Adlice forum

Software feedback => RogueKiller => Topic started by: Dimera on July 07, 2016, 12:59:54 am

Title: Infected with something
Post by: Dimera on July 07, 2016, 12:59:54 am
     

RogueKiller V12.3.2.0 [Jun  6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Administrator]
Started from : C:\Documents and Settings\HP_Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/01/2006 00:28:41

Processes : 0

Registry : 0

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 3 (Driver: Loaded)
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e7027a
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e70448
[Filter(Kernel.Filter)] \Driver\kbdclass @  : Elkbd.sys @  (\??\C:\WINDOWS\System32\Drivers\Elkbd.sys)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] eac73578d9cd2a18f8ce7d3f3e7227d2
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229600 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 470238615 | Size: 8863 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5d8496c3ddfcfdb9f0abf956bf5166a4
[BSP] 5968ddfe53bf008fb694a71a17748eb9 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 1906 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Title: Re: Infected with something
Post by: Curson on July 07, 2016, 12:37:47 pm
Hi Dimera,

Your version of RogueKiller is outdated.
Please download RogueKiller latest version, redo a scan and post the report obtained in your next reply.

Regards.
Title: Re: Infected with something
Post by: Dimera on July 09, 2016, 12:06:52 am
RogueKiller V12.3.7.0 [Jul  4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Administrator]
Started from : J:\RogueKiller.exe
Mode : Scan -- Date : 01/01/2006 00:14:48

Processes : 0

Registry : 0

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 3 (Driver: Loaded)
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e7027a
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e70448
[Filter(Root.Keylogger|Kernel.Filter)] \Driver\kbdclass @  : Elkbd.sys @  (\??\C:\WINDOWS\System32\Drivers\Elkbd.sys)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] eac73578d9cd2a18f8ce7d3f3e7227d2
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229600 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 470238615 | Size: 8863 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5d8496c3ddfcfdb9f0abf956bf5166a4
[BSP] 5968ddfe53bf008fb694a71a17748eb9 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 1906 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Title: Re: Infected with something
Post by: Curson on July 11, 2016, 01:31:44 pm
Hi Dimera,

These entries are false positives.
This will be fixed as soon as possible.

Regards.
Title: Re: Infected with something
Post by: Dimera on July 13, 2016, 09:29:05 pm
So every other program i have used has picked up something as well.  Are those "false" as well?  My computer has changed time all by itself.  I can not connect to the internet on it.
Title: Re: Infected with something
Post by: Curson on July 13, 2016, 10:14:04 pm
Hi Dimera,

Please attach the detections reports of those tools in your next reply.

Regards.