0-e884-44ba-8f59-df73fd60d6fb} | DhcpNameServer : 150.213.1.2 ([X]) -> Found
First appeared this and then never again. Then started appearing Nvidia Suspicious path after each restart in my post above.
-
Hi farnhold,
Thanks.
This IP does not seems to be in use anymore. Is the name "Norasia" familiar to to you ?
Regards.
-
No, never heard of it. What is it? Btw, google showed timezone of ip coming from country that is not mine.
So, please, do you think it was a false threat or, what was it? What does it all even mean?
I mean, does pum.dns mean that someone elsr was in my computer and I should worry about personal information or it.might have been a modification from, lets say an online game that I played?
Most of all, is it threat or false positive?
Thanks
-
Dude?:) was someone in my computer or was it false positive please?
-
Hi farnhold,
Sorry, it was a busy week.
This IP address was linked to a company called Norasia in the past. In case you did know this name, it may be that you used their DNS sever at some point. Since, that's not it, I can't really explain why this IP was assigned to your network interface.
The IP now points to nothing, so there is nothing malicious going on.
Please don't hesitate to report back if RogueKiller detects it again.
Regards.
-
Thanks a lot for your answers :),last 2 questions:
1. I have internet with dynamic IP, is it possible that perhaps I received IP that belonged to them?
2. you say nothing malicious is happening atm, but if 1. question is wrong, then something malicious may have happened in past?
Or, this all is completely harmless anyway?
I will let you know :)
-
Hi farnhold,
You are welcome. To answer your questions :
1) No, it's really unlikely this IP was assigned to you by your ISP.
2) That's hard to say, but I don't think so since this address is not present in malware analysis databases.
Regard.
-
Thanks a lot for your answers :)
I have version 12.12.28.0 of roguekiller and it still keeps finding NvOAWrapperCache.exe as threat - suspicous path. Hopefully it will be whitelisted in next version :D
This is the current log:
[Suspicious.Path] NvOAWrapperCache.exe(8040) -- C:\Users\XXXXXXX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Killed [TermThr]
Is this still same problem and it is false positive, right?
-
Sorry for bothering you. Just want to verify if this was really not fixed yet and is false positive :D.
Cause day after I reported this Roguekiller had an update ( 12.12.28.0) and yet I was finding it.
Thanks.
-
Hi farnhold,
You are very welcome.
RogueKiller V12.12.29 will be released tomorrow and will contain the fix.
Regards.
-
Thanks a lot for your help and patience :). Appreciate it. I know I had a lot of questions, I apologize for that. Have a nice day :)
-
Hi farnhold,
You are very welcome.
I'm glad I was able to help you. :)
Have a nice day.