Adlice forum
General Category => Malware removal help => Topic started by: ts427 on October 06, 2015, 06:29:09 AM
-
Hello everyone,
This is my first time here. I am an English speaker mainly, wish I knew French. Please try and bare with me if I do not understand explanations fully. I have been using roguekiller for a while and downloaded a recent version, after the buggy version, and ever since I see a wall of yellow IAT hooks. I never really go to illegitimate website and I am fairly safe on the net so this really scares me. Please help!
Report:
¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84a8547a-a041-49b4-b63b-4180490ec3bd} | DhcpNameServer : 172.16.0.1 ([X]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84a8547a-a041-49b4-b63b-4180490ec3bd} | DhcpNameServer : 172.16.0.1 ([X]) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 38 (Driver: Not loaded [0x20]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetFolderPathEx : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x7659fb70 (jmp dword [0x74a75024])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderItem : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x76662800 (jmp dword [0x74a75030])
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\WINDOWS\SysWOW64\windows.storage.dll @ 0x7665f920 (jmp dword [0x74a7502c])
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x170010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GdiDllInitialize : Unknown @ 0xb80010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ MSCTF.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ shlwapi.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0x790010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) GDI32.dll - GetStockObject : Unknown @ 0xb80050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xb70010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GdiDllInitialize : Unknown @ 0x10c0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ MSCTF.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ SHELL32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ shlwapi.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) KERNEL32.DLL - CreateNamedPipeW : Unknown @ 0xcf0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMDLG32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ ole32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) GDI32.dll - GetStockObject : Unknown @ 0x10c0050
[IAT:Addr(Hook.IEAT)] (chrome.exe @ COMCTL32.dll) USER32.dll - RegisterClassW : Unknown @ 0xd10010
All of these hooks in Chrome? How do I get rid of them? Are these real issues?
-
Hi ts427,
Welcome to Adlice.com Forum.
Your report is clean.
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation (http://www.adlice.com/software/roguekiller/documentation/).
The Chrome's hooks are legit.
Regards.
-
Legit meaning safe right?
-
Hi ts427,
Yes.
Regards.