Messages

1

RogueKiller / Re: Error

« on: March 27, 2020, 12:57:20 AM »

Thank you.

2

RogueKiller / Error

« on: March 25, 2020, 03:24:41 PM »

I have an XP user who gets this error when trying to install RK:

Runtime Error (at -1:0)
Cannot Import dll:C:DOCUME~1\SUSANB~1\LOCALS~1\Temp\is-E6HBG.tmp\roguekillerdll.dll

Any ideas?

Nina

3

RogueKiller / Re: What can sefely be fixed?

« on: December 31, 2019, 10:47:15 AM »

Thanks for the reply and your help so far. I'll see how it pans out.

As this is not a SmartService infection and the OP is having trouble with the RE, I may try MBAR to deal with the rootkit and take it from there.

Nina

4

RogueKiller / Re: What can sefely be fixed?

« on: December 29, 2019, 03:44:46 PM »

OP has sent another json which is all gobbldygook to me. Too long to post but reply is here:

https://forums.whatthetech.com/index.php?showtopic=132142&view=findpost&p=889986

Thanks

Nina

5

RogueKiller / Re: What can sefely be fixed?

« on: December 28, 2019, 10:01:49 PM »

Haven't got a clue if this is the report you wanted bt this is what the OP sent:

https://forums.whatthetech.com/index.php?showtopic=132142&view=findpost&p=889977

The FRST log I asked for was incomplete and have asked for the whole log. I'll let you know the outcome.

6

RogueKiller / Re: What can sefely be fixed?

« on: December 26, 2019, 12:54:36 PM »

Thanks for the information.

It doesn't appear to be a SmartService infection, which was my first thought, but a Baidu Cloud infection.

I haven't come across anything quite as bad as this but this topic also had a similar one:

https://www.bleepingcomputer.com/forums/t/633736/some-unknown-program-is-trying-to-change-my-homepage-some-pop-up-ads/

I've asked for the json log and will post here when I get it.

7

RogueKiller / Re: What can sefely be fixed?

« on: December 25, 2019, 09:54:19 AM »

I asked them to run a cmd command as follows:

RogueKillerCMD.exe -scan -params "-reportpath """C:\report.json""""

It didn't work. Please see the topic.

8

RogueKiller / Re: What can sefely be fixed?

« on: December 23, 2019, 11:32:55 PM »

No reply yet but topic is here:

https://forums.whatthetech.com/index.php?showtopic=132142

9

RogueKiller / Re: What can sefely be fixed?

« on: December 23, 2019, 05:44:30 PM »

Will do when I hear from them.

10

RogueKiller / What can sefely be fixed?

« on: December 23, 2019, 02:39:10 PM »

I have a user whose PC is heavily infected and before dealing with locked files and fixes using FRST, I'd like to know what to do with these - is it safe to 'fix' them?

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Proc.Svchost (Malicious)] svchost.exe (3980) -- C:\Windows\SysWOW64\svchost.exe -> Found
[Proc.Svchost (Malicious)] svchost.exe (3992) -- C:\Windows\SysWOW64\svchost.exe -> Found
[Proc.Svchost (Malicious)] svchost.exe (2332) -- C:\Windows\SysWOW64\svchost.exe -> Found
[Proc.Svchost (Malicious)] svchost.exe (9800) -- C:\Windows\SysWOW64\svchost.exe -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Hidden.From.Registry (Malicious)] Msfs (0) -- N/A -> Found
[Hidden.From.Registry (Malicious)] mshidkmdf (0) -- \SystemRoot\System32\drivers\mshidkmdf.sys -> Found
[Hidden.From.Registry (Malicious)] mshidumdf (0) -- \SystemRoot\System32\drivers\mshidumdf.sys -> Found
[Hidden.From.Registry (Malicious)] MSKSSRV (0) -- \SystemRoot\System32\drivers\MSKSSRV.sys -> Found
[Hidden.From.Registry (Malicious)] msiserver (0) -- C:\WINDOWS\system32\msiexec.exe /V -> Found

Satchfan

11

News/Updates / Re: RogueKiller 13

« on: November 20, 2019, 05:01:07 PM »

Thanks Tigzy.