Adlice forum
General Category => Malware removal help => Topic started by: somerandom on November 12, 2018, 10:20:19 AM
-
Hello, today I ran Roguekiller, and for the first time it displayed a "Potential Malware" file known as "agldiaod.sys". I have never heard of this name and never found it before on Roguekiller. Google shows nothing.
-
Hi somerandom,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?
Regards.
-
RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov 6 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : Win10Ent [Administrator]
Started from : J:\Users\Asus2\Downloads\New folder\RogueKiller_portable64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/12 20:00:53 (Duration : 00:04:19)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agldiaod -- [%localappdata%\Temp\agldiaod.sys] -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
This was the log from the reported incident. I'm still unsure as to what agldiaod.sys is. Other software finds nothing like this.
-
Hi somerandom,
This is indeed quite strange.
Could you please attach the corresponding JSON report showing these detections ?
Regards.
-
Json. attached.
-
Hi somerandom,
Thanks. Your computer is safe.
The file that was detected is GMER kernel-mode driver. Since its name is random-generated, it's normal that Google didn't find anything.
Regards.