Adlice forum

Software feedback => RogueKiller => Topic started by: swids@sbcglobal.net on July 28, 2015, 03:29:59 PM

Title: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
Post by: swids@sbcglobal.net on July 28, 2015, 03:29:59 PM

Hello,

Dell Inspiron 1545 notebook, running Windows 7 Home Premium SP1.
Suspecting malware or spyware, ran many scans.  Nothing of concern found, until I used RogueKiller.

Found 2 of these items in the Registry.  No other detections, neither by Rogue Killer nor Vipre, ESET or Kaspersky tools.
RK_Software_ON_E_95FC, so went into registry to look:
  Classes
  Microsoft
  ODBC
  Policies
and right below it, another key that was not detected as malware by anyone, yet it looks similar...
RK_Software_ON_E_D1AC
  ControlSet001
  RNG
  Select
  Setup


Here are the details of this one:

RK_Software_ON_E_95FC
  Microsoft
   Windows
    CurrentVersion
     Winlogon
        Userinit          Userinit.exe
        Shell              cmd.exe /k start cmd.exe
   


Questions:
Is this a false positive?
Should this be cause for alarm?  Is this a targeted attack?
Who is the author of this rare code?
Can I safely delete it?

Thanks,  M

Title: Re: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
Post by: Curson on July 30, 2015, 06:33:26 PM

Hi  swidshatsbcglobal.net,

Welcome to Adlice.com Forum.

RK_Software are hives from external disks loaded by RogueKiller during a scan.
They are perfectly legit but you could remove them if you want.

Regards.

Title: Re: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
Post by: Tigzy on August 08, 2015, 05:48:30 PM

Hello,
@Curson, looks more like a bug to me. I've already seen that.

@swds, could you provide full scan report with that detection please?