Adlice forum

Software feedback => RogueKiller => Topic started by: Sooki808 on January 29, 2015, 11:00:14 PM

Title: How Do I Know What To Remove? (RootKit)
Post by: Sooki808 on January 29, 2015, 11:00:14 PM

I just ran RK and it came up clean except for a bunch of stuff in the AntiRootKit tab. How do I know which ones to get rid of? I've run Malwarebytes and Avast - both saying my computer is clean. I've looked up the names of several of these and it seems they are possibly part of Windows? I'm confused.

Here is a copy of my report:

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sooki [Administrator]
Mode : Scan -- Date : 01/29/2015  11:44:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 0hhds3ij.default : user_pref("browser.startup.homepage", "http://facebook.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] a057a4d7624cac57913ebddea215b676
[BSP] 27b00198999261e466b2a5918339f458 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 26d5f589281eb5a5c4bac83fed5ffcb4
[BSP] 564abe32b353da117b76ddc5c328125e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_01292015_104358.log - RKreport_SCN_01292015_104257.log - RKreport_SCN_01292015_104524.log

Title: Re: How Do I Know What To Remove? (RootKit)
Post by: Sooki808 on January 29, 2015, 11:10:19 PM

I just looked at the report I posted and I'm even more confused as it seems to report nothing for the rootkits, yet, on my screen, I have dozens of detections in green. Most of them have IRP names.

Title: Re: How Do I Know What To Remove? (RootKit)
Post by: Curson on January 30, 2015, 01:54:19 AM

Hi Sooki808,

Welcome to Adlice.com Forum.

Your report is clean.
The lines which are highlighted in green in the Rootkit section are legit elements which should not be removed.

Note : This thread has been moved to the "RogueKiller" section for clarity.